rpms
/
shadow-utils
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

- Rebase to version 4.11.1 (#2034038) 

- Fix release sources
- Add explicit subid requirement for subid-devel

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
This commit is contained in:
Iker Pedrosa 2022-01-26 09:29:37 +01:00
parent bfa562aaf2
commit 2b851f7e96
20 changed files with 276 additions and 4397 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

456
shadow-4.9-audit-update.patch → shadow-4.11.1-audit-update.patch
View File

File diff suppressed because it is too large Load Diff

22
shadow-4.11.1-null-tm.patch Normal file
View File

@ -0,0 +1,22 @@
diff -up shadow-4.11.1/src/chage.c.null-tm shadow-4.11.1/src/chage.c
diff -up shadow-4.11.1/src/lastlog.c.null-tm shadow-4.11.1/src/lastlog.c
--- shadow-4.11.1/src/lastlog.c.null-tm 2022-01-03 15:31:56.348555620 +0100
+++ shadow-4.11.1/src/lastlog.c 2022-01-03 15:38:41.262229024 +0100
@@ -151,9 +151,12 @@ static void print_one (/*@null@*/const s
ll_time = ll.ll_time;
tm = localtime (&ll_time);
- strftime (ptime, sizeof (ptime), "%a %b %e %H:%M:%S %z %Y", tm);
- cp = ptime;
-
+ if (tm == NULL) {
+ cp = "(unknown)";
+ } else {
+ strftime (ptime, sizeof (ptime), "%a %b %e %H:%M:%S %z %Y", tm);
+ cp = ptime;
+ }
if (ll.ll_time == (time_t) 0) {
cp = _("**Never logged in**\0");
}
diff -up shadow-4.11.1/src/passwd.c.null-tm shadow-4.11.1/src/passwd.c
diff -up shadow-4.11.1/src/usermod.c.null-tm shadow-4.11.1/src/usermod.c

16
shadow-4.9-redhat.patch → shadow-4.11.1-redhat.patch
View File

@ -1,7 +1,7 @@
diff -up shadow-4.9/src/useradd.c.redhat shadow-4.9/src/useradd.c
--- shadow-4.9/src/useradd.c.redhat 2021-07-22 23:55:35.000000000 +0200
+++ shadow-4.9/src/useradd.c 2021-08-02 11:45:11.942867250 +0200
@@ -104,7 +104,7 @@ FILE *shadow_logfd = NULL;
diff -up shadow-4.11.1/src/useradd.c.redhat shadow-4.11.1/src/useradd.c
--- shadow-4.11.1/src/useradd.c.redhat 2022-01-03 01:46:53.000000000 +0100
+++ shadow-4.11.1/src/useradd.c 2022-01-03 14:53:12.988484829 +0100
@@ -82,7 +82,7 @@ const char *Prog;
static gid_t def_group = 1000;
static const char *def_gname = "other";
static const char *def_home = "/home";
@ -9,8 +9,8 @@ diff -up shadow-4.9/src/useradd.c.redhat shadow-4.9/src/useradd.c
+static const char *def_shell = "/sbin/nologin";
static const char *def_template = SKEL_DIR;
static const char *def_create_mail_spool = "yes";
@@ -114,7 +114,7 @@ static const char *def_expire = "";
static const char *def_log_init = "yes";
@@ -93,7 +93,7 @@ static const char *def_expire = "";
#define VALID(s) (strcspn (s, ":\n") == strlen (s))
static const char *user_name = "";
@ -19,7 +19,7 @@ diff -up shadow-4.9/src/useradd.c.redhat shadow-4.9/src/useradd.c
static uid_t user_id;
static gid_t user_gid;
static const char *user_comment = "";
@@ -1204,9 +1204,9 @@ static void process_flags (int argc, cha
@@ -1219,9 +1219,9 @@ static void process_flags (int argc, cha
};
while ((c = getopt_long (argc, argv,
#ifdef WITH_SELINUX
@ -31,7 +31,7 @@ diff -up shadow-4.9/src/useradd.c.redhat shadow-4.9/src/useradd.c
#endif /* !WITH_SELINUX */
long_options, NULL)) != -1) {
switch (c) {
@@ -1363,6 +1363,7 @@ static void process_flags (int argc, cha
@@ -1378,6 +1378,7 @@ static void process_flags (int argc, cha
case 'M':
Mflg = true;
break;

245
shadow-4.9-getsubids.patch
View File

@ -1,245 +0,0 @@
diff -up shadow-4.9/man/getsubids.1.xml.getsubids shadow-4.9/man/getsubids.1.xml
--- shadow-4.9/man/getsubids.1.xml.getsubids 2021-11-18 16:27:33.951053120 +0100
+++ shadow-4.9/man/getsubids.1.xml 2021-11-18 16:27:33.951053120 +0100
@@ -0,0 +1,141 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Copyright (c) 2021 Iker Pedrosa
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ 3. The name of the copyright holders or contributors may not be used to
+ endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+-->
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!-- SHADOW-CONFIG-HERE -->
+]>
+
+<refentry id='getsubids.1'>
+ <refentryinfo>
+ <author>
+ <firstname>Iker</firstname>
+ <surname>Pedrosa</surname>
+ <contrib>Creation, 2021</contrib>
+ </author>
+ </refentryinfo>
+ <refmeta>
+ <refentrytitle>getsubids</refentrytitle>
+ <manvolnum>1</manvolnum>
+ <refmiscinfo class="sectdesc">User Commands</refmiscinfo>
+ <refmiscinfo class="source">shadow-utils</refmiscinfo>
+ <refmiscinfo class="version">&SHADOW_UTILS_VERSION;</refmiscinfo>
+ </refmeta>
+ <refnamediv id='name'>
+ <refname>getsubids</refname>
+ <refpurpose>get the subordinate id ranges for a user</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv id='synopsis'>
+ <cmdsynopsis>
+ <command>getsubids</command>
+ <arg choice='opt'>
+ <replaceable>options</replaceable>
+ </arg>
+ <arg choice='plain'>
+ <replaceable>USER</replaceable>
+ </arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1 id='description'>
+ <title>DESCRIPTION</title>
+ <para>
+ The <command>getsubids</command> command lists the subordinate user ID
+ ranges for a given user. The subordinate group IDs can be listed using
+ the <option>-g</option> option.
+ </para>
+ </refsect1>
+
+ <refsect1 id='options'>
+ <title>OPTIONS</title>
+ <para>
+ The options which apply to the <command>getsubids</command> command are:
+ </para>
+ <variablelist remap='IP'>
+ <varlistentry>
+ <term>
+ <option>-g</option>
+ </term>
+ <listitem>
+ <para>
+ List the subordinate group ID ranges.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='example'>
+ <title>EXAMPLE</title>
+ <para>
+ For example, to obtain the subordinate UIDs of the testuser:
+ </para>
+ <para>
+<programlisting>
+$ getsubids testuser
+0: testuser 100000 65536
+</programlisting>
+ </para>
+ <para>
+ This command output provides (in order from left to right) the list
+ index, username, UID range start, and number of UIDs in range.
+ </para>
+ </refsect1>
+
+ <refsect1 id='see_also'>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>newgidmap</refentrytitle><manvolnum>1</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>newuidmap</refentrytitle><manvolnum>1</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>subgid</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>subuid</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>useradd</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>userdel</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>.
+ <citerefentry>
+ <refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ </para>
+ </refsect1>
+</refentry>
diff -up shadow-4.9/man/Makefile.am.getsubids shadow-4.9/man/Makefile.am
--- shadow-4.9/man/Makefile.am.getsubids 2021-07-22 23:55:35.000000000 +0200
+++ shadow-4.9/man/Makefile.am 2021-11-18 16:27:33.951053120 +0100
@@ -62,6 +62,7 @@ man_MANS += $(man_nopam)
endif
man_subids = \
+ man1/getsubids.1 \
man1/newgidmap.1 \
man1/newuidmap.1 \
man5/subgid.5 \
@@ -80,6 +81,7 @@ man_XMANS = \
expiry.1.xml \
faillog.5.xml \
faillog.8.xml \
+ getsubids.1.xml \
gpasswd.1.xml \
groupadd.8.xml \
groupdel.8.xml \
diff -up shadow-4.9/src/getsubids.c.getsubids shadow-4.9/src/getsubids.c
--- shadow-4.9/src/getsubids.c.getsubids 2021-11-18 16:27:33.951053120 +0100
+++ shadow-4.9/src/getsubids.c 2021-11-18 16:27:33.951053120 +0100
@@ -0,0 +1,46 @@
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "subid.h"
+#include "prototypes.h"
+
+const char *Prog;
+FILE *shadow_logfd = NULL;
+
+void usage(void)
+{
+ fprintf(stderr, "Usage: %s [-g] user\n", Prog);
+ fprintf(stderr, " list subuid ranges for user\n");
+ fprintf(stderr, " pass -g to list subgid ranges\n");
+ exit(EXIT_FAILURE);
+}
+
+int main(int argc, char *argv[])
+{
+ int i, count=0;
+ struct subid_range *ranges;
+ const char *owner;
+
+ Prog = Basename (argv[0]);
+ shadow_logfd = stderr;
+ if (argc < 2)
+ usage();
+ owner = argv[1];
+ if (argc == 3 && strcmp(argv[1], "-g") == 0) {
+ owner = argv[2];
+ count = get_subgid_ranges(owner, &ranges);
+ } else if (argc == 2 && strcmp(argv[1], "-h") == 0) {
+ usage();
+ } else {
+ count = get_subuid_ranges(owner, &ranges);
+ }
+ if (!ranges) {
+ fprintf(stderr, "Error fetching ranges\n");
+ exit(1);
+ }
+ for (i = 0; i < count; i++) {
+ printf("%d: %s %lu %lu\n", i, owner,
+ ranges[i].start, ranges[i].count);
+ }
+ return 0;
+}
diff -up shadow-4.9/src/list_subid_ranges.c.getsubids shadow-4.9/src/list_subid_ranges.c
diff -up shadow-4.9/src/Makefile.am.getsubids shadow-4.9/src/Makefile.am
--- shadow-4.9/src/Makefile.am.getsubids 2021-11-18 16:27:33.943053061 +0100
+++ shadow-4.9/src/Makefile.am 2021-11-18 16:28:03.647272392 +0100
@@ -157,8 +157,8 @@ if FCAPS
setcap cap_setgid+ep $(DESTDIR)$(ubindir)/newgidmap
endif
-noinst_PROGRAMS += list_subid_ranges \
- get_subid_owners \
+bin_PROGRAMS += getsubids
+noinst_PROGRAMS += get_subid_owners \
new_subid_range \
free_subid_range \
check_subid_range
@@ -174,13 +174,13 @@ MISCLIBS = \
$(LIBCRYPT) \
$(LIBTCB)
-list_subid_ranges_LDADD = \
+getsubids_LDADD = \
$(top_builddir)/lib/libshadow.la \
$(top_builddir)/libmisc/libmisc.la \
$(top_builddir)/libsubid/libsubid.la \
$(MISCLIBS) -ldl
-list_subid_ranges_CPPFLAGS = \
+getsubids_CPPFLAGS = \
-I$(top_srcdir)/lib \
-I$(top_srcdir)/libmisc \
-I$(top_srcdir)/libsubid

