rpms
/
coreutils
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

auto-import changelog data from coreutils-5.2.1-3.src.rpm 

Tue Mar 16 2004 Dan Walsh <dwalsh@redhat.com> 5.2.1-3
- If preserve fails, report as warning unless user requires preserve
Tue Mar 16 2004 Dan Walsh <dwalsh@redhat.com> 5.2.1-2
- Make mv default to preserve on context
Sat Mar 13 2004 Tim Waugh <twaugh@redhat.com> 5.2.1-1
- 5.2.1.
Fri Mar 12 2004 Tim Waugh <twaugh@redhat.com> 5.2.0-9
- Add '-Z' to 'ls --help' output (bug #118108).
Fri Mar 05 2004 Tim Waugh <twaugh@redhat.com>
- Fix deref-args test case for rebuilding under SELinux (bug #117556).
This commit is contained in:
cvsdist 2004-09-09 03:58:39 +00:00
parent 9a3c57e7ce
commit 5adf0da3ed
6 changed files with 6166 additions and 1809 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.cvsignore
View File

@ -1 +1 @@
coreutils-5.0.tar.bz2
coreutils-5.2.1.tar.bz2

4097
coreutils-i18n.patch Normal file
View File

File diff suppressed because it is too large Load Diff

353
coreutils-pam.patch Normal file
View File

@ -0,0 +1,353 @@
--- coreutils-5.2.0/src/Makefile.am.pam 2004-02-23 17:40:54.000000000 +0000
+++ coreutils-5.2.0/src/Makefile.am 2004-02-23 17:40:54.000000000 +0000
@@ -66,7 +66,7 @@
uptime_LDADD = $(LDADD) $(GETLOADAVG_LIBS)
-su_LDADD = $(LDADD) $(LIB_CRYPT)
+su_LDADD = $(LDADD) $(LIB_CRYPT) @LIB_PAM@
$(PROGRAMS): ../lib/libfetish.a
--- coreutils-5.2.0/src/su.c.pam 2004-02-23 17:40:54.000000000 +0000
+++ coreutils-5.2.0/src/su.c 2004-02-23 17:40:54.000000000 +0000
@@ -38,6 +38,16 @@
restricts who can su to UID 0 accounts. RMS considers that to
be fascist.
+#ifdef USE_PAM
+
+ Actually, with PAM, su has nothing to do with whether or not a
+ wheel group is enforced by su. RMS tries to restrict your access
+ to a su which implements the wheel group, but PAM considers that
+ to be fascist, and gives the user/sysadmin the opportunity to
+ enforce a wheel group by proper editing of /etc/pam.conf
+
+#endif
+
Options:
-, -l, --login Make the subshell a login shell.
Unset all environment variables except
@@ -81,6 +91,14 @@
prototype (returning `int') in <unistd.h>. */
#define getusershell _getusershell_sys_proto_
+#ifdef USE_PAM
+# include <security/pam_appl.h>
+# include <security/pam_misc.h>
+# include <signal.h>
+# include <sys/wait.h>
+# include <sys/fsuid.h>
+#endif /* USE_PAM */
+
#include "system.h"
#include "dirname.h"
@@ -150,7 +168,9 @@
/* The user to become if none is specified. */
#define DEFAULT_USER "root"
+#ifndef USE_PAM
char *crypt ();
+#endif
char *getpass ();
char *getusershell ();
void endusershell ();
@@ -158,8 +178,12 @@
extern char **environ;
-static void run_shell (const char *, const char *, char **)
+static void run_shell (const char *, const char *, char **, const struct passwd *)
+#ifdef USE_PAM
+ ;
+#else
ATTRIBUTE_NORETURN;
+#endif
/* The name this program was run with. */
char *program_name;
@@ -271,7 +295,22 @@
}
#endif
+#ifdef USE_PAM
+static pam_handle_t *pamh = NULL;
+static int retval;
+static struct pam_conv conv = {
+ misc_conv,
+ NULL
+};
+
+#define PAM_BAIL_P if (retval) { \
+ pam_end(pamh, PAM_SUCCESS); \
+ return 0; \
+}
+#endif
+
/* Ask the user for a password.
+ If PAM is in use, let PAM ask for the password if necessary.
Return 1 if the user gives the correct password for entry PW,
0 if not. Return 1 without asking for a password if run by UID 0
