Compare commits
11 Commits
Author | SHA1 | Date |
---|---|---|
|
97547bc00a | |
|
71c99ba5b1 | |
|
5ba2bc90cc | |
|
a986f4a036 | |
|
2b851f7e96 | |
|
bfa562aaf2 | |
|
77cc4a7c14 | |
|
957f0eb09e | |
|
a2d5d3dbda | |
|
4a03ec740c | |
|
11164c2c0a |
|
@ -16,3 +16,5 @@ shadow-4.1.4.2.tar.bz2
|
||||||
/shadow-4.8.1.tar.xz.asc
|
/shadow-4.8.1.tar.xz.asc
|
||||||
/shadow-4.9.tar.xz
|
/shadow-4.9.tar.xz
|
||||||
/shadow-4.9.tar.xz.asc
|
/shadow-4.9.tar.xz.asc
|
||||||
|
/shadow-4.11.1.tar.xz
|
||||||
|
/shadow-4.11.1.tar.xz.asc
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,22 @@
|
||||||
|
diff -up shadow-4.11.1/src/chage.c.null-tm shadow-4.11.1/src/chage.c
|
||||||
|
diff -up shadow-4.11.1/src/lastlog.c.null-tm shadow-4.11.1/src/lastlog.c
|
||||||
|
--- shadow-4.11.1/src/lastlog.c.null-tm 2022-01-03 15:31:56.348555620 +0100
|
||||||
|
+++ shadow-4.11.1/src/lastlog.c 2022-01-03 15:38:41.262229024 +0100
|
||||||
|
@@ -151,9 +151,12 @@ static void print_one (/*@null@*/const s
|
||||||
|
|
||||||
|
ll_time = ll.ll_time;
|
||||||
|
tm = localtime (&ll_time);
|
||||||
|
- strftime (ptime, sizeof (ptime), "%a %b %e %H:%M:%S %z %Y", tm);
|
||||||
|
- cp = ptime;
|
||||||
|
-
|
||||||
|
+ if (tm == NULL) {
|
||||||
|
+ cp = "(unknown)";
|
||||||
|
+ } else {
|
||||||
|
+ strftime (ptime, sizeof (ptime), "%a %b %e %H:%M:%S %z %Y", tm);
|
||||||
|
+ cp = ptime;
|
||||||
|
+ }
|
||||||
|
if (ll.ll_time == (time_t) 0) {
|
||||||
|
cp = _("**Never logged in**\0");
|
||||||
|
}
|
||||||
|
diff -up shadow-4.11.1/src/passwd.c.null-tm shadow-4.11.1/src/passwd.c
|
||||||
|
diff -up shadow-4.11.1/src/usermod.c.null-tm shadow-4.11.1/src/usermod.c
|
|
@ -1,7 +1,7 @@
|
||||||
diff -up shadow-4.9/src/useradd.c.redhat shadow-4.9/src/useradd.c
|
diff -up shadow-4.11.1/src/useradd.c.redhat shadow-4.11.1/src/useradd.c
|
||||||
--- shadow-4.9/src/useradd.c.redhat 2021-07-22 23:55:35.000000000 +0200
|
--- shadow-4.11.1/src/useradd.c.redhat 2022-01-03 01:46:53.000000000 +0100
|
||||||
+++ shadow-4.9/src/useradd.c 2021-08-02 11:45:11.942867250 +0200
|
+++ shadow-4.11.1/src/useradd.c 2022-01-03 14:53:12.988484829 +0100
|
||||||
@@ -104,7 +104,7 @@ FILE *shadow_logfd = NULL;
|
@@ -82,7 +82,7 @@ const char *Prog;
|
||||||
static gid_t def_group = 1000;
|
static gid_t def_group = 1000;
|
||||||
static const char *def_gname = "other";
|
static const char *def_gname = "other";
|
||||||
static const char *def_home = "/home";
|
static const char *def_home = "/home";
|
||||||
|
@ -9,8 +9,8 @@ diff -up shadow-4.9/src/useradd.c.redhat shadow-4.9/src/useradd.c
|
||||||
+static const char *def_shell = "/sbin/nologin";
|
+static const char *def_shell = "/sbin/nologin";
|
||||||
static const char *def_template = SKEL_DIR;
|
static const char *def_template = SKEL_DIR;
|
||||||
static const char *def_create_mail_spool = "yes";
|
static const char *def_create_mail_spool = "yes";
|
||||||
|
static const char *def_log_init = "yes";
|
||||||
@@ -114,7 +114,7 @@ static const char *def_expire = "";
|
@@ -93,7 +93,7 @@ static const char *def_expire = "";
|
||||||
#define VALID(s) (strcspn (s, ":\n") == strlen (s))
|
#define VALID(s) (strcspn (s, ":\n") == strlen (s))
|
||||||
|
|
||||||
static const char *user_name = "";
|
static const char *user_name = "";
|
||||||
|
@ -19,7 +19,7 @@ diff -up shadow-4.9/src/useradd.c.redhat shadow-4.9/src/useradd.c
|
||||||
static uid_t user_id;
|
static uid_t user_id;
|
||||||
static gid_t user_gid;
|
static gid_t user_gid;
|
||||||
static const char *user_comment = "";
|
static const char *user_comment = "";
|
||||||
@@ -1204,9 +1204,9 @@ static void process_flags (int argc, cha
|
@@ -1219,9 +1219,9 @@ static void process_flags (int argc, cha
|
||||||
};
|
};
|
||||||
while ((c = getopt_long (argc, argv,
|
while ((c = getopt_long (argc, argv,
|
||||||
#ifdef WITH_SELINUX
|
#ifdef WITH_SELINUX
|
||||||
|
@ -31,7 +31,7 @@ diff -up shadow-4.9/src/useradd.c.redhat shadow-4.9/src/useradd.c
|
||||||
#endif /* !WITH_SELINUX */
|
#endif /* !WITH_SELINUX */
|
||||||
long_options, NULL)) != -1) {
|
long_options, NULL)) != -1) {
|
||||||
switch (c) {
|
switch (c) {
|
||||||
@@ -1363,6 +1363,7 @@ static void process_flags (int argc, cha
|
@@ -1378,6 +1378,7 @@ static void process_flags (int argc, cha
|
||||||
case 'M':
|
case 'M':
|
||||||
Mflg = true;
|
Mflg = true;
|
||||||
break;
|
break;
|
|
@ -0,0 +1,40 @@
|
||||||
|
From f1f1678e13aa3ae49bdb139efaa2c5bc53dcfe92 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Iker Pedrosa <ipedrosa@redhat.com>
|
||||||
|
Date: Tue, 4 Jan 2022 13:06:00 +0100
|
||||||
|
Subject: [PATCH] useradd: modify check ID range for system users
|
||||||
|
|
||||||
|
useradd warns that a system user ID less than SYS_UID_MIN is outside the
|
||||||
|
expected range, even though that ID has been specifically selected with
|
||||||
|
the "-u" option.