13
shadow-4.9-groupdel-fix-sigsegv-when-passwd-does-not-exist.patch
View File

@ -1,13 +0,0 @@
diff -up shadow-4.9/libmisc/prefix_flag.c.groupdel-fix-sigsegv-when-passwd-does-not-exist shadow-4.9/libmisc/prefix_flag.c
--- shadow-4.9/libmisc/prefix_flag.c.groupdel-fix-sigsegv-when-passwd-does-not-exist 2021-11-19 09:21:36.997091941 +0100
+++ shadow-4.9/libmisc/prefix_flag.c 2021-11-19 09:22:19.001341010 +0100
@@ -288,6 +288,9 @@ extern struct passwd* prefix_getpwent()
if(!passwd_db_file) {
return getpwent();
}
+ if (!fp_pwent) {
+ return NULL;
+ }
return fgetpwent(fp_pwent);
}
extern void prefix_endpwent()

60
shadow-4.9-libmisc-fix-default-value-in-SHA_get_salt_rounds.patch
View File

@ -1,60 +0,0 @@
From 234e8fa7b134d1ebabfdad980a3ae5b63c046c62 Mon Sep 17 00:00:00 2001
From: Mike Gilbert <floppym@gentoo.org>
Date: Sat, 14 Aug 2021 13:24:34 -0400
Subject: [PATCH] libmisc: fix default value in SHA_get_salt_rounds()
If SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS are both unspecified,
use SHA_ROUNDS_DEFAULT.
Previously, the code fell through, calling shadow_random(-1, -1). This
ultimately set rounds = (unsigned long) -1, which ends up being a very
large number! This then got capped to SHA_ROUNDS_MAX later in the
function.
The new behavior matches BCRYPT_get_salt_rounds().
Bug: https://bugs.gentoo.org/808195
Fixes: https://github.com/shadow-maint/shadow/issues/393
---
libmisc/salt.c | 21 +++++++++++----------
1 file changed, 11 insertions(+), 10 deletions(-)
diff --git a/libmisc/salt.c b/libmisc/salt.c
index 91d528fd..30eefb9c 100644
--- a/libmisc/salt.c
+++ b/libmisc/salt.c
@@ -223,20 +223,21 @@ static /*@observer@*/const unsigned long SHA_get_salt_rounds (/*@null@*/int *pre
if ((-1 == min_rounds) && (-1 == max_rounds)) {
rounds = SHA_ROUNDS_DEFAULT;
}
+ else {
+ if (-1 == min_rounds) {
+ min_rounds = max_rounds;
+ }
- if (-1 == min_rounds) {
- min_rounds = max_rounds;
- }
+ if (-1 == max_rounds) {
+ max_rounds = min_rounds;
+ }
- if (-1 == max_rounds) {
- max_rounds = min_rounds;
- }
+ if (min_rounds > max_rounds) {
+ max_rounds = min_rounds;
+ }
- if (min_rounds > max_rounds) {
- max_rounds = min_rounds;
+ rounds = (unsigned long) shadow_random (min_rounds, max_rounds);
}
-
- rounds = (unsigned long) shadow_random (min_rounds, max_rounds);
} else if (0 == *prefered_rounds) {
rounds = SHA_ROUNDS_DEFAULT;
} else {
--
2.31.1

2497
shadow-4.9-make-shadow-logfd-and-prog-not-extern.patch
View File

File diff suppressed because it is too large Load Diff

88
shadow-4.9-move-create-home.patch
View File

@ -1,88 +0,0 @@
From 09c752f00f9dfc610f66d68be38c9e5be8ca7f15 Mon Sep 17 00:00:00 2001
From: Iker Pedrosa <ipedrosa@redhat.com>
Date: Fri, 8 Oct 2021 13:09:59 +0200
Subject: [PATCH] useradd: create directories after the SELinux user
Create the home and mail folders after the SELinux user has been set for
the added user. This will allow the folders to be created with the
SELinux user label.
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
---
src/useradd.c | 46 +++++++++++++++++++++++-----------------------
1 file changed, 23 insertions(+), 23 deletions(-)
diff --git a/src/useradd.c b/src/useradd.c
index 6269c01c..b463a170 100644
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -2670,27 +2670,12 @@ int main (int argc, char **argv)
usr_update ();
- if (mflg) {
- create_home ();
- if (home_added) {
- copy_tree (def_template, prefix_user_home, false, false,
- (uid_t)-1, user_id, (gid_t)-1, user_gid);
- } else {
- fprintf (stderr,
- _("%s: warning: the home directory %s already exists.\n"
- "%s: Not copying any file from skel directory into it.\n"),
- Prog, user_home, Prog);
- }
-
- }
-
- /* Do not create mail directory for system accounts */
- if (!rflg) {
- create_mail ();
- }
-
close_files ();
+ nscd_flush_cache ("passwd");
+ nscd_flush_cache ("group");
+ sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
+
/*
* tallylog_reset needs to be able to lookup
* a valid existing user name,
@@ -2716,15 +2701,30 @@ int main (int argc, char **argv)
}
#endif /* WITH_SELINUX */
+ if (mflg) {
+ create_home ();
+ if (home_added) {
+ copy_tree (def_template, prefix_user_home, false, false,
+ (uid_t)-1, user_id, (gid_t)-1, user_gid);
+ } else {
+ fprintf (stderr,
+ _("%s: warning: the home directory %s already exists.\n"
+ "%s: Not copying any file from skel directory into it.\n"),
+ Prog, user_home, Prog);
+ }
+
+ }
+
+ /* Do not create mail directory for system accounts */
+ if (!rflg) {
+ create_mail ();
+ }
+
if (run_parts ("/etc/shadow-maint/useradd-post.d", (char*)user_name,
"useradd")) {
exit(1);
}
- nscd_flush_cache ("passwd");
- nscd_flush_cache ("group");
- sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
-
return E_SUCCESS;
}
--
2.31.1

35
shadow-4.9-newgrp-fix-segmentation-fault.patch
View File

@ -1,35 +0,0 @@
From 497e90751bc0d95cc998b0f06305040563903948 Mon Sep 17 00:00:00 2001
From: Iker Pedrosa <ipedrosa@redhat.com>
Date: Wed, 10 Nov 2021 12:02:04 +0100
Subject: [PATCH] newgrp: fix segmentation fault
Fix segmentation fault in newgrp when xgetspnam() returns a NULL value
that is immediately freed.
The error was committed in
https://github.com/shadow-maint/shadow/commit/e65cc6aebcb4132fa413f00a905216a5b35b3d57
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2019553
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
---
src/newgrp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/newgrp.c b/src/newgrp.c
index 730f47e8..566f1c89 100644
--- a/src/newgrp.c
+++ b/src/newgrp.c
@@ -163,8 +163,8 @@ static void check_perms (const struct group *grp,
spwd = xgetspnam (pwd->pw_name);
if (NULL != spwd) {
pwd->pw_passwd = xstrdup (spwd->sp_pwdp);
+ spw_free (spwd);
}
- spw_free (spwd);
if ((pwd->pw_passwd[0] == '\0') && (grp->gr_passwd[0] != '\0')) {
needspasswd = true;
--
2.31.1