or if PW has an empty password. */
@@ -279,6 +318,34 @@
static int
correct_password (const struct passwd *pw)
{
+#ifdef USE_PAM
+ struct passwd *caller;
+ retval = pam_start(PROGRAM_NAME, pw->pw_name, &conv, &pamh);
+ PAM_BAIL_P;
+
+ if (getuid() != 0 && !isatty(0)) {
+ fprintf(stderr, "standard in must be a tty\n");
+ exit(1);
+ }
+
+ caller = getpwuid(getuid());
+ if(caller != NULL && caller->pw_name != NULL) {
+ retval = pam_set_item(pamh, PAM_RUSER, caller->pw_name);
+ PAM_BAIL_P;
+ }
+
+ retval = pam_authenticate(pamh, 0);
+ PAM_BAIL_P;
+ retval = pam_acct_mgmt(pamh, 0);
+ if (retval == PAM_NEW_AUTHTOK_REQD) {
+ /* password has expired. Offer option to change it. */
+ retval = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
+ PAM_BAIL_P;
+ }
+ PAM_BAIL_P;
+ /* must be authenticated if this point was reached */
+ return 1;
+#else /* !USE_PAM */
char *unencrypted, *encrypted, *correct;
#if HAVE_GETSPNAM && HAVE_STRUCT_SPWD_SP_PWDP
/* Shadow passwd stuff for SVR3 and maybe other systems. */
@@ -303,6 +370,7 @@
encrypted = crypt (unencrypted, correct);
memset (unencrypted, 0, strlen (unencrypted));
return strcmp (encrypted, correct) == 0;
+#endif /* !USE_PAM */
}
/* Update `environ' for the new shell based on PW, with SHELL being
@@ -312,16 +380,24 @@
modify_environment (const struct passwd *pw, const char *shell)
{
char *term;
+ char *display;
+ char *xauthority;
if (simulate_login)
{
- /* Leave TERM unchanged. Set HOME, SHELL, USER, LOGNAME, PATH.
+ /* Leave TERM, DISPLAY, XAUTHORITY unchanged. Set HOME, SHELL, USER, LOGNAME, PATH.
Unset all other environment variables. */
term = getenv ("TERM");
+ display = getenv ("DISPLAY");
+ xauthority = getenv ("XAUTHORITY");
environ = xmalloc (2 * sizeof (char *));
environ[0] = 0;
if (term)
xputenv (concat ("TERM", "=", term));
+ if (display)
+ xputenv (concat ("DISPLAY", "=", display));
+ if (xauthority)
+ xputenv (concat ("XAUTHORITY", "=", xauthority));
xputenv (concat ("HOME", "=", pw->pw_dir));
xputenv (concat ("SHELL", "=", shell));
xputenv (concat ("USER", "=", pw->pw_name));
@@ -358,22 +434,73 @@
error (EXIT_FAIL, errno, _("cannot set groups"));
endgrent ();
#endif
+#ifdef USE_PAM
+ retval = pam_setcred(pamh, PAM_ESTABLISH_CRED);
+ if (retval != PAM_SUCCESS)
+ error (1, 0, pam_strerror(pamh, retval));
+#endif /* USE_PAM */
if (setgid (pw->pw_gid))
error (EXIT_FAIL, errno, _("cannot set group id"));
if (setuid (pw->pw_uid))
error (EXIT_FAIL, errno, _("cannot set user id"));
}
+#ifdef USE_PAM
+static int caught=0;
+/* Signal handler for parent process later */
+static void su_catch_sig(int sig)
+{
+ ++caught;
+}
+
+int
+pam_copyenv (pam_handle_t *pamh)
+{
+ char **env;
+
+ env = pam_getenvlist(pamh);
+ if(env) {
+ while(*env) {
+ xputenv(*env);
+ env++;
+ }
+ }
+ return(0);
+}
+#endif
+
/* Run SHELL, or DEFAULT_SHELL if SHELL is empty.
If COMMAND is nonzero, pass it to the shell with the -c option.
If ADDITIONAL_ARGS is nonzero, pass it to the shell as more
arguments. */
static void
-run_shell (const char *shell, const char *command, char **additional_args)
+run_shell (const char *shell, const char *command, char **additional_args, const struct passwd *pw)
{
const char **args;
int argno = 1;
+#ifdef USE_PAM
+ int child;
+ sigset_t ourset;
+ int status;
+
+ retval = pam_open_session(pamh,0);
+ if (retval != PAM_SUCCESS) {