|
||||||
|
|
||||||
|
In my opinion all the user ID's below SYS_UID_MAX are for the system,
|
||||||
|
thus I change the condition to take that into account.
|
||||||
|
|
||||||
|
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2004911
|
||||||
|
|
||||||
|
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
||||||
|
---
|
||||||
|
src/useradd.c | 6 ++----
|
||||||
|
1 file changed, 2 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/useradd.c b/src/useradd.c
|
||||||
|
index 34376fa5..4c71c38a 100644
|
||||||
|
--- a/src/useradd.c
|
||||||
|
+++ b/src/useradd.c
|
||||||
|
@@ -2409,11 +2409,9 @@ static void check_uid_range(int rflg, uid_t user_id)
|
||||||
|
uid_t uid_min ;
|
||||||
|
uid_t uid_max ;
|
||||||
|
if (rflg) {
|
||||||
|
- uid_min = (uid_t)getdef_ulong("SYS_UID_MIN",101UL);
|
||||||
|
uid_max = (uid_t)getdef_ulong("SYS_UID_MAX",getdef_ulong("UID_MIN",1000UL)-1);
|
||||||
|
- if (uid_min <= uid_max) {
|
||||||
|
- if (user_id < uid_min || user_id >uid_max)
|
||||||
|
- fprintf(stderr, _("%s warning: %s's uid %d outside of the SYS_UID_MIN %d and SYS_UID_MAX %d range.\n"), Prog, user_name, user_id, uid_min, uid_max);
|
||||||
|
+ if (user_id > uid_max) {
|
||||||
|
+ fprintf(stderr, _("%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"), Prog, user_name, user_id, uid_max);
|
||||||
|
}
|
||||||
|
}else{
|
||||||
|
uid_min = (uid_t)getdef_ulong("UID_MIN", 1000UL);
|
||||||
|
--
|
||||||
|
2.37.1
|
||||||
|
|
|
@ -1,60 +0,0 @@
|
||||||
From 234e8fa7b134d1ebabfdad980a3ae5b63c046c62 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Mike Gilbert <floppym@gentoo.org>
|
|
||||||
Date: Sat, 14 Aug 2021 13:24:34 -0400
|
|
||||||
Subject: [PATCH] libmisc: fix default value in SHA_get_salt_rounds()
|
|
||||||
|
|
||||||
If SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS are both unspecified,
|
|
||||||
use SHA_ROUNDS_DEFAULT.
|
|
||||||
|
|
||||||
Previously, the code fell through, calling shadow_random(-1, -1). This
|
|
||||||
ultimately set rounds = (unsigned long) -1, which ends up being a very
|
|
||||||
large number! This then got capped to SHA_ROUNDS_MAX later in the
|
|
||||||
function.
|
|
||||||
|
|
||||||
The new behavior matches BCRYPT_get_salt_rounds().
|
|
||||||
|
|
||||||
Bug: https://bugs.gentoo.org/808195
|
|
||||||
Fixes: https://github.com/shadow-maint/shadow/issues/393
|
|
||||||
---
|
|
||||||
libmisc/salt.c | 21 +++++++++++----------
|
|
||||||
1 file changed, 11 insertions(+), 10 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/libmisc/salt.c b/libmisc/salt.c
|
|
||||||
index 91d528fd..30eefb9c 100644
|
|
||||||
--- a/libmisc/salt.c
|
|
||||||
+++ b/libmisc/salt.c
|
|
||||||
@@ -223,20 +223,21 @@ static /*@observer@*/const unsigned long SHA_get_salt_rounds (/*@null@*/int *pre
|
|
||||||
if ((-1 == min_rounds) && (-1 == max_rounds)) {
|
|
||||||
rounds = SHA_ROUNDS_DEFAULT;
|
|
||||||
}
|
|
||||||
+ else {
|
|
||||||
+ if (-1 == min_rounds) {
|
|
||||||
+ min_rounds = max_rounds;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
- if (-1 == min_rounds) {
|
|
||||||
- min_rounds = max_rounds;
|
|
||||||
- }
|
|
||||||
+ if (-1 == max_rounds) {
|
|
||||||
+ max_rounds = min_rounds;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
- if (-1 == max_rounds) {
|
|
||||||
- max_rounds = min_rounds;
|
|
||||||
- }
|
|
||||||
+ if (min_rounds > max_rounds) {
|
|
||||||
+ max_rounds = min_rounds;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
- if (min_rounds > max_rounds) {
|
|
||||||
- max_rounds = min_rounds;
|
|
||||||
+ rounds = (unsigned long) shadow_random (min_rounds, max_rounds);
|
|
||||||
}
|
|
||||||
-
|
|
||||||
- rounds = (unsigned long) shadow_random (min_rounds, max_rounds);
|
|
||||||
} else if (0 == *prefered_rounds) {
|
|
||||||
rounds = SHA_ROUNDS_DEFAULT;
|
|
||||||
} else {
|
|
||||||
--
|
|
||||||
2.31.1
|
|
||||||
|
|
|
@ -1,64 +0,0 @@
|
||||||
diff --git a/src/useradd.c b/src/useradd.c
|
|
||||||
index baeffb35..02e1402c 100644
|
|
||||||
--- a/src/useradd.c
|
|
||||||
+++ b/src/useradd.c
|
|
||||||
@@ -2644,27 +2644,12 @@ int main (int argc, char **argv)
|
|
||||||
|
|
||||||
usr_update ();
|
|
||||||
|
|
||||||
- if (mflg) {
|
|
||||||
- create_home ();
|
|
||||||
- if (home_added) {
|
|
||||||
- copy_tree (def_template, prefix_user_home, false, false,
|
|
||||||
- (uid_t)-1, user_id, (gid_t)-1, user_gid);
|
|
||||||
- } else {
|
|
||||||
- fprintf (stderr,
|
|
||||||
- _("%s: warning: the home directory %s already exists.\n"
|
|
||||||
- "%s: Not copying any file from skel directory into it.\n"),
|
|
||||||
- Prog, user_home, Prog);
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- /* Do not create mail directory for system accounts */
|
|
||||||
- if (!rflg) {
|
|
||||||
- create_mail ();
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
close_files ();
|
|
||||||
|
|
||||||
+ nscd_flush_cache ("passwd");
|
|
||||||
+ nscd_flush_cache ("group");
|
|
||||||
+ sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
|
|
||||||
+
|
|
||||||
/*
|
|
||||||
* tallylog_reset needs to be able to lookup
|
|
||||||
* a valid existing user name,
|
|
||||||
@@ -2695,9 +2680,24 @@ int main (int argc, char **argv)
|
|
||||||
exit(1);
|
|
||||||
}
|
|
||||||
|
|
||||||
- nscd_flush_cache ("passwd");
|
|
||||||
- nscd_flush_cache ("group");