15
shadow-4.9-newuidmap-libeconf-dependency.patch
View File

@ -1,15 +0,0 @@
diff --git a/src/Makefile.am b/src/Makefile.am
index 7c1a3491..6cc873be 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -96,8 +96,8 @@ LIBCRYPT_NOPAM = $(LIBCRYPT)
endif
chage_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
-newuidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) -ldl
-newgidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) -ldl
+newuidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) $(LIBECONF) -ldl
+newgidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) $(LIBECONF) -ldl
chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF)
chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF)

70
shadow-4.9-null-tm.patch
View File

@ -1,70 +0,0 @@
Index: shadow-4.5/src/chage.c
===================================================================
--- shadow-4.5.orig/src/chage.c
+++ shadow-4.5/src/chage.c
@@ -168,6 +168,10 @@ static void date_to_str (char *buf, size
struct tm *tp;
tp = gmtime (&date);
+ if (tp == NULL) {
+ (void) snprintf (buf, maxsize, "(unknown)");
+ return;
+ }
#ifdef HAVE_STRFTIME
(void) strftime (buf, maxsize, "%Y-%m-%d", tp);
#else
Index: shadow-4.5/src/lastlog.c
===================================================================
--- shadow-4.5.orig/src/lastlog.c
+++ shadow-4.5/src/lastlog.c
@@ -158,13 +158,17 @@ static void print_one (/*@null@*/const s
ll_time = ll.ll_time;
tm = localtime (&ll_time);
+ if (tm == NULL) {
+ cp = "(unknown)";
+ } else {
#ifdef HAVE_STRFTIME
- strftime (ptime, sizeof (ptime), "%a %b %e %H:%M:%S %z %Y", tm);
- cp = ptime;
+ strftime (ptime, sizeof (ptime), "%a %b %e %H:%M:%S %z %Y", tm);
+ cp = ptime;
#else
- cp = asctime (tm);
- cp[24] = '\0';
+ cp = asctime (tm);
+ cp[24] = '\0';
#endif
+ }
if (ll.ll_time == (time_t) 0) {
cp = _("**Never logged in**\0");
Index: shadow-4.5/src/passwd.c
===================================================================
--- shadow-4.5.orig/src/passwd.c
+++ shadow-4.5/src/passwd.c
@@ -455,6 +455,9 @@ static /*@observer@*/const char *date_to
struct tm *tm;
tm = gmtime (&t);
+ if (tm == NULL) {
+ return "(unknown)";
+ }
#ifdef HAVE_STRFTIME
(void) strftime (buf, sizeof buf, "%m/%d/%Y", tm);
#else /* !HAVE_STRFTIME */
Index: shadow-4.5/src/usermod.c
===================================================================
--- shadow-4.5.orig/src/usermod.c
+++ shadow-4.5/src/usermod.c
@@ -210,6 +210,10 @@ static void date_to_str (/*@unique@*//*@
} else {
time_t t = (time_t) date;
tp = gmtime (&t);
+ if (tp == NULL) {
+ strncpy (buf, "unknown", maxsize);
+ return;
+ }
#ifdef HAVE_STRFTIME
strftime (buf, maxsize, "%Y-%m-%d", tp);
#else

30
shadow-4.9-pwck-fix-segfault-when-calling-fprintf.patch
View File

@ -1,30 +0,0 @@
From d8e54618feea201987c1f3cb402ed50d1d8b604f Mon Sep 17 00:00:00 2001
From: Iker Pedrosa <ipedrosa@redhat.com>
Date: Mon, 15 Nov 2021 12:40:15 +0100
Subject: [PATCH] pwck: fix segfault when calling fprintf()
As shadow_logfd variable is not set at the beginning of the program if
something fails and fprintf() is called a segmentation fault happens.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2021339
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
---
src/pwck.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/pwck.c b/src/pwck.c
index 4248944a..4ce86af2 100644
--- a/src/pwck.c
+++ b/src/pwck.c
@@ -857,6 +857,7 @@ int main (int argc, char **argv)
* Get my name so that I can use it to report errors.
*/
Prog = Basename (argv[0]);
+ shadow_logfd = stderr;
(void) setlocale (LC_ALL, "");
(void) bindtextdomain (PACKAGE, LOCALEDIR);
--
2.31.1