+ fprintf (stderr, "could not open session\n");
+ exit (1);
+ }
+
+/* do this at the last possible moment, because environment variables may
+ be passed even in the session phase
+*/
+ if(pam_copyenv(pamh) != PAM_SUCCESS)
+ fprintf (stderr, "error copying PAM environment\n");
+
+ child = fork();
+ if (child == 0) { /* child shell */
+ change_identity (pw);
+ pam_end(pamh, 0);
+#endif
if (additional_args)
args = xmalloc (sizeof (char *)
@@ -385,6 +512,9 @@
char *arg0;
char *shell_basename;
+ if(chdir(pw->pw_dir))
+ error(0, errno, _("warning: cannot change directory to %s"), pw->pw_dir);
+
shell_basename = base_name (shell);
arg0 = xmalloc (strlen (shell_basename) + 2);
arg0[0] = '-';
@@ -411,6 +541,61 @@
error (0, errno, "%s", shell);
exit (exit_status);
}
+#ifdef USE_PAM
+ } else if (child == -1) {
+ fprintf(stderr, "can not fork user shell: %s", strerror(errno));
+ exit(1);
+ }
+ /* parent only */
+ sigfillset(&ourset);
+ if (sigprocmask(SIG_BLOCK, &ourset, NULL)) {
+ fprintf(stderr, "%s: signal malfunction\n", PROGRAM_NAME);
+ caught = 1;
+ }
+ if (!caught) {
+ struct sigaction action;
+ action.sa_handler = su_catch_sig;
+ sigemptyset(&action.sa_mask);
+ action.sa_flags = 0;
+ sigemptyset(&ourset);
+ if (sigaddset(&ourset, SIGTERM)
+ || sigaddset(&ourset, SIGALRM)
+ || sigaction(SIGTERM, &action, NULL)
+ || sigprocmask(SIG_UNBLOCK, &ourset, NULL)) {
+ fprintf(stderr, "%s: signal masking malfunction\n", PROGRAM_NAME);
+ caught = 1;
+ }
+ }
+ if (!caught) {
+ do {
+ int pid;
+
+ pid = waitpid(-1, &status, WUNTRACED);
+
+ if (WIFSTOPPED(status)) {
+ kill(getpid(), SIGSTOP);
+ /* once we get here, we must have resumed */
+ kill(pid, SIGCONT);
+ }
+ } while (WIFSTOPPED(status));
+ }
+
+ if (caught) {
+ fprintf(stderr, "\nSession terminated, killing shell...");
+ kill (child, SIGTERM);
+ }
+ retval = pam_close_session(pamh, 0);
+ PAM_BAIL_P;
+ retval = pam_end(pamh, PAM_SUCCESS);
+ PAM_BAIL_P;
+ if (caught) {
+ sleep(2);
+ kill(child, SIGKILL);
+ fprintf(stderr, " ...killed.\n");
+ exit(-1);
+ }
+ exit (WEXITSTATUS(status));
+#endif /* USE_PAM */
}
/* Return 1 if SHELL is a restricted shell (one not returned by
@@ -586,9 +771,13 @@
}
modify_environment (pw, shell);
+
+#ifdef USE_PAM
+ setfsuid(pw->pw_uid);
+ setfsgid(pw->pw_gid);
+#else
change_identity (pw);
- if (simulate_login && chdir (pw->pw_dir))
- error (0, errno, _("warning: cannot change directory to %s"), pw->pw_dir);
+#endif
- run_shell (shell, command, additional_args);
+ run_shell (shell, command, additional_args, pw);
}
--- coreutils-5.2.0/configure.ac.pam 2004-02-23 17:40:54.000000000 +0000
+++ coreutils-5.2.0/configure.ac 2004-02-23 17:40:54.000000000 +0000
@@ -7,6 +7,13 @@
AM_INIT_AUTOMAKE([1.8 gnits dist-bzip2])
+dnl Give the chance to enable PAM
+AC_ARG_ENABLE(pam, dnl
+[ --enable-pam Enable use of the PAM libraries],
+[AC_DEFINE(USE_PAM, 1, [Define if you want to use PAM])
+LIB_PAM="-ldl -lpam -lpam_misc"
+AC_SUBST(LIB_PAM)])
+
gl_DEFAULT_POSIX2_VERSION
gl_USE_SYSTEM_EXTENSIONS
jm_PERL
--- coreutils-5.2.0/config.hin.pam 2004-02-23 17:40:54.000000000 +0000
+++ coreutils-5.2.0/config.hin 2004-02-23 17:40:54.000000000 +0000
@@ -1365,6 +1365,9 @@
/* Define if you want access control list support. */
#undef USE_ACL
+/* Define if you want to use PAM */
+#undef USE_PAM
+
/* Version number of package */
#undef VERSION