|
|
||||||
- sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
|
|
||||||
+ if (mflg) {
|
|
||||||
+ create_home ();
|
|
||||||
+ if (home_added) {
|
|
||||||
+ copy_tree (def_template, prefix_user_home, false, true,
|
|
||||||
+ (uid_t)-1, user_id, (gid_t)-1, user_gid);
|
|
||||||
+ } else {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: warning: the home directory %s already exists.\n"
|
|
||||||
+ "%s: Not copying any file from skel directory into it.\n"),
|
|
||||||
+ Prog, user_home, Prog);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /* Do not create mail directory for system accounts */
|
|
||||||
+ if (!rflg) {
|
|
||||||
+ create_mail ();
|
|
||||||
+ }
|
|
||||||
|
|
||||||
return E_SUCCESS;
|
|
||||||
}
|
|
|
@ -1,15 +0,0 @@
|
||||||
diff --git a/src/Makefile.am b/src/Makefile.am
|
|
||||||
index 7c1a3491..6cc873be 100644
|
|
||||||
--- a/src/Makefile.am
|
|
||||||
+++ b/src/Makefile.am
|
|
||||||
@@ -96,8 +96,8 @@ LIBCRYPT_NOPAM = $(LIBCRYPT)
|
|
||||||
endif
|
|
||||||
|
|
||||||
chage_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
|
|
||||||
-newuidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) -ldl
|
|
||||||
-newgidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) -ldl
|
|
||||||
+newuidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) $(LIBECONF) -ldl
|
|
||||||
+newgidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) $(LIBECONF) -ldl
|
|
||||||
chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF)
|
|
||||||
chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
|
|
||||||
chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF)
|
|
|
@ -0,0 +1,48 @@
|
||||||
|
From e101219ad71de11da3fdd1b3ec2620fd1a97b92c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Iker Pedrosa <ipedrosa@redhat.com>
|
||||||
|
Date: Mon, 10 Jan 2022 15:30:28 +0100
|
||||||
|
Subject: [PATCH] nss: get shadow_logfd with log_get_logfd()
|
||||||
|
|
||||||
|
If /etc/nsswitch.conf doesn't exist podman crashes because shadow_logfd
|
||||||
|
is NULL. In order to avoid that load the log file descriptor with the
|
||||||
|
log_get_logfd() helper function.
|
||||||
|
|
||||||
|
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2038811
|
||||||
|
|
||||||
|
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
||||||
|
---
|
||||||
|
lib/nss.c | 4 +++-
|
||||||
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/lib/nss.c b/lib/nss.c
|
||||||
|
index 02742902..06fa48e5 100644
|
||||||
|
--- a/lib/nss.c
|
||||||
|
+++ b/lib/nss.c
|
||||||
|
@@ -9,6 +9,7 @@
|
||||||
|
#include "prototypes.h"
|
||||||
|
#include "../libsubid/subid.h"
|
||||||
|
#include "shadowlog_internal.h"
|
||||||
|
+#include "shadowlog.h"
|
||||||
|
|
||||||
|
#define NSSWITCH "/etc/nsswitch.conf"
|
||||||
|
|
||||||
|
@@ -42,6 +43,7 @@ void nss_init(const char *nsswitch_path) {
|
||||||
|
FILE *nssfp = NULL;
|
||||||
|
char *line = NULL, *p, *token, *saveptr;
|
||||||
|
size_t len = 0;
|
||||||
|
+ FILE *shadow_logfd = log_get_logfd();
|
||||||
|
|
||||||
|
if (atomic_flag_test_and_set(&nss_init_started)) {
|
||||||
|
// Another thread has started nss_init, wait for it to complete
|
||||||
|
@@ -57,7 +59,7 @@ void nss_init(const char *nsswitch_path) {
|
||||||
|
// subid: files
|
||||||
|
nssfp = fopen(nsswitch_path, "r");
|
||||||
|
if (!nssfp) {
|
||||||
|
- fprintf(shadow_logfd, "Failed opening %s: %m", nsswitch_path);
|
||||||
|
+ fprintf(shadow_logfd, "Failed opening %s: %m\n", nsswitch_path);
|
||||||
|
atomic_store(&nss_init_completed, true);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
|
|
|
@ -1,70 +0,0 @@
|
||||||
Index: shadow-4.5/src/chage.c
|
|
||||||
===================================================================
|
|
||||||
--- shadow-4.5.orig/src/chage.c
|
|
||||||
+++ shadow-4.5/src/chage.c
|
|
||||||
@@ -168,6 +168,10 @@ static void date_to_str (char *buf, size
|
|
||||||
struct tm *tp;
|
|
||||||
|
|
||||||
tp = gmtime (&date);
|
|
||||||
+ if (tp == NULL) {
|
|
||||||
+ (void) snprintf (buf, maxsize, "(unknown)");
|
|
||||||
+ return;
|
|
||||||
+ }
|
|
||||||
#ifdef HAVE_STRFTIME
|
|
||||||
(void) strftime (buf, maxsize, "%Y-%m-%d", tp);
|
|
||||||
#else
|
|
||||||
Index: shadow-4.5/src/lastlog.c
|
|
||||||
===================================================================
|
|
||||||
--- shadow-4.5.orig/src/lastlog.c
|
|
||||||
+++ shadow-4.5/src/lastlog.c
|
|
||||||
@@ -158,13 +158,17 @@ static void print_one (/*@null@*/const s
|
|
||||||
|
|
||||||
ll_time = ll.ll_time;
|
|
||||||
tm = localtime (&ll_time);
|
|
||||||
+ if (tm == NULL) {
|
|
||||||
+ cp = "(unknown)";
|
|
||||||
+ } else {
|
|
||||||
#ifdef HAVE_STRFTIME
|
|
||||||
- strftime (ptime, sizeof (ptime), "%a %b %e %H:%M:%S %z %Y", tm);
|
|
||||||
- cp = ptime;
|
|
||||||
+ strftime (ptime, sizeof (ptime), "%a %b %e %H:%M:%S %z %Y", tm);
|
|
||||||
+ cp = ptime;
|
|
||||||
#else
|
|
||||||
- cp = asctime (tm);
|
|
||||||
- cp[24] = '\0';
|
|
||||||
+ cp = asctime (tm);
|
|
||||||
+ cp[24] = '\0';
|
|
||||||
#endif
|
|
||||||
+ }
|
|
||||||
|
|
||||||
if (ll.ll_time == (time_t) 0) {
|
|
||||||
cp = _("**Never logged in**\0");
|
|
||||||
Index: shadow-4.5/src/passwd.c
|
|
||||||
===================================================================
|
|
||||||
--- shadow-4.5.orig/src/passwd.c