507
shadow-4.9-rename-prog-to-shadow-progname.patch
View File

@ -1,507 +0,0 @@
diff -up shadow-4.9/lib/commonio.c.debug2 shadow-4.9/lib/commonio.c
--- shadow-4.9/lib/commonio.c.debug2 2022-01-10 10:57:47.535238522 +0100
+++ shadow-4.9/lib/commonio.c 2022-01-10 10:57:47.544238586 +0100
@@ -147,7 +147,7 @@ static int do_lock_file (const char *fil
if (log) {
(void) fprintf (shadow_logfd,
"%s: %s: %s\n",
- Prog, file, strerror (errno));
+ shadow_progname, file, strerror (errno));
}
return 0;
}
@@ -159,7 +159,7 @@ static int do_lock_file (const char *fil
if (log) {
(void) fprintf (shadow_logfd,
"%s: %s file write error: %s\n",
- Prog, file, strerror (errno));
+ shadow_progname, file, strerror (errno));
}
(void) close (fd);
unlink (file);
@@ -169,7 +169,7 @@ static int do_lock_file (const char *fil
if (log) {
(void) fprintf (shadow_logfd,
"%s: %s file sync error: %s\n",
- Prog, file, strerror (errno));
+ shadow_progname, file, strerror (errno));
}
(void) close (fd);
unlink (file);
@@ -182,7 +182,7 @@ static int do_lock_file (const char *fil
if ((0==retval) && log) {
(void) fprintf (shadow_logfd,
"%s: %s: lock file already used\n",
- Prog, file);
+ shadow_progname, file);
}
unlink (file);
return retval;
@@ -193,7 +193,7 @@ static int do_lock_file (const char *fil
if (log) {
(void) fprintf (shadow_logfd,
"%s: %s: %s\n",
- Prog, lock, strerror (errno));
+ shadow_progname, lock, strerror (errno));
}
unlink (file);
errno = EINVAL;
@@ -205,7 +205,7 @@ static int do_lock_file (const char *fil
if (log) {
(void) fprintf (shadow_logfd,
"%s: existing lock file %s without a PID\n",
- Prog, lock);
+ shadow_progname, lock);
}
unlink (file);
errno = EINVAL;
@@ -216,7 +216,7 @@ static int do_lock_file (const char *fil
if (log) {
(void) fprintf (shadow_logfd,
"%s: existing lock file %s with an invalid PID '%s'\n",
- Prog, lock, buf);
+ shadow_progname, lock, buf);
}
unlink (file);
errno = EINVAL;
@@ -226,7 +226,7 @@ static int do_lock_file (const char *fil
if (log) {
(void) fprintf (shadow_logfd,
"%s: lock %s already used by PID %lu\n",
- Prog, lock, (unsigned long) pid);
+ shadow_progname, lock, (unsigned long) pid);
}
unlink (file);
errno = EEXIST;
@@ -236,7 +236,7 @@ static int do_lock_file (const char *fil
if (log) {
(void) fprintf (shadow_logfd,
"%s: cannot get lock %s: %s\n",
- Prog, lock, strerror (errno));
+ shadow_progname, lock, strerror (errno));
}
unlink (file);
return 0;
@@ -248,13 +248,13 @@ static int do_lock_file (const char *fil
if ((0==retval) && log) {
(void) fprintf (shadow_logfd,
"%s: %s: lock file already used\n",
- Prog, file);
+ shadow_progname, file);
}
} else {
if (log) {
(void) fprintf (shadow_logfd,
"%s: cannot get lock %s: %s\n",
- Prog, lock, strerror (errno));
+ shadow_progname, lock, strerror (errno));
}
}
@@ -449,7 +449,7 @@ int commonio_lock (struct commonio_db *d
if (geteuid () != 0) {
(void) fprintf (shadow_logfd,
"%s: Permission denied.\n",
- Prog);
+ shadow_progname);
}
return 0; /* failure */
}
@@ -484,7 +484,7 @@ int commonio_lock (struct commonio_db *d
/* no unnecessary retries on "permission denied" errors */
if (geteuid () != 0) {
(void) fprintf (shadow_logfd, "%s: Permission denied.\n",
- Prog);
+ shadow_progname);
return 0;
}
}
diff -up shadow-4.9/lib/nscd.c.debug2 shadow-4.9/lib/nscd.c
--- shadow-4.9/lib/nscd.c.debug2 2022-01-10 10:57:47.537238536 +0100
+++ shadow-4.9/lib/nscd.c 2022-01-10 10:57:47.544238586 +0100
@@ -26,7 +26,7 @@ int nscd_flush_cache (const char *servic
if (run_command (cmd, spawnedArgs, spawnedEnv, &status) != 0) {
/* run_command writes its own more detailed message. */
- (void) fprintf (shadow_logfd, _(MSG_NSCD_FLUSH_CACHE_FAILED), Prog);
+ (void) fprintf (shadow_logfd, _(MSG_NSCD_FLUSH_CACHE_FAILED), shadow_progname);
return -1;
}
@@ -34,7 +34,7 @@ int nscd_flush_cache (const char *servic
if (!WIFEXITED (status)) {
(void) fprintf (shadow_logfd,
_("%s: nscd did not terminate normally (signal %d)\n"),
- Prog, WTERMSIG (status));
+ shadow_progname, WTERMSIG (status));
return -1;
} else if (code == E_CMD_NOTFOUND) {
/* nscd is not installed, or it is installed but uses an
@@ -45,8 +45,8 @@ int nscd_flush_cache (const char *servic
return 0;
} else if (code != 0) {
(void) fprintf (shadow_logfd, _("%s: nscd exited with status %d\n"),
- Prog, code);
- (void) fprintf (shadow_logfd, _(MSG_NSCD_FLUSH_CACHE_FAILED), Prog);
+ shadow_progname, code);
+ (void) fprintf (shadow_logfd, _(MSG_NSCD_FLUSH_CACHE_FAILED), shadow_progname);
return -1;
}
diff -up shadow-4.9/lib/selinux.c.debug2 shadow-4.9/lib/selinux.c
--- shadow-4.9/lib/selinux.c.debug2 2022-01-10 10:57:47.538238543 +0100
+++ shadow-4.9/lib/selinux.c 2022-01-10 10:57:47.544238586 +0100
@@ -216,7 +216,7 @@ int check_selinux_permit (const char *pe
if (getprevcon_raw (&user_context_raw) != 0) {
fprintf (shadow_logfd,
_("%s: can not get previous SELinux process context: %s\n"),
- Prog, strerror (errno));
+ shadow_progname, strerror (errno));
SYSLOG ((LOG_WARN,
"can not get previous SELinux process context: %s",
strerror (errno)));
diff -up shadow-4.9/lib/shadowlog.c.debug2 shadow-4.9/lib/shadowlog.c
--- shadow-4.9/lib/shadowlog.c.debug2 2022-01-10 10:57:47.538238543 +0100
+++ shadow-4.9/lib/shadowlog.c 2022-01-10 10:57:47.544238586 +0100
@@ -2,14 +2,17 @@
#include "lib/shadowlog_internal.h"
+const char *shadow_progname;
+FILE *shadow_logfd;
+
void log_set_progname(const char *progname)
{
- Prog = progname;
+ shadow_progname = progname;
}
const char *log_get_progname(void)
{
- return Prog;
+ return shadow_progname;
}
void log_set_logfd(FILE *fd)
diff -up shadow-4.9/lib/shadowlog_internal.h.debug2 shadow-4.9/lib/shadowlog_internal.h
--- shadow-4.9/lib/shadowlog_internal.h.debug2 2022-01-10 10:57:47.538238543 +0100
+++ shadow-4.9/lib/shadowlog_internal.h 2022-01-10 10:57:47.544238586 +0100
@@ -1,2 +1,2 @@
-const char *Prog; /* Program name showed in error messages */
-FILE *shadow_logfd; /* file descripter to which error messages are printed */
+extern const char *shadow_progname; /* Program name showed in error messages */
+extern FILE *shadow_logfd; /* file descripter to which error messages are printed */
diff -up shadow-4.9/lib/spawn.c.debug2 shadow-4.9/lib/spawn.c
--- shadow-4.9/lib/spawn.c.debug2 2022-01-10 10:57:47.538238543 +0100
+++ shadow-4.9/lib/spawn.c 2022-01-10 10:57:47.544238586 +0100
@@ -60,11 +60,11 @@ int run_command (const char *cmd, const
exit (E_CMD_NOTFOUND);
}
fprintf (shadow_logfd, "%s: cannot execute %s: %s\n",
- Prog, cmd, strerror (errno));
+ shadow_progname, cmd, strerror (errno));
exit (E_CMD_NOEXEC);
} else if ((pid_t)-1 == pid) {
fprintf (shadow_logfd, "%s: cannot execute %s: %s\n",
- Prog, cmd, strerror (errno));
+ shadow_progname, cmd, strerror (errno));
return -1;
}
@@ -77,7 +77,7 @@ int run_command (const char *cmd, const
if ((pid_t)-1 == wpid) {
fprintf (shadow_logfd, "%s: waitpid (status: %d): %s\n",
- Prog, *status, strerror (errno));
+ shadow_progname, *status, strerror (errno));
return -1;
}
diff -up shadow-4.9/lib/sssd.c.debug2 shadow-4.9/lib/sssd.c
--- shadow-4.9/lib/sssd.c.debug2 2022-01-10 10:57:47.538238543 +0100
+++ shadow-4.9/lib/sssd.c 2022-01-10 10:57:47.544238586 +0100
@@ -48,22 +48,22 @@ int sssd_flush_cache (int dbflags)
free(sss_cache_args);
if (rv != 0) {
/* run_command writes its own more detailed message. */
- SYSLOG ((LOG_WARN, MSG_SSSD_FLUSH_CACHE_FAILED, Prog));
+ SYSLOG ((LOG_WARN, MSG_SSSD_FLUSH_CACHE_FAILED, shadow_progname));
return -1;
}
code = WEXITSTATUS (status);
if (!WIFEXITED (status)) {
SYSLOG ((LOG_WARN, "%s: sss_cache did not terminate normally (signal %d)",
- Prog, WTERMSIG (status)));
+ shadow_progname, WTERMSIG (status)));
return -1;
} else if (code == E_CMD_NOTFOUND) {
/* sss_cache is not installed, or it is installed but uses an
interpreter that is missing. Probably the former. */
return 0;
} else if (code != 0) {
- SYSLOG ((LOG_WARN, "%s: sss_cache exited with status %d", Prog, code));
- SYSLOG ((LOG_WARN, MSG_SSSD_FLUSH_CACHE_FAILED, Prog));
+ SYSLOG ((LOG_WARN, "%s: sss_cache exited with status %d", shadow_progname, code));