3372
coreutils-selinux.patch
View File

File diff suppressed because it is too large Load Diff

149
coreutils.spec
View File

@ -3,8 +3,8 @@
%endif
Summary: The GNU core utilities: a set of tools commonly used in shell scripts
Name: coreutils
Version: 5.0
Release: 39
Version: 5.2.1
Release: 3
License: GPL
Group: System Environment/Base
Url: ftp://alpha.gnu.org/gnu/coreutils/
@ -12,73 +12,41 @@ Url: ftp://alpha.gnu.org/gnu/coreutils/
BuildRequires: libselinux-devel
%endif
Source0: ftp://prep.ai.mit.edu/pub/gnu/%name/%name-%version.tar.bz2
Source0: ftp://ftp.gnu.org/gnu/%{name}/%{name}-%{version}.tar.bz2
Source101: DIR_COLORS
Source102: DIR_COLORS.xterm
Source105: colorls.sh
Source106: colorls.csh
Source200: su.pamd
Source201: help2man
# fileutils
Patch101: fileutils-4.0-spacedir.patch
Patch102: fileutils-4.0s-sparc.patch
Patch103: coreutils-4.5.2-trunc.patch
Patch105: coreutils-4.5.2-C.patch
Patch107: fileutils-4.1.10-timestyle.patch
Patch108: fileutils-4.1.5-afs.patch
Patch111: coreutils-4.5.2-dumbterm.patch
Patch112: fileutils-4.0u-glibc22.patch
Patch114: fileutils-4.1-restorecolor.patch
Patch115: fileutils-4.1.1-FBoptions.patch
Patch1155: fileutils-4.1-force-option--override--interactive-option.patch
Patch116: fileutils-4.1-dircolors_c.patch
Patch117: fileutils-4.1-ls_c.patch
Patch118: fileutils-4.1-ls_h.patch
Patch153: fileutils-4.1.10-utmp.patch
Patch182: coreutils-4.5.3-acl.patch
Patch183: coreutils-4.5.3-aclcompile.patch
Patch188: coreutils-4.5.3-suidfail.patch
Patch189: coreutils-4.5.3-stoneage.patch
# textutils
Patch502: textutils-2.0.21-man.patch
Patch182: coreutils-acl.patch
# sh-utils
Patch702: sh-utils-2.0-utmp.patch
Patch703: sh-utils-2.0.11-dateman.patch
Patch704: sh-utils-1.16-paths.patch
# RMS will never accept the PAM patch because it removes his historical
# rant about Twenex and the wheel group, so we'll continue to maintain
# it here indefinitely.
Patch706: coreutils-4.5.2-pam.patch
Patch710: sh-utils-2.0-rfc822.patch
Patch711: coreutils-4.5.3-hname.patch
Patch712: coreutils-4.5.3-chdir.patch
Patch706: coreutils-pam.patch
Patch713: coreutils-4.5.3-langinfo.patch
Patch714: coreutils-4.5.3-printf-ll.patch
Patch715: coreutils-4.5.3-sysinfo.patch
Patch716: coreutils-4.5.3-nogetline.patch
# (sb) lin18nux/lsb compliance
Patch800: coreutils-4.5.3-i18n.patch
Patch800: coreutils-i18n.patch
# Think the test suite failure is a bug..
Patch900: coreutils-4.5.3-test-bugs.patch
Patch901: coreutils-4.5.3-signal.patch
Patch903: coreutils-4.5.3-manpage.patch
Patch904: coreutils-5.0-allow_old_options.patch