|
|
||||||
+++ shadow-4.5/src/passwd.c
|
|
||||||
@@ -455,6 +455,9 @@ static /*@observer@*/const char *date_to
|
|
||||||
struct tm *tm;
|
|
||||||
|
|
||||||
tm = gmtime (&t);
|
|
||||||
+ if (tm == NULL) {
|
|
||||||
+ return "(unknown)";
|
|
||||||
+ }
|
|
||||||
#ifdef HAVE_STRFTIME
|
|
||||||
(void) strftime (buf, sizeof buf, "%m/%d/%Y", tm);
|
|
||||||
#else /* !HAVE_STRFTIME */
|
|
||||||
Index: shadow-4.5/src/usermod.c
|
|
||||||
===================================================================
|
|
||||||
--- shadow-4.5.orig/src/usermod.c
|
|
||||||
+++ shadow-4.5/src/usermod.c
|
|
||||||
@@ -210,6 +210,10 @@ static void date_to_str (/*@unique@*//*@
|
|
||||||
} else {
|
|
||||||
time_t t = (time_t) date;
|
|
||||||
tp = gmtime (&t);
|
|
||||||
+ if (tp == NULL) {
|
|
||||||
+ strncpy (buf, "unknown", maxsize);
|
|
||||||
+ return;
|
|
||||||
+ }
|
|
||||||
#ifdef HAVE_STRFTIME
|
|
||||||
strftime (buf, maxsize, "%Y-%m-%d", tp);
|
|
||||||
#else
|
|
|
@ -1,79 +0,0 @@
|
||||||
diff --git a/src/useradd.c b/src/useradd.c
|
|
||||||
index baeffb35..9abeea6e 100644
|
|
||||||
--- a/src/useradd.c
|
|
||||||
+++ b/src/useradd.c
|
|
||||||
@@ -142,9 +142,7 @@ static bool is_sub_gid = false;
|
|
||||||
static bool sub_uid_locked = false;
|
|
||||||
static bool sub_gid_locked = false;
|
|
||||||
static uid_t sub_uid_start; /* New subordinate uid range */
|
|
||||||
-static unsigned long sub_uid_count;
|
|
||||||
static gid_t sub_gid_start; /* New subordinate gid range */
|
|
||||||
-static unsigned long sub_gid_count;
|
|
||||||
#endif /* ENABLE_SUBIDS */
|
|
||||||
static bool pw_locked = false;
|
|
||||||
static bool gr_locked = false;
|
|
||||||
@@ -234,7 +232,7 @@ static void open_shadow (void);
|
|
||||||
static void faillog_reset (uid_t);
|
|
||||||
static void lastlog_reset (uid_t);
|
|
||||||
static void tallylog_reset (const char *);
|
|
||||||
-static void usr_update (void);
|
|
||||||
+static void usr_update (unsigned long subuid_count, unsigned long subgid_count);
|
|
||||||
static void create_home (void);
|
|
||||||
static void create_mail (void);
|
|
||||||
static void check_uid_range(int rflg, uid_t user_id);
|
|
||||||
@@ -2092,7 +2090,7 @@ static void tallylog_reset (const char *user_name)
|
|
||||||
* usr_update() creates the password file entries for this user
|
|
||||||
* and will update the group entries if required.
|
|
||||||
*/
|
|
||||||
-static void usr_update (void)
|
|
||||||
+static void usr_update (unsigned long subuid_count, unsigned long subgid_count)
|
|
||||||
{
|
|
||||||
struct passwd pwent;
|
|
||||||
struct spwd spent;
|
|
||||||
@@ -2155,14 +2153,14 @@ static void usr_update (void)
|
|
||||||
}
|
|
||||||
#ifdef ENABLE_SUBIDS
|
|
||||||
if (is_sub_uid &&
|
|
||||||
- (sub_uid_add(user_name, sub_uid_start, sub_uid_count) == 0)) {
|
|
||||||
+ (sub_uid_add(user_name, sub_uid_start, subuid_count) == 0)) {
|
|
||||||
fprintf (stderr,
|
|
||||||
_("%s: failed to prepare the new %s entry\n"),
|
|
||||||
Prog, sub_uid_dbname ());
|
|
||||||
fail_exit (E_SUB_UID_UPDATE);
|
|
||||||
}
|
|
||||||
if (is_sub_gid &&
|
|
||||||
- (sub_gid_add(user_name, sub_gid_start, sub_gid_count) == 0)) {
|
|
||||||
+ (sub_gid_add(user_name, sub_gid_start, subgid_count) == 0)) {
|
|
||||||
fprintf (stderr,
|
|
||||||
_("%s: failed to prepare the new %s entry\n"),
|
|
||||||
Prog, sub_uid_dbname ());
|
|
||||||
@@ -2624,16 +2622,16 @@ int main (int argc, char **argv)
|
|
||||||
}
|
|
||||||
|
|
||||||
#ifdef ENABLE_SUBIDS
|
|
||||||
- if (is_sub_uid && sub_uid_count != 0) {
|
|
||||||
- if (find_new_sub_uids(&sub_uid_start, &sub_uid_count) < 0) {
|
|
||||||
+ if (is_sub_uid && subuid_count != 0) {
|
|
||||||
+ if (find_new_sub_uids(&sub_uid_start, &subuid_count) < 0) {
|
|
||||||
fprintf (stderr,
|
|
||||||
_("%s: can't create subordinate user IDs\n"),
|
|
||||||
Prog);
|
|
||||||
fail_exit(E_SUB_UID_UPDATE);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
- if (is_sub_gid && sub_gid_count != 0) {
|
|
||||||
- if (find_new_sub_gids(&sub_gid_start, &sub_gid_count) < 0) {
|
|
||||||
+ if (is_sub_gid && subgid_count != 0) {
|
|
||||||
+ if (find_new_sub_gids(&sub_gid_start, &subgid_count) < 0) {
|
|
||||||
fprintf (stderr,
|
|
||||||
_("%s: can't create subordinate group IDs\n"),
|
|
||||||
Prog);
|
|
||||||
@@ -2642,7 +2640,7 @@ int main (int argc, char **argv)
|
|
||||||
}
|
|
||||||
#endif /* ENABLE_SUBIDS */
|
|
||||||
|
|
||||||
- usr_update ();
|
|
||||||
+ usr_update (subuid_count, subgid_count);
|
|
||||||
|
|
||||||
close_files ();
|
|
||||||
|
|
|
@ -1,322 +0,0 @@
|
||||||
From e481437ab9ebe9a8bf8fbaabe986d42b2f765991 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Iker Pedrosa <ipedrosa@redhat.com>
|
|
||||||
Date: Tue, 3 Aug 2021 08:57:20 +0200
|
|
||||||
Subject: [PATCH] usermod: allow all group types with -G option
|
|
||||||
|
|
||||||
The only way of removing a group from the supplementary list is to use
|
|
||||||
-G option, and list all groups that the user is a member of except for
|
|
||||||
the one that wants to be removed. The problem lies when there's a user
|
|
||||||
that contains both local and remote groups, and the group to be removed
|
|
||||||
is a local one. As we need to include the remote group with -G option
|
|
||||||
the command will fail.