+ SYSLOG ((LOG_WARN, MSG_SSSD_FLUSH_CACHE_FAILED, shadow_progname));
return -1;
}
diff -up shadow-4.9/lib/tcbfuncs.c.debug2 shadow-4.9/lib/tcbfuncs.c
--- shadow-4.9/lib/tcbfuncs.c.debug2 2022-01-10 10:57:47.538238543 +0100
+++ shadow-4.9/lib/tcbfuncs.c 2022-01-10 10:59:01.228764507 +0100
@@ -74,7 +74,7 @@ shadowtcb_status shadowtcb_gain_priv (vo
* to exit soon.
*/
#define OUT_OF_MEMORY do { \
- fprintf (shadow_logfd, _("%s: out of memory\n"), Prog); \
+ fprintf (shadow_logfd, _("%s: out of memory\n"), shadow_progname); \
(void) fflush (shadow_logfd); \
} while (false)
@@ -120,7 +120,7 @@ static /*@null@*/ char *shadowtcb_path_r
if (lstat (path, &st) != 0) {
fprintf (shadow_logfd,
_("%s: Cannot stat %s: %s\n"),
- Prog, path, strerror (errno));
+ shadow_progname, path, strerror (errno));
free (path);
return NULL;
}
@@ -136,7 +136,7 @@ static /*@null@*/ char *shadowtcb_path_r
if (!S_ISLNK (st.st_mode)) {
fprintf (shadow_logfd,
_("%s: %s is neither a directory, nor a symlink.\n"),
- Prog, path);
+ shadow_progname, path);
free (path);
return NULL;
}
@@ -144,7 +144,7 @@ static /*@null@*/ char *shadowtcb_path_r
if (-1 == ret) {
fprintf (shadow_logfd,
_("%s: Cannot read symbolic link %s: %s\n"),
- Prog, path, strerror (errno));
+ shadow_progname, path, strerror (errno));
free (path);
return NULL;
}
@@ -153,7 +153,7 @@ static /*@null@*/ char *shadowtcb_path_r
link[sizeof(link) - 1] = '\0';
fprintf (shadow_logfd,
_("%s: Suspiciously long symlink: %s\n"),
- Prog, link);
+ shadow_progname, link);
return NULL;
}
link[(size_t)ret] = '\0';
@@ -211,7 +211,7 @@ static shadowtcb_status mkdir_leading (c
if (stat (TCB_DIR, &st) != 0) {
fprintf (shadow_logfd,
_("%s: Cannot stat %s: %s\n"),
- Prog, TCB_DIR, strerror (errno));
+ shadow_progname, TCB_DIR, strerror (errno));
goto out_free_path;
}
while ((ind = strchr (ptr, '/'))) {
@@ -223,19 +223,19 @@ static shadowtcb_status mkdir_leading (c
if ((mkdir (dir, 0700) != 0) && (errno != EEXIST)) {
fprintf (shadow_logfd,
_("%s: Cannot create directory %s: %s\n"),
- Prog, dir, strerror (errno));
+ shadow_progname, dir, strerror (errno));
goto out_free_dir;
}
if (chown (dir, 0, st.st_gid) != 0) {
fprintf (shadow_logfd,
_("%s: Cannot change owner of %s: %s\n"),
- Prog, dir, strerror (errno));
+ shadow_progname, dir, strerror (errno));
goto out_free_dir;
}
if (chmod (dir, 0711) != 0) {
fprintf (shadow_logfd,
_("%s: Cannot change mode of %s: %s\n"),
- Prog, dir, strerror (errno));
+ shadow_progname, dir, strerror (errno));
goto out_free_dir;
}
free (dir);
@@ -265,7 +265,7 @@ static shadowtcb_status unlink_suffs (co
if ((unlink (tmp) != 0) && (errno != ENOENT)) {
fprintf (shadow_logfd,
_("%s: unlink: %s: %s\n"),
- Prog, tmp, strerror (errno));
+ shadow_progname, tmp, strerror (errno));
free (tmp);
return SHADOWTCB_FAILURE;
}
@@ -290,7 +290,7 @@ static shadowtcb_status rmdir_leading (c
if (errno != ENOTEMPTY) {
fprintf (shadow_logfd,
_("%s: Cannot remove directory %s: %s\n"),
- Prog, dir, strerror (errno));
+ shadow_progname, dir, strerror (errno));
ret = SHADOWTCB_FAILURE;
}
free (dir);
@@ -319,7 +319,7 @@ static shadowtcb_status move_dir (const
if (stat (olddir, &oldmode) != 0) {
fprintf (shadow_logfd,
_("%s: Cannot stat %s: %s\n"),
- Prog, olddir, strerror (errno));
+ shadow_progname, olddir, strerror (errno));
goto out_free;
}
old_uid = oldmode.st_uid;
@@ -346,7 +346,7 @@ static shadowtcb_status move_dir (const
if (rename (real_old_dir, real_new_dir) != 0) {
fprintf (shadow_logfd,
_("%s: Cannot rename %s to %s: %s\n"),
- Prog, real_old_dir, real_new_dir, strerror (errno));
+ shadow_progname, real_old_dir, real_new_dir, strerror (errno));
goto out_free;
}
if (rmdir_leading (real_old_dir_rel) == SHADOWTCB_FAILURE) {
@@ -355,7 +355,7 @@ static shadowtcb_status move_dir (const
if ((unlink (olddir) != 0) && (errno != ENOENT)) {
fprintf (shadow_logfd,
_("%s: Cannot remove %s: %s\n"),
- Prog, olddir, strerror (errno));
+ shadow_progname, olddir, strerror (errno));
goto out_free;
}
if (asprintf (&newdir, TCB_DIR "/%s", user_newname) == -1) {
@@ -369,7 +369,7 @@ static shadowtcb_status move_dir (const
&& (symlink (real_new_dir_rel, newdir) != 0)) {
fprintf (shadow_logfd,
_("%s: Cannot create symbolic link %s: %s\n"),
- Prog, real_new_dir_rel, strerror (errno));
+ shadow_progname, real_new_dir_rel, strerror (errno));
goto out_free;
}
ret = SHADOWTCB_SUCCESS;
@@ -468,31 +468,31 @@ shadowtcb_status shadowtcb_move (/*@NULL
if (stat (tcbdir, &dirmode) != 0) {
fprintf (shadow_logfd,
_("%s: Cannot stat %s: %s\n"),
- Prog, tcbdir, strerror (errno));
+ shadow_progname, tcbdir, strerror (errno));
goto out_free;
}
if (chown (tcbdir, 0, 0) != 0) {
fprintf (shadow_logfd,
_("%s: Cannot change owners of %s: %s\n"),
- Prog, tcbdir, strerror (errno));
+ shadow_progname, tcbdir, strerror (errno));
goto out_free;
}
if (chmod (tcbdir, 0700) != 0) {
fprintf (shadow_logfd,
_("%s: Cannot change mode of %s: %s\n"),
- Prog, tcbdir, strerror (errno));
+ shadow_progname, tcbdir, strerror (errno));
goto out_free;
}
if (lstat (shadow, &filemode) != 0) {
if (errno != ENOENT) {
fprintf (shadow_logfd,
_("%s: Cannot lstat %s: %s\n"),
- Prog, shadow, strerror (errno));
+ shadow_progname, shadow, strerror (errno));
goto out_free;
}
fprintf (shadow_logfd,
_("%s: Warning, user %s has no tcb shadow file.\n"),
- Prog, user_newname);
+ shadow_progname, user_newname);
} else {
if (!S_ISREG (filemode.st_mode) ||
filemode.st_nlink != 1) {
@@ -500,19 +500,19 @@ shadowtcb_status shadowtcb_move (/*@NULL
_("%s: Emergency: %s's tcb shadow is not a "
"regular file with st_nlink=1.\n"
"The account is left locked.\n"),
- Prog, user_newname);
+ shadow_progname, user_newname);
goto out_free;
}
if (chown (shadow, user_newid, filemode.st_gid) != 0) {
fprintf (shadow_logfd,
_("%s: Cannot change owner of %s: %s\n"),
- Prog, shadow, strerror (errno));
+ shadow_progname, shadow, strerror (errno));
goto out_free;
}
if (chmod (shadow, filemode.st_mode & 07777) != 0) {
fprintf (shadow_logfd,
_("%s: Cannot change mode of %s: %s\n"),
- Prog, shadow, strerror (errno));
+ shadow_progname, shadow, strerror (errno));
goto out_free;
}
}
@@ -522,7 +522,7 @@ shadowtcb_status shadowtcb_move (/*@NULL
if (chown (tcbdir, user_newid, dirmode.st_gid) != 0) {
fprintf (shadow_logfd,
_("%s: Cannot change owner of %s: %s\n"),
- Prog, tcbdir, strerror (errno));
+ shadow_progname, tcbdir, strerror (errno));
goto out_free;
}
ret = SHADOWTCB_SUCCESS;
@@ -547,7 +547,7 @@ shadowtcb_status shadowtcb_create (const
if (stat (TCB_DIR, &tcbdir_stat) != 0) {
fprintf (shadow_logfd,
_("%s: Cannot stat %s: %s\n"),
- Prog, TCB_DIR, strerror (errno));
+ shadow_progname, TCB_DIR, strerror (errno));
return SHADOWTCB_FAILURE;
}
shadowgid = tcbdir_stat.st_gid;
@@ -567,39 +567,39 @@ shadowtcb_status shadowtcb_create (const
if (mkdir (dir, 0700) != 0) {
fprintf (shadow_logfd,
_("%s: mkdir: %s: %s\n"),
- Prog, dir, strerror (errno));
+ shadow_progname, dir, strerror (errno));
goto out_free;
}
fd = open (shadow, O_RDWR | O_CREAT | O_TRUNC, 0600);
if (fd < 0) {
fprintf (shadow_logfd,
_("%s: Cannot open %s: %s\n"),
- Prog, shadow, strerror (errno));
+ shadow_progname, shadow, strerror (errno));
goto out_free;
}
close (fd);
if (chown (shadow, 0, authgid) != 0) {
fprintf (shadow_logfd,
_("%s: Cannot change owner of %s: %s\n"),
- Prog, shadow, strerror (errno));
+ shadow_progname, shadow, strerror (errno));
goto out_free;
}
if (chmod (shadow, (mode_t) ((authgid == shadowgid) ? 0600 : 0640)) != 0) {
fprintf (shadow_logfd,
_("%s: Cannot change mode of %s: %s\n"),
- Prog, shadow, strerror (errno));
+ shadow_progname, shadow, strerror (errno));
goto out_free;
}
if (chown (dir, 0, authgid) != 0) {
fprintf (shadow_logfd,
_("%s: Cannot change owner of %s: %s\n"),
- Prog, dir, strerror (errno));
+ shadow_progname, dir, strerror (errno));
goto out_free;
}
if (chmod (dir, (mode_t) ((authgid == shadowgid) ? 02700 : 02710)) != 0) {
fprintf (shadow_logfd,
_("%s: Cannot change mode of %s: %s\n"),
- Prog, dir, strerror (errno));
+ shadow_progname, dir, strerror (errno));
goto out_free;
}
if ( (shadowtcb_set_user (name) == SHADOWTCB_FAILURE)