Patch905: coreutils-5.0-90563.patch
Patch906: coreutils-5.0-datealign.patch
Patch907: coreutils-largefile.patch
Patch908: coreutils-5.0-md5.patch
Patch909: coreutils-lsw.patch
Patch910: coreutils-lsw2.patch
Patch911: coreutils-nonerequired.patch
#SELINUX Patch
%if %{WITH_SELINUX}
Patch950: coreutils-selinux.patch
Patch951: coreutils-ls-stat.patch
%endif
BuildRoot: %_tmppath/%{name}-root
@ -106,64 +74,34 @@ the old GNU fileutils, sh-utils, and textutils packages.
%setup -q
# fileutils
%patch101 -p1 -b .space
%patch102 -p1 -b .sparc
%patch103 -p0 -b .trunc
%patch105 -p0 -b .Coption
%patch107 -p1 -b .timestyle
%patch108 -p1 -b .afs
%patch111 -p0 -b .dumbterm
%patch112 -p1 -b .glibc22
%patch114 -p1 -b .restore
%patch115 -p1 -b .FBopts
%patch1155 -p1
%patch116 -p1
%patch117 -p1
%patch118 -p1
%patch153 -p1
%patch182 -p1 -b .acl
%patch183 -p1 -b .aclcompile
%patch188 -p1 -b .suidfail
%patch189 -p1 -b .stoneage
# textutils
# patch in new ALL_LINGUAS
%patch502 -p1
# sh-utils
%patch702 -p1 -b .utmp
%patch703 -p1 -b .dateman
%patch704 -p1 -b .paths
%patch706 -p1 -b .pam
%patch710 -p1 -b .rfc822
%patch711 -p1 -b .hname
%patch712 -p1 -b .chdir
%patch713 -p1 -b .langinfo
%patch714 -p1 -b .printf-ll
%patch715 -p1 -b .sysinfo
%patch716 -p1 -b .nogetline
# li18nux/lsb
%patch800 -p1 -b .i18n
# Coreutils
%patch900 -p1 -b .test-bugs
%patch901 -p1 -b .signal
%patch903 -p1 -b .manpage
%patch904 -p1 -b .allow_old_options
%patch905 -p0 -b .90563
%patch906 -p1 -b .datealign
%patch907 -p1 -b .largefile
%patch908 -p1 -b .md5
%patch909 -p1 -b .lsw
%patch910 -p1 -b .lsw2
%patch911 -p1 -b .nonerequired
%if %{WITH_SELINUX}
#SELinux
%patch950 -p1 -b .selinux
%patch951 -p1 -b .ls-stat
%endif
# Don't run basic-1 test, since it breaks when run in the background
# (bug #102033).
perl -pi -e 's/basic-1//g' tests/stty/Makefile*
@ -171,14 +109,10 @@ perl -pi -e 's/basic-1//g' tests/stty/Makefile*
%build
%{expand:%%global optflags %{optflags} -D_GNU_SOURCE=1}
touch aclocal.m4 configure config.hin Makefile.in */Makefile.in */*/Makefile.in
cp %SOURCE201 man/help2man
chmod +x man/help2man
HELP2MAN=$(pwd)/man/help2man
export HELP2MAN
aclocal -I m4
autoconf --force
automake --copy --force
%configure --enable-largefile %{?!nopam:--enable-pam} \
%configure --enable-largefile --with-afs %{?!nopam:--enable-pam} \
%if %{WITH_SELINUX}
--enable-selinux \
%endif
@ -233,14 +167,12 @@ install -c -m755 %SOURCE106 $RPM_BUILD_ROOT/etc/profile.d
install -m 4755 src/su $RPM_BUILD_ROOT/bin
# These come from util-linux and/or procps.
for i in hostname uptime ; do