|
|
||||||
|
|
||||||
This reverts commit 140510de9de4771feb3af1d859c09604043a4c9b. This way,
|
|
||||||
it would be possible to remove the remote groups from the supplementary
|
|
||||||
list.
|
|
||||||
|
|
||||||
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1967641
|
|
||||||
Resolves: https://github.com/shadow-maint/shadow/issues/338
|
|
||||||
|
|
||||||
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
|
||||||
---
|
|
||||||
src/usermod.c | 220 ++++++++++++++++++--------------------------------
|
|
||||||
1 file changed, 77 insertions(+), 143 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/usermod.c b/src/usermod.c
|
|
||||||
index 03bb9b9d..a0c03afa 100644
|
|
||||||
--- a/src/usermod.c
|
|
||||||
+++ b/src/usermod.c
|
|
||||||
@@ -187,7 +187,6 @@ static bool sub_gid_locked = false;
|
|
||||||
static void date_to_str (/*@unique@*//*@out@*/char *buf, size_t maxsize,
|
|
||||||
long int date);
|
|
||||||
static int get_groups (char *);
|
|
||||||
-static struct group * get_local_group (char * grp_name);
|
|
||||||
static /*@noreturn@*/void usage (int status);
|
|
||||||
static void new_pwent (struct passwd *);
|
|
||||||
static void new_spent (struct spwd *);
|
|
||||||
@@ -201,9 +200,7 @@ static void grp_update (void);
|
|
||||||
|
|
||||||
static void process_flags (int, char **);
|
|
||||||
static void close_files (void);
|
|
||||||
-static void close_group_files (void);
|
|
||||||
static void open_files (void);
|
|
||||||
-static void open_group_files (void);
|
|
||||||
static void usr_update (void);
|
|
||||||
static void move_home (void);
|
|
||||||
static void update_lastlog (void);
|
|
||||||
@@ -260,11 +257,6 @@ static int get_groups (char *list)
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
- /*
|
|
||||||
- * Open the group files
|
|
||||||
- */
|
|
||||||
- open_group_files ();
|
|
||||||
-
|
|
||||||
/*
|
|
||||||
* So long as there is some data to be converted, strip off each
|
|
||||||
* name and look it up. A mix of numerical and string values for
|
|
||||||
@@ -284,7 +276,7 @@ static int get_groups (char *list)
|
|
||||||
* Names starting with digits are treated as numerical GID
|
|
||||||
* values, otherwise the string is looked up as is.
|
|
||||||
*/
|
|
||||||
- grp = get_local_group (list);
|
|
||||||
+ grp = prefix_getgr_nam_gid (list);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* There must be a match, either by GID value or by
|
|
||||||
@@ -334,8 +326,6 @@ static int get_groups (char *list)
|
|
||||||
gr_free ((struct group *)grp);
|
|
||||||
} while (NULL != list);
|
|
||||||
|
|
||||||
- close_group_files ();
|
|
||||||
-
|
|
||||||
user_groups[ngroups] = (char *) 0;
|
|
||||||
|
|
||||||
/*
|
|
||||||
@@ -348,44 +338,6 @@ static int get_groups (char *list)
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
-/*
|
|
||||||
- * get_local_group - checks if a given group name exists locally
|
|
||||||
- *
|
|
||||||
- * get_local_group() checks if a given group name exists locally.
|
|
||||||
- * If the name exists the group information is returned, otherwise NULL is
|
|
||||||
- * returned.
|
|
||||||
- */
|
|
||||||
-static struct group * get_local_group(char * grp_name)
|
|
||||||
-{
|
|
||||||
- const struct group *grp;
|
|
||||||
- struct group *result_grp = NULL;
|
|
||||||
- long long int gid;
|
|
||||||
- char *endptr;
|
|
||||||
-
|
|
||||||
- gid = strtoll (grp_name, &endptr, 10);
|
|
||||||
- if ( ('\0' != *grp_name)
|
|
||||||
- && ('\0' == *endptr)
|
|
||||||
- && (ERANGE != errno)
|
|
||||||
- && (gid == (gid_t)gid)) {
|
|
||||||
- grp = gr_locate_gid ((gid_t) gid);
|
|
||||||
- }
|
|
||||||
- else {
|
|
||||||
- grp = gr_locate(grp_name);
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- if (grp != NULL) {
|
|
||||||
- result_grp = __gr_dup (grp);
|
|
||||||
- if (NULL == result_grp) {
|
|
||||||
- fprintf (stderr,
|
|
||||||
- _("%s: Out of memory. Cannot find group '%s'.\n"),
|
|
||||||
- Prog, grp_name);
|
|
||||||
- fail_exit (E_GRP_UPDATE);
|
|
||||||
- }
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- return result_grp;
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
#ifdef ENABLE_SUBIDS
|
|
||||||
struct ulong_range
|
|
||||||
{
|
|
||||||
@@ -1523,7 +1475,50 @@ static void close_files (void)
|
|
||||||
}
|
|
||||||
|
|
||||||
if (Gflg || lflg) {
|
|
||||||
- close_group_files ();
|
|
||||||
+ if (gr_close () == 0) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: failure while writing changes to %s\n"),
|
|
||||||
+ Prog, gr_dbname ());
|
|
||||||
+ SYSLOG ((LOG_ERR,
|
|
||||||
+ "failure while writing changes to %s",
|
|
||||||
+ gr_dbname ()));
|
|
||||||
+ fail_exit (E_GRP_UPDATE);
|
|
||||||
+ }
|
|
||||||
+#ifdef SHADOWGRP
|
|
||||||
+ if (is_shadow_grp) {
|
|
||||||
+ if (sgr_close () == 0) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: failure while writing changes to %s\n"),
|
|
||||||
+ Prog, sgr_dbname ());
|
|
||||||
+ SYSLOG ((LOG_ERR,
|
|
||||||
+ "failure while writing changes to %s",
|
|
||||||
+ sgr_dbname ()));
|
|
||||||
+ fail_exit (E_GRP_UPDATE);
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
+#ifdef SHADOWGRP
|
|
||||||
+ if (is_shadow_grp) {
|
|
||||||
+ if (sgr_unlock () == 0) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: failed to unlock %s\n"),
|
|
||||||
+ Prog, sgr_dbname ());
|
|
||||||
+ SYSLOG ((LOG_ERR,
|
|
||||||
+ "failed to unlock %s",
|
|
||||||
+ sgr_dbname ()));
|
|
||||||
+ /* continue */
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
+ if (gr_unlock () == 0) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: failed to unlock %s\n"),
|
|
||||||
+ Prog, gr_dbname ());
|
|
||||||
+ SYSLOG ((LOG_ERR,
|
|
||||||
+ "failed to unlock %s",
|
|
||||||
+ gr_dbname ()));
|
|
||||||
+ /* continue */
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
|
|
||||||
if (is_shadow_pwd) {
|
|
||||||
@@ -1592,60 +1587,6 @@ static void close_files (void)
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
|
|
||||||
-/*
|
|
||||||
- * close_group_files - close all of the files that were opened
|
|
||||||
- *
|
|
||||||
- * close_group_files() closes all of the files that were opened related
|
|
||||||
- * with groups. This causes any modified entries to be written out.