30
shadow-4.9-revert-useradd-fix-memleak.patch
View File

@ -1,30 +0,0 @@
From 4624e9fca1b02b64e25e8b2280a0186182ab73ba Mon Sep 17 00:00:00 2001
From: Serge Hallyn <serge@hallyn.com>
Date: Sat, 14 Aug 2021 19:37:24 -0500
Subject: [PATCH] Revert "useradd.c:fix memleaks of grp"
In some cases, the value which was being freed is not actually
safe to free.
Closes #394
This reverts commit c44b71cec25d60efc51aec9de3abce1f6efbfcf5.
---
src/useradd.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/useradd.c b/src/useradd.c
index f90127cd..0d3f390d 100644
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -413,7 +413,6 @@ static void get_defaults (void)
} else {
def_group = grp->gr_gid;
def_gname = xstrdup (grp->gr_name);
- gr_free(grp);
}
}
--
2.31.1

61
shadow-4.9-semanage-close-the-selabel-handle.patch
View File

@ -1,61 +0,0 @@
From 234af5cf67fc1a3ba99fc246ba65869a3c416545 Mon Sep 17 00:00:00 2001
From: Iker Pedrosa <ipedrosa@redhat.com>
Date: Fri, 8 Oct 2021 13:13:13 +0200
Subject: [PATCH] semanage: close the selabel handle
Close the selabel handle to update the file_context. This means that the
file_context will be remmaped and used by selabel_lookup() to return
the appropriate context to label the home folder.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1993081
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
---
lib/prototypes.h | 1 +
lib/selinux.c | 5 +++++
lib/semanage.c | 1 +
3 files changed, 7 insertions(+)
diff --git a/lib/prototypes.h b/lib/prototypes.h
index 1d1586d4..b697e0ec 100644
--- a/lib/prototypes.h
+++ b/lib/prototypes.h
@@ -392,6 +392,7 @@ extern /*@observer@*/const char *crypt_make_salt (/*@null@*//*@observer@*/const
/* selinux.c */
#ifdef WITH_SELINUX
extern int set_selinux_file_context (const char *dst_name, mode_t mode);
+extern void reset_selinux_handle (void);
extern int reset_selinux_file_context (void);
extern int check_selinux_permit (const char *perm_name);
#endif
diff --git a/lib/selinux.c b/lib/selinux.c
index c83545f9..b075d4c0 100644
--- a/lib/selinux.c
+++ b/lib/selinux.c
@@ -50,6 +50,11 @@ static void cleanup(void)
}
}
+void reset_selinux_handle (void)
+{
+ cleanup();
+}
+
/*
* set_selinux_file_context - Set the security context before any file or
* directory creation.
diff --git a/lib/semanage.c b/lib/semanage.c
index 0d30456a..a5bf9218 100644
--- a/lib/semanage.c
+++ b/lib/semanage.c
@@ -293,6 +293,7 @@ int set_seuser (const char *login_name, const char *seuser_name)
}
ret = 0;
+ reset_selinux_handle();
done:
semanage_seuser_key_free (key);
--
2.31.1

39
shadow-4.9-shadow-progname-default-init.patch
View File

@ -1,39 +0,0 @@
diff -up shadow-4.9/lib/shadowlog.c.debug3 shadow-4.9/lib/shadowlog.c
--- shadow-4.9/lib/shadowlog.c.debug3 2022-01-10 11:16:31.636261531 +0100
+++ shadow-4.9/lib/shadowlog.c 2022-01-10 11:16:31.637261538 +0100
@@ -2,8 +2,8 @@
#include "lib/shadowlog_internal.h"
-const char *shadow_progname;
-FILE *shadow_logfd;
+const char *shadow_progname = "libshadow";
+FILE *shadow_logfd = NULL;
void log_set_progname(const char *progname)
{
diff -up shadow-4.9/libsubid/api.c.debug3 shadow-4.9/libsubid/api.c
--- shadow-4.9/libsubid/api.c.debug3 2022-01-10 11:16:31.637261538 +0100
+++ shadow-4.9/libsubid/api.c 2022-01-10 11:17:15.431574120 +0100
@@ -40,17 +40,16 @@
#include "subid.h"
#include "shadowlog.h"
-const char *Prog = "(libsubid)";
-
bool libsubid_init(const char *progname, FILE * logfd)
{
FILE *shadow_logfd;
if (progname) {
progname = strdup(progname);
- if (progname)
- Prog = progname;
- else
+ if (!progname)
return false;
+ log_set_progname(progname);
+ } else {
+ log_set_progname("(libsubid)");
}
if (logfd) {

79
shadow-4.9-useradd-avoid-generating-empty-subid-range.patch
View File

@ -1,79 +0,0 @@
diff --git a/src/useradd.c b/src/useradd.c
index baeffb35..9abeea6e 100644
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -142,9 +142,7 @@ static bool is_sub_gid = false;
static bool sub_uid_locked = false;
static bool sub_gid_locked = false;
static uid_t sub_uid_start; /* New subordinate uid range */
-static unsigned long sub_uid_count;
static gid_t sub_gid_start; /* New subordinate gid range */
-static unsigned long sub_gid_count;
#endif /* ENABLE_SUBIDS */
static bool pw_locked = false;
static bool gr_locked = false;
@@ -234,7 +232,7 @@ static void open_shadow (void);
static void faillog_reset (uid_t);
static void lastlog_reset (uid_t);
static void tallylog_reset (const char *);
-static void usr_update (void);
+static void usr_update (unsigned long subuid_count, unsigned long subgid_count);
static void create_home (void);
static void create_mail (void);
static void check_uid_range(int rflg, uid_t user_id);
@@ -2092,7 +2090,7 @@ static void tallylog_reset (const char *user_name)
* usr_update() creates the password file entries for this user
* and will update the group entries if required.
*/
-static void usr_update (void)
+static void usr_update (unsigned long subuid_count, unsigned long subgid_count)
{
struct passwd pwent;
struct spwd spent;
@@ -2155,14 +2153,14 @@ static void usr_update (void)
}
#ifdef ENABLE_SUBIDS
if (is_sub_uid &&
- (sub_uid_add(user_name, sub_uid_start, sub_uid_count) == 0)) {
+ (sub_uid_add(user_name, sub_uid_start, subuid_count) == 0)) {
fprintf (stderr,
_("%s: failed to prepare the new %s entry\n"),
Prog, sub_uid_dbname ());
fail_exit (E_SUB_UID_UPDATE);
}
if (is_sub_gid &&
- (sub_gid_add(user_name, sub_gid_start, sub_gid_count) == 0)) {
+ (sub_gid_add(user_name, sub_gid_start, subgid_count) == 0)) {
fprintf (stderr,
_("%s: failed to prepare the new %s entry\n"),
Prog, sub_uid_dbname ());
@@ -2624,16 +2622,16 @@ int main (int argc, char **argv)
}
#ifdef ENABLE_SUBIDS
- if (is_sub_uid && sub_uid_count != 0) {
- if (find_new_sub_uids(&sub_uid_start, &sub_uid_count) < 0) {
+ if (is_sub_uid && subuid_count != 0) {
+ if (find_new_sub_uids(&sub_uid_start, &subuid_count) < 0) {
fprintf (stderr,
_("%s: can't create subordinate user IDs\n"),
Prog);
fail_exit(E_SUB_UID_UPDATE);
}
}
- if (is_sub_gid && sub_gid_count != 0) {
- if (find_new_sub_gids(&sub_gid_start, &sub_gid_count) < 0) {
+ if (is_sub_gid && subgid_count != 0) {
+ if (find_new_sub_gids(&sub_gid_start, &subgid_count) < 0) {
fprintf (stderr,
_("%s: can't create subordinate group IDs\n"),
Prog);
@@ -2642,7 +2640,7 @@ int main (int argc, char **argv)
}
#endif /* ENABLE_SUBIDS */
- usr_update ();
+ usr_update (subuid_count, subgid_count);
close_files ();

13
shadow-4.9-useradd-copy-tree-argument.patch
View File

@ -1,13 +0,0 @@
diff --git a/src/useradd.c b/src/useradd.c
index b463a170..f7c97958 100644
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -2704,7 +2704,7 @@ int main (int argc, char **argv)
if (mflg) {
create_home ();
if (home_added) {
- copy_tree (def_template, prefix_user_home, false, false,
+ copy_tree (def_template, prefix_user_home, false, true,
(uid_t)-1, user_id, (gid_t)-1, user_gid);
} else {
fprintf (stderr,