for i in hostname uptime kill ; do
rm -f $RPM_BUILD_ROOT{%_bindir/$i,%_mandir/man1/${i}.1}
done
%{?!nopam:install -m 644 %SOURCE200 $RPM_BUILD_ROOT%_sysconfdir/pam.d/su}
ln -sf test $RPM_BUILD_ROOT%_bindir/[
bzip2 -f9 old/*/C* || :
%find_lang %name
@ -293,6 +225,65 @@ fi
%_sbindir/chroot
%changelog
* Tue Mar 16 2004 Dan Walsh <dwalsh@redhat.com> 5.2.1-3
- If preserve fails, report as warning unless user requires preserve
* Tue Mar 16 2004 Dan Walsh <dwalsh@redhat.com> 5.2.1-2
- Make mv default to preserve on context
* Sat Mar 13 2004 Tim Waugh <twaugh@redhat.com> 5.2.1-1
- 5.2.1.
* Fri Mar 12 2004 Tim Waugh <twaugh@redhat.com> 5.2.0-9
- Add '-Z' to 'ls --help' output (bug #118108).
* Fri Mar 5 2004 Tim Waugh <twaugh@redhat.com>
- Fix deref-args test case for rebuilding under SELinux (bug #117556).
* Wed Feb 25 2004 Tim Waugh <twaugh@redhat.com> 5.2.0-8
- kill(1) offloaded to util-linux altogether.
* Tue Feb 24 2004 Tim Waugh <twaugh@redhat.com> 5.2.0-7
- Ship the real '[', not a symlink.
* Mon Feb 23 2004 Tim Waugh <twaugh@redhat.com> 5.2.0-6
- Apply Paul Eggert's chown patch (bug #116536).
- Merged chdir patch into pam patch where it belongs.
* Mon Feb 23 2004 Tim Waugh <twaugh@redhat.com> 5.2.0-5
- Fixed i18n patch bug causing sort -M not to work (bug #116575).
* Sat Feb 21 2004 Tim Waugh <twaugh@redhat.com> 5.2.0-4
- Reinstate kill binary, just not its man page (bug #116463).
* Sat Feb 21 2004 Tim Waugh <twaugh@redhat.com> 5.2.0-3
- Updated ls-stat patch.
* Fri Feb 20 2004 Dan Walsh <dwalsh@redhat.com> 5.2.0-2
- fix chcon to ignore . and .. directories for recursing
* Fri Feb 20 2004 Tim Waugh <twaugh@redhat.com> 5.2.0-1
- Patch ls so that failed stat() is handled gracefully (Ulrich Drepper).
- 5.2.0.
* Thu Feb 19 2004 Tim Waugh <twaugh@redhat.com>
- More AFS patch tidying.
* Wed Feb 18 2004 Dan Walsh <dwalsh@redhat.com> 5.1.3-0.2
- fix chcon to handle -h qualifier properly, eliminate potential crash
* Wed Feb 18 2004 Tim Waugh <twaugh@redhat.com>
- Stop 'sort -g' leaking memory (i18n patch bug #115620).
- Don't ship kill, since util-linux already does.
- Tidy AFS patch.
* Mon Feb 16 2004 Tim Waugh <twaugh@redhat.com> 5.1.3-0.1
- 5.1.3.
- Patches ported forward or removed.
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com> 5.0-40
- rebuilt
* Tue Jan 20 2004 Dan Walsh <dwalsh@redhat.com> 5.0-39
- Change /etc/pam.d/su to remove preservuser and add multiple

2
sources
View File

@ -1 +1 @@
94e5558ee2a65723d4840bfde2d323f0 coreutils-5.0.tar.bz2
172ee3c315af93d3385ddfbeb843c53f coreutils-5.2.1.tar.bz2