|
|
||||||
- */
|
|
||||||
-static void close_group_files (void)
|
|
||||||
-{
|
|
||||||
- if (gr_close () == 0) {
|
|
||||||
- fprintf (stderr,
|
|
||||||
- _("%s: failure while writing changes to %s\n"),
|
|
||||||
- Prog, gr_dbname ());
|
|
||||||
- SYSLOG ((LOG_ERR,
|
|
||||||
- "failure while writing changes to %s",
|
|
||||||
- gr_dbname ()));
|
|
||||||
- fail_exit (E_GRP_UPDATE);
|
|
||||||
- }
|
|
||||||
-#ifdef SHADOWGRP
|
|
||||||
- if (is_shadow_grp) {
|
|
||||||
- if (sgr_close () == 0) {
|
|
||||||
- fprintf (stderr,
|
|
||||||
- _("%s: failure while writing changes to %s\n"),
|
|
||||||
- Prog, sgr_dbname ());
|
|
||||||
- SYSLOG ((LOG_ERR,
|
|
||||||
- "failure while writing changes to %s",
|
|
||||||
- sgr_dbname ()));
|
|
||||||
- fail_exit (E_GRP_UPDATE);
|
|
||||||
- }
|
|
||||||
- }
|
|
||||||
-#endif
|
|
||||||
-#ifdef SHADOWGRP
|
|
||||||
- if (is_shadow_grp) {
|
|
||||||
- if (sgr_unlock () == 0) {
|
|
||||||
- fprintf (stderr,
|
|
||||||
- _("%s: failed to unlock %s\n"),
|
|
||||||
- Prog, sgr_dbname ());
|
|
||||||
- SYSLOG ((LOG_ERR,
|
|
||||||
- "failed to unlock %s",
|
|
||||||
- sgr_dbname ()));
|
|
||||||
- /* continue */
|
|
||||||
- }
|
|
||||||
- }
|
|
||||||
-#endif
|
|
||||||
- if (gr_unlock () == 0) {
|
|
||||||
- fprintf (stderr,
|
|
||||||
- _("%s: failed to unlock %s\n"),
|
|
||||||
- Prog, gr_dbname ());
|
|
||||||
- SYSLOG ((LOG_ERR,
|
|
||||||
- "failed to unlock %s",
|
|
||||||
- gr_dbname ()));
|
|
||||||
- /* continue */
|
|
||||||
- }
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
/*
|
|
||||||
* open_files - lock and open the password files
|
|
||||||
*
|
|
||||||
@@ -1681,7 +1622,38 @@ static void open_files (void)
|
|
||||||
}
|
|
||||||
|
|
||||||
if (Gflg || lflg) {
|
|
||||||
- open_group_files ();
|
|
||||||
+ /*
|
|
||||||
+ * Lock and open the group file. This will load all of the
|
|
||||||
+ * group entries.
|
|
||||||
+ */
|
|
||||||
+ if (gr_lock () == 0) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: cannot lock %s; try again later.\n"),
|
|
||||||
+ Prog, gr_dbname ());
|
|
||||||
+ fail_exit (E_GRP_UPDATE);
|
|
||||||
+ }
|
|
||||||
+ gr_locked = true;
|
|
||||||
+ if (gr_open (O_CREAT | O_RDWR) == 0) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: cannot open %s\n"),
|
|
||||||
+ Prog, gr_dbname ());
|
|
||||||
+ fail_exit (E_GRP_UPDATE);
|
|
||||||
+ }
|
|
||||||
+#ifdef SHADOWGRP
|
|
||||||
+ if (is_shadow_grp && (sgr_lock () == 0)) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: cannot lock %s; try again later.\n"),
|
|
||||||
+ Prog, sgr_dbname ());
|
|
||||||
+ fail_exit (E_GRP_UPDATE);
|
|
||||||
+ }
|
|
||||||
+ sgr_locked = true;
|
|
||||||
+ if (is_shadow_grp && (sgr_open (O_CREAT | O_RDWR) == 0)) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: cannot open %s\n"),
|
|
||||||
+ Prog, sgr_dbname ());
|
|
||||||
+ fail_exit (E_GRP_UPDATE);
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
}
|
|
||||||
#ifdef ENABLE_SUBIDS
|
|
||||||
if (vflg || Vflg) {
|
|
||||||
@@ -1717,44 +1689,6 @@ static void open_files (void)
|
|
||||||
#endif /* ENABLE_SUBIDS */
|
|
||||||
}
|
|
||||||
|
|
||||||
-/*
|
|
||||||
- * open_group_files - lock and open the group files
|
|
||||||
- *
|
|
||||||
- * open_group_files() loads all of the group entries.