322
shadow-4.9-usermod-allow-all-group-types.patch
View File

@ -1,322 +0,0 @@
From e481437ab9ebe9a8bf8fbaabe986d42b2f765991 Mon Sep 17 00:00:00 2001
From: Iker Pedrosa <ipedrosa@redhat.com>
Date: Tue, 3 Aug 2021 08:57:20 +0200
Subject: [PATCH] usermod: allow all group types with -G option
The only way of removing a group from the supplementary list is to use
-G option, and list all groups that the user is a member of except for
the one that wants to be removed. The problem lies when there's a user
that contains both local and remote groups, and the group to be removed
is a local one. As we need to include the remote group with -G option
the command will fail.
This reverts commit 140510de9de4771feb3af1d859c09604043a4c9b. This way,
it would be possible to remove the remote groups from the supplementary
list.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1967641
Resolves: https://github.com/shadow-maint/shadow/issues/338
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
---
src/usermod.c | 220 ++++++++++++++++++--------------------------------
1 file changed, 77 insertions(+), 143 deletions(-)
diff --git a/src/usermod.c b/src/usermod.c
index 03bb9b9d..a0c03afa 100644
--- a/src/usermod.c
+++ b/src/usermod.c
@@ -187,7 +187,6 @@ static bool sub_gid_locked = false;
static void date_to_str (/*@unique@*//*@out@*/char *buf, size_t maxsize,
long int date);
static int get_groups (char *);
-static struct group * get_local_group (char * grp_name);
static /*@noreturn@*/void usage (int status);
static void new_pwent (struct passwd *);
static void new_spent (struct spwd *);
@@ -201,9 +200,7 @@ static void grp_update (void);
static void process_flags (int, char **);
static void close_files (void);
-static void close_group_files (void);
static void open_files (void);
-static void open_group_files (void);
static void usr_update (void);
static void move_home (void);
static void update_lastlog (void);
@@ -260,11 +257,6 @@ static int get_groups (char *list)
return 0;
}
- /*
- * Open the group files
- */
- open_group_files ();
-
/*
* So long as there is some data to be converted, strip off each
* name and look it up. A mix of numerical and string values for
@@ -284,7 +276,7 @@ static int get_groups (char *list)
* Names starting with digits are treated as numerical GID
* values, otherwise the string is looked up as is.
*/
- grp = get_local_group (list);
+ grp = prefix_getgr_nam_gid (list);
/*
* There must be a match, either by GID value or by
@@ -334,8 +326,6 @@ static int get_groups (char *list)
gr_free ((struct group *)grp);
} while (NULL != list);
- close_group_files ();
-
user_groups[ngroups] = (char *) 0;
/*
@@ -348,44 +338,6 @@ static int get_groups (char *list)
return 0;
}
-/*
- * get_local_group - checks if a given group name exists locally
- *
- * get_local_group() checks if a given group name exists locally.
- * If the name exists the group information is returned, otherwise NULL is
- * returned.
- */
-static struct group * get_local_group(char * grp_name)
-{
- const struct group *grp;
- struct group *result_grp = NULL;
- long long int gid;
- char *endptr;
-
- gid = strtoll (grp_name, &endptr, 10);
- if ( ('\0' != *grp_name)
- && ('\0' == *endptr)
- && (ERANGE != errno)
- && (gid == (gid_t)gid)) {
- grp = gr_locate_gid ((gid_t) gid);
- }
- else {
- grp = gr_locate(grp_name);
- }
-
- if (grp != NULL) {
- result_grp = __gr_dup (grp);
- if (NULL == result_grp) {
- fprintf (stderr,
- _("%s: Out of memory. Cannot find group '%s'.\n"),
- Prog, grp_name);
- fail_exit (E_GRP_UPDATE);
- }
- }
-
- return result_grp;
-}
-
#ifdef ENABLE_SUBIDS
struct ulong_range
{
@@ -1523,7 +1475,50 @@ static void close_files (void)
}
if (Gflg || lflg) {
- close_group_files ();
+ if (gr_close () == 0) {
+ fprintf (stderr,
+ _("%s: failure while writing changes to %s\n"),
+ Prog, gr_dbname ());
+ SYSLOG ((LOG_ERR,
+ "failure while writing changes to %s",
+ gr_dbname ()));
+ fail_exit (E_GRP_UPDATE);
+ }
+#ifdef SHADOWGRP
+ if (is_shadow_grp) {
+ if (sgr_close () == 0) {
+ fprintf (stderr,
+ _("%s: failure while writing changes to %s\n"),
+ Prog, sgr_dbname ());
+ SYSLOG ((LOG_ERR,
+ "failure while writing changes to %s",
+ sgr_dbname ()));
+ fail_exit (E_GRP_UPDATE);
+ }
+ }
+#endif
+#ifdef SHADOWGRP
+ if (is_shadow_grp) {
+ if (sgr_unlock () == 0) {
+ fprintf (stderr,
+ _("%s: failed to unlock %s\n"),
+ Prog, sgr_dbname ());
+ SYSLOG ((LOG_ERR,
+ "failed to unlock %s",
+ sgr_dbname ()));
+ /* continue */
+ }
+ }
+#endif
+ if (gr_unlock () == 0) {
+ fprintf (stderr,
+ _("%s: failed to unlock %s\n"),
+ Prog, gr_dbname ());
+ SYSLOG ((LOG_ERR,
+ "failed to unlock %s",
+ gr_dbname ()));
+ /* continue */
+ }
}
if (is_shadow_pwd) {
@@ -1592,60 +1587,6 @@ static void close_files (void)
#endif
}
-/*
- * close_group_files - close all of the files that were opened
- *
- * close_group_files() closes all of the files that were opened related
- * with groups. This causes any modified entries to be written out.
- */
-static void close_group_files (void)
-{
- if (gr_close () == 0) {
- fprintf (stderr,
- _("%s: failure while writing changes to %s\n"),
- Prog, gr_dbname ());
- SYSLOG ((LOG_ERR,
- "failure while writing changes to %s",
- gr_dbname ()));
- fail_exit (E_GRP_UPDATE);
- }
-#ifdef SHADOWGRP
- if (is_shadow_grp) {
- if (sgr_close () == 0) {
- fprintf (stderr,
- _("%s: failure while writing changes to %s\n"),
- Prog, sgr_dbname ());
- SYSLOG ((LOG_ERR,
- "failure while writing changes to %s",
- sgr_dbname ()));
- fail_exit (E_GRP_UPDATE);
- }
- }
-#endif
-#ifdef SHADOWGRP
- if (is_shadow_grp) {
- if (sgr_unlock () == 0) {
- fprintf (stderr,
- _("%s: failed to unlock %s\n"),
- Prog, sgr_dbname ());
- SYSLOG ((LOG_ERR,
- "failed to unlock %s",
- sgr_dbname ()));
- /* continue */
- }
- }
-#endif
- if (gr_unlock () == 0) {
- fprintf (stderr,
- _("%s: failed to unlock %s\n"),
- Prog, gr_dbname ());
- SYSLOG ((LOG_ERR,
- "failed to unlock %s",
- gr_dbname ()));
- /* continue */
- }
-}
-
/*
* open_files - lock and open the password files
*
@@ -1681,7 +1622,38 @@ static void open_files (void)
}
if (Gflg || lflg) {
- open_group_files ();
+ /*
+ * Lock and open the group file. This will load all of the
+ * group entries.
+ */
+ if (gr_lock () == 0) {
+ fprintf (stderr,
+ _("%s: cannot lock %s; try again later.\n"),
+ Prog, gr_dbname ());
+ fail_exit (E_GRP_UPDATE);
+ }
+ gr_locked = true;
+ if (gr_open (O_CREAT | O_RDWR) == 0) {
+ fprintf (stderr,
+ _("%s: cannot open %s\n"),
+ Prog, gr_dbname ());
+ fail_exit (E_GRP_UPDATE);
+ }
+#ifdef SHADOWGRP
+ if (is_shadow_grp && (sgr_lock () == 0)) {
+ fprintf (stderr,
+ _("%s: cannot lock %s; try again later.\n"),
+ Prog, sgr_dbname ());
+ fail_exit (E_GRP_UPDATE);
+ }
+ sgr_locked = true;
+ if (is_shadow_grp && (sgr_open (O_CREAT | O_RDWR) == 0)) {
+ fprintf (stderr,
+ _("%s: cannot open %s\n"),
+ Prog, sgr_dbname ());
+ fail_exit (E_GRP_UPDATE);
+ }
+#endif
}
#ifdef ENABLE_SUBIDS
if (vflg || Vflg) {
@@ -1717,44 +1689,6 @@ static void open_files (void)
#endif /* ENABLE_SUBIDS */
}
-/*
- * open_group_files - lock and open the group files
- *
- * open_group_files() loads all of the group entries.
- */
-static void open_group_files (void)
-{
- if (gr_lock () == 0) {
- fprintf (stderr,
- _("%s: cannot lock %s; try again later.\n"),
- Prog, gr_dbname ());
- fail_exit (E_GRP_UPDATE);
- }
- gr_locked = true;
- if (gr_open (O_CREAT | O_RDWR) == 0) {
- fprintf (stderr,
- _("%s: cannot open %s\n"),
- Prog, gr_dbname ());
- fail_exit (E_GRP_UPDATE);
- }
-
-#ifdef SHADOWGRP
- if (is_shadow_grp && (sgr_lock () == 0)) {
- fprintf (stderr,
- _("%s: cannot lock %s; try again later.\n"),
- Prog, sgr_dbname ());
- fail_exit (E_GRP_UPDATE);
- }
- sgr_locked = true;
- if (is_shadow_grp && (sgr_open (O_CREAT | O_RDWR) == 0)) {
- fprintf (stderr,
- _("%s: cannot open %s\n"),
- Prog, sgr_dbname ());
- fail_exit (E_GRP_UPDATE);
- }
-#endif
-}
-
/*
* usr_update - create the user entries
*
--
2.31.1