|
|
||||||
- */
|
|
||||||
-static void open_group_files (void)
|
|
||||||
-{
|
|
||||||
- if (gr_lock () == 0) {
|
|
||||||
- fprintf (stderr,
|
|
||||||
- _("%s: cannot lock %s; try again later.\n"),
|
|
||||||
- Prog, gr_dbname ());
|
|
||||||
- fail_exit (E_GRP_UPDATE);
|
|
||||||
- }
|
|
||||||
- gr_locked = true;
|
|
||||||
- if (gr_open (O_CREAT | O_RDWR) == 0) {
|
|
||||||
- fprintf (stderr,
|
|
||||||
- _("%s: cannot open %s\n"),
|
|
||||||
- Prog, gr_dbname ());
|
|
||||||
- fail_exit (E_GRP_UPDATE);
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
-#ifdef SHADOWGRP
|
|
||||||
- if (is_shadow_grp && (sgr_lock () == 0)) {
|
|
||||||
- fprintf (stderr,
|
|
||||||
- _("%s: cannot lock %s; try again later.\n"),
|
|
||||||
- Prog, sgr_dbname ());
|
|
||||||
- fail_exit (E_GRP_UPDATE);
|
|
||||||
- }
|
|
||||||
- sgr_locked = true;
|
|
||||||
- if (is_shadow_grp && (sgr_open (O_CREAT | O_RDWR) == 0)) {
|
|
||||||
- fprintf (stderr,
|
|
||||||
- _("%s: cannot open %s\n"),
|
|
||||||
- Prog, sgr_dbname ());
|
|
||||||
- fail_exit (E_GRP_UPDATE);
|
|
||||||
- }
|
|
||||||
-#endif
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
/*
|
|
||||||
* usr_update - create the user entries
|
|
||||||
*
|
|
||||||
--
|
|
||||||
2.31.1
|
|
||||||
|
|
|
@ -1,12 +1,12 @@
|
||||||
Summary: Utilities for managing accounts and shadow password files
|
Summary: Utilities for managing accounts and shadow password files
|
||||||
Name: shadow-utils
|
Name: shadow-utils
|
||||||
Version: 4.9
|
Version: 4.11.1
|
||||||
Release: 4%{?dist}
|
Release: 4%{?dist}
|
||||||
Epoch: 2
|
Epoch: 2
|
||||||
License: BSD and GPLv2+
|
License: BSD and GPLv2+
|
||||||
URL: https://github.com/shadow-maint/shadow
|
URL: https://github.com/shadow-maint/shadow
|
||||||
Source0: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz
|
Source0: https://github.com/shadow-maint/shadow/releases/download/v%{version}/shadow-%{version}.tar.xz
|
||||||
Source1: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz.asc
|
Source1: https://github.com/shadow-maint/shadow/releases/download/v%{version}/shadow-%{version}.tar.xz.asc
|
||||||
Source2: shadow-utils.useradd
|
Source2: shadow-utils.useradd
|
||||||
Source3: shadow-utils.login.defs
|
Source3: shadow-utils.login.defs
|
||||||
Source4: shadow-bsd.txt
|
Source4: shadow-bsd.txt
|
||||||
|
@ -18,11 +18,9 @@ Source6: shadow-utils.HOME_MODE.xml
|
||||||
|
|
||||||
### Patches ###
|
### Patches ###
|
||||||
# Misc small changes - most probably non-upstreamable
|
# Misc small changes - most probably non-upstreamable
|
||||||
Patch0: shadow-4.9-redhat.patch
|
Patch0: shadow-4.11.1-redhat.patch
|
||||||
# Be more lenient with acceptable user/group names - non upstreamable
|
# Be more lenient with acceptable user/group names - non upstreamable
|
||||||
Patch1: shadow-4.8-goodname.patch
|
Patch1: shadow-4.8-goodname.patch
|
||||||
# Move create home to the end of main - upstreamability unknown
|
|
||||||
Patch2: shadow-4.9-move-create-home.patch
|
|
||||||
# SElinux related - upstreamability unknown
|
# SElinux related - upstreamability unknown
|
||||||
Patch3: shadow-4.9-default-range.patch
|
Patch3: shadow-4.9-default-range.patch
|
||||||
# Misc manual page changes - non-upstreamable
|
# Misc manual page changes - non-upstreamable
|
||||||
|
@ -32,27 +30,23 @@ Patch5: shadow-4.2.1-date-parsing.patch
|
||||||
# Additional error message - could be upstreamed
|
# Additional error message - could be upstreamed
|
||||||
Patch6: shadow-4.6-move-home.patch
|
Patch6: shadow-4.6-move-home.patch
|
||||||
# Audit message changes - upstreamability unknown
|
# Audit message changes - upstreamability unknown
|
||||||
Patch7: shadow-4.9-audit-update.patch
|
Patch7: shadow-4.11.1-audit-update.patch
|
||||||
# Changes related to password unlocking - could be upstreamed
|
# Changes related to password unlocking - could be upstreamed
|
||||||
Patch8: shadow-4.5-usermod-unlock.patch
|
Patch8: shadow-4.5-usermod-unlock.patch
|
||||||
# Additional SElinux related changes - upstreamability unknown
|
# Additional SElinux related changes - upstreamability unknown
|
||||||
Patch9: shadow-4.8-selinux-perms.patch
|
Patch9: shadow-4.8-selinux-perms.patch
|
||||||
# Handle NULL return from *time funcs - could be upstreamed
|
# Handle NULL return from *time funcs - upstreamable
|
||||||
Patch10: shadow-4.9-null-tm.patch
|
Patch10: shadow-4.11.1-null-tm.patch
|
||||||
# Handle /etc/passwd corruption - could be upstreamed
|
# Handle /etc/passwd corruption - could be upstreamed
|
||||||
Patch11: shadow-4.8-long-entry.patch
|
Patch11: shadow-4.8-long-entry.patch
|
||||||
# Limit uid/gid allocation to non-zero - could be upstreamed
|
# Limit uid/gid allocation to non-zero - could be upstreamed
|
||||||
Patch12: shadow-4.6-sysugid-min-limit.patch
|
Patch12: shadow-4.6-sysugid-min-limit.patch
|
||||||
# Ignore LOGIN_PLAIN_PROMPT in login.defs - upstreamability unknown
|
# Ignore LOGIN_PLAIN_PROMPT in login.defs - upstreamability unknown
|
||||||
Patch13: shadow-4.8-ignore-login-prompt.patch
|
Patch13: shadow-4.8-ignore-login-prompt.patch
|
||||||
# https://github.com/shadow-maint/shadow/commit/c6847011e8b656adacd9a0d2a78418cad0de34cb
|
# https://github.com/shadow-maint/shadow/commit/e101219ad71de11da3fdd1b3ec2620fd1a97b92c
|
||||||
Patch14: shadow-4.9-newuidmap-libeconf-dependency.patch
|
Patch14: shadow-4.9-nss-get-shadow-logfd-with-log-get-logfd.patch
|
||||||
# https://github.com/shadow-maint/shadow/commit/e481437ab9ebe9a8bf8fbaabe986d42b2f765991
|
# https://github.com/shadow-maint/shadow/commit/f1f1678e13aa3ae49bdb139efaa2c5bc53dcfe92
|
||||||
Patch15: shadow-4.9-usermod-allow-all-group-types.patch
|
Patch15: shadow-4.11.1-useradd-modify-check-ID-range-for-system-users.patch
|
||||||
# https://github.com/shadow-maint/shadow/commit/9dd720a28578eef5be8171697aae0906e4c53249
|
|
||||||
Patch16: shadow-4.9-useradd-avoid-generating-empty-subid-range.patch
|
|
||||||
# https://github.com/shadow-maint/shadow/commit/234e8fa7b134d1ebabfdad980a3ae5b63c046c62
|
|
||||||
Patch17: shadow-4.9-libmisc-fix-default-value-in-SHA_get_salt_rounds.patch
|
|
||||||
|
|
||||||
### Dependencies ###
|
### Dependencies ###
|
||||||
Requires: audit-libs >= 1.6.5
|
Requires: audit-libs >= 1.6.5
|
||||||
|
@ -106,6 +100,7 @@ Utility library that provides a way to manage subid ranges.
|
||||||
%package subid-devel
|
%package subid-devel
|
||||||
Summary: Development package for shadow-utils-subid
|
Summary: Development package for shadow-utils-subid
|
||||||
License: BSD and GPLv2+
|
License: BSD and GPLv2+
|
||||||
|
Requires: shadow-utils-subid = %{epoch}:%{version}-%{release}
|
||||||
|
|
||||||
%description subid-devel
|
%description subid-devel
|
||||||
Development files for shadow-utils-subid.
|
Development files for shadow-utils-subid.
|
||||||
|
@ -114,7 +109,6 @@ Development files for shadow-utils-subid.
|
||||||
%setup -q -n shadow-%{version}
|
%setup -q -n shadow-%{version}
|
||||||
%patch0 -p1 -b .redhat
|
%patch0 -p1 -b .redhat
|
||||||
%patch1 -p1 -b .goodname
|
%patch1 -p1 -b .goodname
|
||||||
%patch2 -p1 -b .move-create-home
|
|
||||||
%patch3 -p1 -b .default-range
|
%patch3 -p1 -b .default-range
|
||||||
%patch4 -p1 -b .manfix
|
%patch4 -p1 -b .manfix
|
||||||
%patch5 -p1 -b .date-parsing
|
%patch5 -p1 -b .date-parsing
|
||||||
|
@ -126,10 +120,8 @@ Development files for shadow-utils-subid.
|
||||||
%patch11 -p1 -b .long-entry
|
%patch11 -p1 -b .long-entry
|
||||||
%patch12 -p1 -b .sysugid-min-limit
|
%patch12 -p1 -b .sysugid-min-limit
|
||||||
%patch13 -p1 -b .login-prompt
|
%patch13 -p1 -b .login-prompt
|
||||||
%patch14 -p1 -b .newuidmap-libeconf-dependency
|
%patch14 -p1 -b .nss-get-shadow-logfd-with-log-get-logfd
|
||||||
%patch15 -p1 -b .usermod-allow-all-group-types
|
%patch15 -p1 -b .useradd-modify-check-ID-range-for-system-users
|
||||||
%patch16 -p1 -b .useradd-avoid-generating-empty-subid-range
|
|
||||||
%patch17 -p1 -b .libmisc-fix-default-value-in-SHA_get_salt_rounds
|
|
||||||
|
|
||||||
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
|
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
|
||||||
cp -f doc/HOWTO.utf8 doc/HOWTO
|
cp -f doc/HOWTO.utf8 doc/HOWTO
|
||||||
|
@ -241,8 +233,9 @@ echo $(ls)
|
||||||
mkdir -p $RPM_BUILD_ROOT/%{includesubiddir}
|
mkdir -p $RPM_BUILD_ROOT/%{includesubiddir}
|
||||||
install -m 644 libsubid/subid.h $RPM_BUILD_ROOT/%{includesubiddir}/
|
install -m 644 libsubid/subid.h $RPM_BUILD_ROOT/%{includesubiddir}/
|
||||||
|
|
||||||
# Remove .la files created by libsubid
|
# Remove .la and .a files created by libsubid
|
||||||
rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.la
|
rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.la
|
||||||
|
rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.a
|
||||||
|
|
||||||
%files -f shadow.lang
|
%files -f shadow.lang
|
||||||
%doc NEWS doc/HOWTO README
|
%doc NEWS doc/HOWTO README
|
||||||
|
@ -294,12 +287,53 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.la
|
||||||
|
|
||||||
%files subid
|
%files subid
|
||||||
%{_libdir}/libsubid.so.*
|
%{_libdir}/libsubid.so.*
|
||||||
|
%{_bindir}/getsubids
|
||||||
|
%{_mandir}/man1/getsubids.1*
|
||||||
|
|
||||||
%files subid-devel
|
%files subid-devel
|
||||||
%{includesubiddir}/subid.h
|
%{includesubiddir}/subid.h
|
||||||
%{_libdir}/libsubid.so
|
%{_libdir}/libsubid.so
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Aug 1 2022 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.11.1-4
|
||||||
|
- useradd: modify check ID range for system users. Resolves: #2093692
|
||||||
|
|
||||||
|
* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2:4.11.1-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Feb 10 2022 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.11.1-2
|
||||||
|
- Fix explicit subid requirement for subid-devel
|
||||||
|
|
||||||
|
* Tue Jan 25 2022 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.11.1-1
|
||||||
|
- Rebase to version 4.11.1 (#2034038)
|
||||||
|
- Fix release sources
|
||||||
|
- Add explicit subid requirement for subid-devel
|
||||||
|
|
||||||
|
* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2:4.9-10
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Jan 17 2022 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.9-9
|
||||||
|
- nss: get shadow_logfd with log_get_logfd() (#2038811)
|
||||||
|
- lib: make shadow_logfd and Prog not extern
|
||||||
|
- lib: rename Prog to shadow_progname
|
||||||
|
- lib: provide default values for shadow_progname
|
||||||
|
- libsubid: use log_set_progname in subid_init
|
||||||
|
|
||||||
|
* Fri Nov 19 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.9-8
|
||||||
|
- getsubids: provide system binary and man page (#1980780)
|
||||||
|
- pwck: fix segfault when calling fprintf() (#2021339)
|
||||||
|
- newgrp: fix segmentation fault (#2019553)
|
||||||
|
- groupdel: fix SIGSEGV when passwd does not exist (#1986111)
|
||||||
|
|
||||||
|
* Fri Nov 12 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.9-7
|
||||||
|
- useradd: change SELinux labels for home files (#2022658)
|
||||||
|
|
||||||
|
* Thu Nov 4 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.9-6
|
||||||
|
- useradd: revert fix memleak of grp (#2018697)
|
||||||
|
|
||||||
|
* Wed Oct 27 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.9-5
|
||||||
|
- useradd: generate home and mail directories with selinux user attribute
|
||||||
|
|
||||||
* Thu Sep 23 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.9-4
|
* Thu Sep 23 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.9-4
|
||||||
- login.defs: include HMAC_CRYPTO_ALGO key
|
- login.defs: include HMAC_CRYPTO_ALGO key
|
||||||
- Clean spec file: organize dependencies and move License location
|
- Clean spec file: organize dependencies and move License location
|
||||||
|
|
4
sources
4
sources
|
@ -1,2 +1,2 @@
|
||||||
SHA512 (shadow-4.9.tar.xz) = 254cda49bb14505a7604821e7fa898bf4bf317d648e9ddc881ab80a6860d52053dfffacad6feab87c7d16608c35ed6b6cee99e7757eac930da3a7b31cdcd4b95
|
SHA512 (shadow-4.11.1.tar.xz) = 12fbe4d6ac929ad3c21525ed0f1026b5b678ccec9762f2ec7e611d9c180934def506325f2835fb750dd30af035b592f827ff151cd6e4c805aaaf8e01425c279f
|
||||||
SHA512 (shadow-4.9.tar.xz.asc) = 16c0ff7be263c9d471b05656c9a1d14da8ec9b17544910323ca6ab854126d1a03ece221e0caf610e65a9b1d080b4cd1b8b46973f20e3ae45ea0e5581ce6c90d9
|
SHA512 (shadow-4.11.1.tar.xz.asc) = 4594189678cc9bcc8831f62a5d42c605b085be4a3b540429d7c800f4304e2e8fe04358547917eb90c1513646fade7c714611bfdc98af7dec5321a3dc3e65c4fd
|
||||||
|
|
Loading…
Reference in New Issue