75
shadow-utils.spec
View File

@ -1,12 +1,12 @@
Summary: Utilities for managing accounts and shadow password files
Name: shadow-utils
Version: 4.9
Release: 10%{?dist}
Version: 4.11.1
Release: 1%{?dist}
Epoch: 2
License: BSD and GPLv2+
URL: https://github.com/shadow-maint/shadow
Source0: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz
Source1: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz.asc
Source0: https://github.com/shadow-maint/shadow/releases/download/v%{version}/shadow-%{version}.tar.xz
Source1: https://github.com/shadow-maint/shadow/releases/download/v%{version}/shadow-%{version}.tar.xz.asc
Source2: shadow-utils.useradd
Source3: shadow-utils.login.defs
Source4: shadow-bsd.txt
@ -18,11 +18,9 @@ Source6: shadow-utils.HOME_MODE.xml
### Patches ###
# Misc small changes - most probably non-upstreamable
Patch0: shadow-4.9-redhat.patch
Patch0: shadow-4.11.1-redhat.patch
# Be more lenient with acceptable user/group names - non upstreamable
Patch1: shadow-4.8-goodname.patch
# https://github.com/shadow-maint/shadow/commit/09c752f00f9dfc610f66d68be38c9e5be8ca7f15
Patch2: shadow-4.9-move-create-home.patch
# SElinux related - upstreamability unknown
Patch3: shadow-4.9-default-range.patch
# Misc manual page changes - non-upstreamable
@ -32,50 +30,21 @@ Patch5: shadow-4.2.1-date-parsing.patch
# Additional error message - could be upstreamed
Patch6: shadow-4.6-move-home.patch
# Audit message changes - upstreamability unknown
Patch7: shadow-4.9-audit-update.patch
Patch7: shadow-4.11.1-audit-update.patch
# Changes related to password unlocking - could be upstreamed
Patch8: shadow-4.5-usermod-unlock.patch
# Additional SElinux related changes - upstreamability unknown
Patch9: shadow-4.8-selinux-perms.patch
# Handle NULL return from *time funcs - could be upstreamed
Patch10: shadow-4.9-null-tm.patch
# Handle NULL return from *time funcs - upstreamable
Patch10: shadow-4.11.1-null-tm.patch
# Handle /etc/passwd corruption - could be upstreamed
Patch11: shadow-4.8-long-entry.patch
# Limit uid/gid allocation to non-zero - could be upstreamed
Patch12: shadow-4.6-sysugid-min-limit.patch
# Ignore LOGIN_PLAIN_PROMPT in login.defs - upstreamability unknown
Patch13: shadow-4.8-ignore-login-prompt.patch
# https://github.com/shadow-maint/shadow/commit/c6847011e8b656adacd9a0d2a78418cad0de34cb
Patch14: shadow-4.9-newuidmap-libeconf-dependency.patch
# https://github.com/shadow-maint/shadow/commit/e481437ab9ebe9a8bf8fbaabe986d42b2f765991
Patch15: shadow-4.9-usermod-allow-all-group-types.patch
# https://github.com/shadow-maint/shadow/commit/9dd720a28578eef5be8171697aae0906e4c53249
Patch16: shadow-4.9-useradd-avoid-generating-empty-subid-range.patch
# https://github.com/shadow-maint/shadow/commit/234e8fa7b134d1ebabfdad980a3ae5b63c046c62
Patch17: shadow-4.9-libmisc-fix-default-value-in-SHA_get_salt_rounds.patch
# https://github.com/shadow-maint/shadow/commit/234af5cf67fc1a3ba99fc246ba65869a3c416545
Patch18: shadow-4.9-semanage-close-the-selabel-handle.patch
# https://github.com/shadow-maint/shadow/commit/4624e9fca1b02b64e25e8b2280a0186182ab73ba
Patch19: shadow-4.9-revert-useradd-fix-memleak.patch
# https://github.com/shadow-maint/shadow/commit/06eb4e4d76ac7f1ac86e68a89b2dc9be7c7323a2
Patch20: shadow-4.9-useradd-copy-tree-argument.patch
# https://github.com/shadow-maint/shadow/commit/d8e54618feea201987c1f3cb402ed50d1d8b604f
Patch21: shadow-4.9-pwck-fix-segfault-when-calling-fprintf.patch
# https://github.com/shadow-maint/shadow/commit/497e90751bc0d95cc998b0f06305040563903948
Patch22: shadow-4.9-newgrp-fix-segmentation-fault.patch
# https://github.com/shadow-maint/shadow/commit/3b6ccf642c6bb2b7db087f09ee563ae9318af734
Patch23: shadow-4.9-getsubids.patch
# https://github.com/shadow-maint/shadow/commit/a757b458ffb4fb9a40bcbb4f7869449431c67f83
Patch24: shadow-4.9-groupdel-fix-sigsegv-when-passwd-does-not-exist.patch
# https://github.com/shadow-maint/shadow/commit/79157cbad87f42cdc2068d72e798488572c68bb2
Patch25: shadow-4.9-make-shadow-logfd-and-prog-not-extern.patch
# https://github.com/shadow-maint/shadow/commit/0e6fe5e728a45baff3977d73e81a27adb6ae30c6
Patch26: shadow-4.9-rename-prog-to-shadow-progname.patch
# https://github.com/shadow-maint/shadow/commit/2b0bdef6f9a18382e92b0fb6d893c4339123ffac
# https://github.com/shadow-maint/shadow/commit/9750fd681919ed558a9b044248a284d567cddf1a
Patch27: shadow-4.9-shadow-progname-default-init.patch
# https://github.com/shadow-maint/shadow/commit/e101219ad71de11da3fdd1b3ec2620fd1a97b92c
Patch28: shadow-4.9-nss-get-shadow-logfd-with-log-get-logfd.patch
Patch14: shadow-4.9-nss-get-shadow-logfd-with-log-get-logfd.patch
### Dependencies ###
Requires: audit-libs >= 1.6.5
@ -129,6 +98,7 @@ Utility library that provides a way to manage subid ranges.
%package subid-devel
Summary: Development package for shadow-utils-subid
License: BSD and GPLv2+
Requires: shadow-utils-subid = %{version}-%{release}
%description subid-devel
Development files for shadow-utils-subid.
@ -137,7 +107,6 @@ Development files for shadow-utils-subid.
%setup -q -n shadow-%{version}
%patch0 -p1 -b .redhat
%patch1 -p1 -b .goodname
%patch2 -p1 -b .move-create-home
%patch3 -p1 -b .default-range
%patch4 -p1 -b .manfix
%patch5 -p1 -b .date-parsing
@ -149,21 +118,7 @@ Development files for shadow-utils-subid.
%patch11 -p1 -b .long-entry
%patch12 -p1 -b .sysugid-min-limit
%patch13 -p1 -b .login-prompt
%patch14 -p1 -b .newuidmap-libeconf-dependency
%patch15 -p1 -b .usermod-allow-all-group-types
%patch16 -p1 -b .useradd-avoid-generating-empty-subid-range
%patch17 -p1 -b .libmisc-fix-default-value-in-SHA_get_salt_rounds
%patch18 -p1 -b .semanage-close-the-selabel-handle
%patch19 -p1 -b .revert-useradd-fix-memleak
%patch20 -p1 -b .useradd-copy-tree-argument
%patch21 -p1 -b .pwck-fix-segfault-when-calling-fprintf
%patch22 -p1 -b .newgrp-fix-segmentation-fault
%patch23 -p1 -b .getsubids
%patch24 -p1 -b .groupdel-fix-sigsegv-when-passwd-does-not-exist
%patch25 -p1 -b .make-shadow-logfd-and-prog-not-extern
%patch26 -p1 -b .rename-prog-to-shadow-progname
%patch27 -p1 -b .shadow-progname-default-init
%patch28 -p1 -b .nss-get-shadow-logfd-with-log-get-logfd
%patch14 -p1 -b .nss-get-shadow-logfd-with-log-get-logfd
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
cp -f doc/HOWTO.utf8 doc/HOWTO
@ -275,8 +230,9 @@ echo $(ls)
mkdir -p $RPM_BUILD_ROOT/%{includesubiddir}
install -m 644 libsubid/subid.h $RPM_BUILD_ROOT/%{includesubiddir}/
# Remove .la files created by libsubid
# Remove .la and .a files created by libsubid
rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.la
rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.a
%files -f shadow.lang
%doc NEWS doc/HOWTO README
@ -336,6 +292,11 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.la
%{_libdir}/libsubid.so
%changelog
* Tue Jan 25 2022 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.11.1-1
- Rebase to version 4.11.1 (#2034038)
- Fix release sources
- Add explicit subid requirement for subid-devel
* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2:4.9-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild