dist-git conversion

- use preferred GID for reserved static IDs

Makefile

@@ -1,21 +0,0 @@
-# Makefile for source rpm: shadow-utils
-# $Id: Makefile,v 1.4 2007/10/15 19:22:59 notting Exp $
-NAME := shadow-utils
-SPECFILE = $(firstword $(wildcard *.spec))
-
-define find-makefile-common
-for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
-endef
-
-MAKEFILE_COMMON := $(shell $(find-makefile-common))
-
-ifeq ($(MAKEFILE_COMMON),)
-# attempt a checkout
-define checkout-makefile-common
-test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
-endef
-
-MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
-endif
-
-include $(MAKEFILE_COMMON)

shadow-4.1.4.2-acl.patch

@@ -0,0 +1,121 @@
+diff -up shadow-4.1.4.2/libmisc/copydir.c.acl shadow-4.1.4.2/libmisc/copydir.c
+--- shadow-4.1.4.2/libmisc/copydir.c.acl	2010-04-29 15:55:26.949959971 +0200
++++ shadow-4.1.4.2/libmisc/copydir.c	2010-04-29 15:55:26.956960471 +0200
+@@ -45,6 +45,9 @@
+ #ifdef WITH_SELINUX
+ #include <selinux/selinux.h>
+ #endif
++#include <attr/error_context.h>
++#include <acl/libacl.h>
++
+ static /*@null@*/const char *src_orig;
+ static /*@null@*/const char *dst_orig;
+ 
+@@ -70,7 +73,7 @@ static int copy_symlink (const char *src
+ #endif
+ static int copy_hardlink (const char *src, const char *dst,
+                           struct link_name *lp);
+-static int copy_special (const char *dst,
++static int copy_special (const char *src, const char *dst,
+                          const struct stat *statp, const struct timeval mt[],
+                          long int uid, long int gid);
+ static int copy_file (const char *src, const char *dst,
+@@ -78,6 +81,24 @@ static int copy_file (const char *src, c
+                       long int uid, long int gid);
+ 
+ #ifdef WITH_SELINUX
++
++void error (struct error_context *ctx, const char *fmt, ...)
++{
++        va_list ap;
++ 
++        va_start (ap, fmt);
++        (void) fprintf (stderr, _("%s: "), Prog);
++        if (vfprintf (stderr, fmt, ap) != 0) {
++                (void) fputs (_(": "), stderr);
++        }
++        (void) fprintf (stderr, "%s\n", strerror (errno));
++        va_end (ap);
++}
++
++struct error_context ctx = {
++        error
++};
++
+ /*
+  * selinux_file_context - Set the security context before any file or
+  *                        directory creation.
+@@ -369,7 +390,7 @@ static int copy_entry (const char *src, 
+ 		 */
+ 
+ 		else if (!S_ISREG (sb.st_mode)) {
+-			err = copy_special (dst, &sb, mt, uid, gid);
++			err = copy_special (src, dst, &sb, mt, uid, gid);
+ 		}
+ 
+ 		/*
+@@ -413,6 +434,7 @@ static int copy_dir (const char *src, co
+ 	    || (chown (dst,
+ 	               (uid == - 1) ? statp->st_uid : (uid_t) uid,
+ 	               (gid == - 1) ? statp->st_gid : (gid_t) gid) != 0)
++	    || (perm_copy_file (src, dst, &ctx) != 0)
+ 	    || (chmod (dst, statp->st_mode) != 0)
+ 	    || (copy_tree (src, dst, uid, gid) != 0)
+ 	    || (utimes (dst, mt) != 0)) {
+@@ -514,6 +536,13 @@ static int copy_symlink (const char *src
+ 	    || (lchown (dst,
+ 	                (uid == -1) ? statp->st_uid : (uid_t) uid,
+ 	                (gid == -1) ? statp->st_gid : (gid_t) gid) != 0)) {
++                /* FIXME: there are no modes on symlinks, right?
++                *        ACL could be copied, but this would be much more
++                *        complex than calling perm_copy_file.
++                *        Ditto for Extended Attributes.
++                *        We currently only document that ACL and Extended
++                *        Attributes are not copied.
++                */
+ 		free (oldlink);
+ 		return -1;
+ 	}
+@@ -542,7 +571,7 @@ static int copy_symlink (const char *src
+ static int copy_hardlink (const char *src, const char *dst,
+                           struct link_name *lp)
+ {
+-	/* TODO: selinux needed? */
++	/* TODO: selinux, ACL, Extended Attributes needed? */
+ 
+ 	if (link (lp->ln_name, dst) != 0) {
+ 		return -1;
+@@ -574,7 +603,7 @@ static int copy_hardlink (const char *sr
+  *
+  *	Return 0 on success, -1 on error.
+  */
+-static int copy_special (const char *dst,
++static int copy_special (const char *src, const char *dst,
+                          const struct stat *statp, const struct timeval mt[],
+                          long int uid, long int gid)
+ {
+@@ -628,7 +657,7 @@ static int copy_file (const char *src, c
+ 	    || (fchown (ofd,
+ 	                (uid == -1) ? statp->st_uid : (uid_t) uid,
+ 	                (gid == -1) ? statp->st_gid : (gid_t) gid) != 0)
+-	    || (fchmod (ofd, statp->st_mode & 07777) != 0)) {
++	    || (perm_copy_fd (src, ifd, dst, ofd, &ctx) != 0) ) {
+ 		(void) close (ifd);
+ 		return -1;
+ 	}
+diff -up shadow-4.1.4.2/src/Makefile.in.acl shadow-4.1.4.2/src/Makefile.in
+--- shadow-4.1.4.2/src/Makefile.in.acl	2009-07-24 03:16:00.000000000 +0200
++++ shadow-4.1.4.2/src/Makefile.in	2010-04-29 16:08:34.347960372 +0200
+@@ -430,9 +430,9 @@ su_SOURCES = \
+ 
+ su_LDADD = $(LDADD) $(LIBPAM) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
+ sulogin_LDADD = $(LDADD) $(LIBCRYPT)
+-useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
+-userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
+-usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
++useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -lacl
++userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -lacl
++usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -lacl
+ vipw_LDADD = $(LDADD) $(LIBSELINUX)
+ all: all-am
+ 

shadow-4.1.4.2-fixes.patch

@@ -1,15 +1,3 @@
-diff -up shadow-4.1.4.2/lib/commonio.c.fixes shadow-4.1.4.2/lib/commonio.c
---- shadow-4.1.4.2/lib/commonio.c.fixes	2009-09-07 15:51:28.312139467 +0200
-+++ shadow-4.1.4.2/lib/commonio.c	2009-09-07 15:52:00.788140456 +0200
-@@ -710,7 +710,7 @@ commonio_sort (struct commonio_db *db, i
- 	db->tail->prev = entries[n - 1];
- 	db->tail->next = NULL;
- 
--	for (i = 1; i < n; i++) {
-+	for (i = 1; i < (n-1); i++) {
- 		entries[i]->prev = entries[i - 1];
- 		entries[i]->next = entries[i + 1];
- 	}
 diff -up shadow-4.1.4.2/libmisc/cleanup.c.fixes shadow-4.1.4.2/libmisc/cleanup.c
 --- shadow-4.1.4.2/libmisc/cleanup.c.fixes	2009-09-07 15:52:22.449035388 +0200
 +++ shadow-4.1.4.2/libmisc/cleanup.c	2009-09-07 15:55:06.632033653 +0200

shadow-4.1.4.2-infoParentDir.patch

@@ -0,0 +1,32 @@
+diff -up shadow-4.1.4.2/man/newusers.8.infoParentDir shadow-4.1.4.2/man/newusers.8
+--- shadow-4.1.4.2/man/newusers.8.infoParentDir	2010-04-28 13:44:04.634870854 +0200
++++ shadow-4.1.4.2/man/newusers.8	2010-04-28 13:46:07.190866220 +0200
+@@ -88,7 +88,7 @@ This field is copied in the GECOS field 
+ .RS 4
+ This field is used to define the home directory of the user\&.
+ .sp
+-If this field does not specify an existing directory, the specified directory is created, with ownership set to the user being created or updated and its primary group\&.
++If this field does not specify an existing directory, the specified directory is created, with ownership set to the user being created or updated and its primary group\&.Note that newusers does not create parent directories of the new user's home directory. The newusers command will fail to create the home directory if the parent directories do not exist, and will send a message to stderr informing the user of the failure. The newusers command will not halt or return a failure to the calling shell if it fails to create the home directory, it will continue to process the batch of new users specified\&.
+ .sp
+ If the home directory of an existing user is changed,
+ \fBnewusers\fR
+diff -up shadow-4.1.4.2/man/newusers.8.xml.infoParentDir shadow-4.1.4.2/man/newusers.8.xml
+--- shadow-4.1.4.2/man/newusers.8.xml.infoParentDir	2010-04-28 13:48:01.419238133 +0200
++++ shadow-4.1.4.2/man/newusers.8.xml	2010-04-28 13:55:40.499663030 +0200
+@@ -192,7 +192,15 @@
+ 	  <para>
+ 	    If this field does not specify an existing directory, the
+ 	    specified directory is created, with ownership set to the
+-	    user being created or updated and its primary group.
++	    user being created or updated and its primary group. Note 
++            that newusers does not create parent directories of the new 
++            user's home directory. The newusers command will fail to 
++            create the home directory if the parent directories do not 
++            exist, and will send a message to stderr informing the user 
++            of the failure. The newusers command will not halt or return 
++            a failure to the calling shell if it fails to create the home 
++            directory, it will continue to process the batch of new users 
++            specified.
+ 	  </para>
+ 	  <para>
+ 	    If the home directory of an existing user is changed,

shadow-4.1.4.2-semange.patch

@@ -0,0 +1,22 @@
+diff -up shadow-4.1.4.2/src/userdel.c.semanage shadow-4.1.4.2/src/userdel.c
+--- shadow-4.1.4.2/src/userdel.c.semanage	2010-04-28 14:47:25.581366330 +0200
++++ shadow-4.1.4.2/src/userdel.c	2010-04-28 14:48:08.736376028 +0200
+@@ -974,18 +974,6 @@ int main (int argc, char **argv)
+ 	}
+ #endif
+ 
+-#ifdef WITH_SELINUX
+-	if (is_selinux_enabled () > 0) {
+-		const char *args[5];
+-		args[0] = "/usr/sbin/semanage";
+-		args[1] = "login";
+-		args[2] = "-d";
+-		args[3] = user_name;
+-		args[4] = NULL;
+-		safe_system (args[0], args, NULL, 1);
+-	}
+-#endif
+-
+ 	/*
+ 	 * Cancel any crontabs or at jobs. Have to do this before we remove
+ 	 * the entry from /etc/passwd.

shadow-4.1.4.2-uflg.patch

@@ -0,0 +1,25 @@
+diff -up shadow-4.1.4.2/libmisc/find_new_gid.c.uflg shadow-4.1.4.2/libmisc/find_new_gid.c
+--- shadow-4.1.4.2/libmisc/find_new_gid.c.uflg	2010-05-21 11:31:36.069929199 +0200
++++ shadow-4.1.4.2/libmisc/find_new_gid.c	2010-05-21 11:31:47.600963338 +0200
+@@ -61,7 +61,7 @@ int find_new_gid (bool sys_group,
+ 		gid_min = (gid_t) getdef_ulong ("GID_MIN", 500UL);
+ 		gid_max = (gid_t) getdef_ulong ("GID_MAX", 60000UL);
+ 	} else {
+-		gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 201UL);
++		gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 1UL);
+ 		gid_max = (gid_t) getdef_ulong ("GID_MIN", 500UL) - 1;
+ 		gid_max = (gid_t) getdef_ulong ("SYS_GID_MAX", (unsigned long) gid_max);
+ 	}
+@@ -79,7 +79,11 @@ int find_new_gid (bool sys_group,
+ 		*gid = *preferred_gid;
+ 		return 0;
+ 	}
+-
++	
++	/* if we did not find free preffered system gid, we start to look for 
++	 * one in the range assigned to dynamic system IDs */
++	if (sys_group)
++		gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 201UL);
+ 
+ 	/*
+ 	 * Search the entire group file,

shadow-4.1.4.2-underflow.patch

@@ -0,0 +1,43 @@
+diff -up shadow-4.1.4.2/src/faillog.c.overflow shadow-4.1.4.2/src/faillog.c
+--- shadow-4.1.4.2/src/faillog.c.overflow	2010-06-14 10:40:28.023030897 +0200
++++ shadow-4.1.4.2/src/faillog.c	2010-06-14 10:53:10.884034750 +0200
+@@ -106,8 +106,8 @@ static void print_one (/*@null@*/const s
+ 		return;
+ 	}
+ 
+-	offset = pw->pw_uid * sizeof (fl);
+-	if (offset <= (statbuf.st_size - sizeof (fl))) {
++	offset = (off_t) pw->pw_uid * sizeof (fl);
++	if (offset + sizeof (fl) <= statbuf.st_size) {
+ 		/* fseeko errors are not really relevant for us. */
+ 		int err = fseeko (fail, offset, SEEK_SET);
+ 		assert (0 == err);
+@@ -206,8 +206,8 @@ static bool reset_one (uid_t uid)
+ 	off_t offset;
+ 	struct faillog fl;
+ 
+-	offset = uid * sizeof (fl);
+-	if (offset <= (statbuf.st_size - sizeof (fl))) {
++	offset = (off_t) uid * sizeof (fl);
++	if (offset + sizeof (fl) <= statbuf.st_size) {
+ 		/* fseeko errors are not really relevant for us. */
+ 		int err = fseeko (fail, offset, SEEK_SET);
+ 		assert (0 == err);
+@@ -294,7 +294,7 @@ static bool setmax_one (uid_t uid, int m
+ 	struct faillog fl;
+ 
+ 	offset = (off_t) uid * sizeof (fl);
+-	if (offset <= (statbuf.st_size - sizeof (fl))) {
++	if (offset + sizeof (fl) <= statbuf.st_size) {
+ 		/* fseeko errors are not really relevant for us. */
+ 		int err = fseeko (fail, offset, SEEK_SET);
+ 		assert (0 == err);
+@@ -385,7 +385,7 @@ static bool set_locktime_one (uid_t uid,
+ 	struct faillog fl;
+ 
+ 	offset = (off_t) uid * sizeof (fl);
+-	if (offset <= (statbuf.st_size - sizeof (fl))) {
++	if (offset + sizeof (fl) <= statbuf.st_size) {
+ 		/* fseeko errors are not really relevant for us. */
+ 		int err = fseeko (fail, offset, SEEK_SET);
+ 		assert (0 == err);

shadow-utils.spec

@@ -1,7 +1,7 @@
 Summary: Utilities for managing accounts and shadow password files
 Name: shadow-utils
 Version: 4.1.4.2
-Release: 2%{?dist}
+Release: 8%{?dist}
 Epoch: 2
 URL: http://pkg-shadow.alioth.debian.org/
 Source0: ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-%{version}.tar.bz2
@@ -11,10 +11,16 @@ Patch0: shadow-4.1.4.2-redhat.patch
 Patch1: shadow-4.1.4.1-goodname.patch
 Patch2: shadow-4.1.4.2-leak.patch
 Patch3: shadow-4.1.4.2-fixes.patch
+Patch4: shadow-4.1.4.2-infoParentDir.patch
+Patch5: shadow-4.1.4.2-semange.patch
+Patch6: shadow-4.1.4.2-acl.patch
+Patch7: shadow-4.1.4.2-underflow.patch
+Patch8: shadow-4.1.4.2-uflg.patch
 License: BSD and GPLv2+
 Group: System Environment/Base
 BuildRequires: libselinux-devel >= 1.25.2-1
 BuildRequires: audit-libs-devel >= 1.6.5
+BuildRequires: libacl-devel libattr-devel
 #BuildRequires: autoconf, automake, libtool, gettext-devel
 Requires: libselinux >= 1.25.2-1
 Requires: audit-libs >= 1.6.5
@@ -39,6 +45,11 @@ are used for managing group accounts.
 %patch1 -p1 -b .goodname
 %patch2 -p1 -b .leak
 %patch3 -p1 -b .fixes
+%patch4 -p1 -b .infoParentDir
+%patch5 -p1 -b .semange
+%patch6 -p1 -b .acl
+%patch7 -p1 -b .underflow
+%patch8 -p1 -b .uflg
 
 iconv -f ISO88591 -t utf-8  doc/HOWTO > doc/HOWTO.utf8
 cp -f doc/HOWTO.utf8 doc/HOWTO
@@ -58,7 +69,8 @@ cp -f doc/HOWTO.utf8 doc/HOWTO
         --with-selinux \
         --without-libcrack \
         --without-libpam \
-        --disable-shared
+        --disable-shared \
+	--with-group-name-max-length=32
 make
 
 %install
@@ -122,14 +134,14 @@ rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/chgpasswd.*
 rm $RPM_BUILD_ROOT/%{_mandir}/man3/getspnam.*
 rm $RPM_BUILD_ROOT/%{_mandir}/*/man3/getspnam.*
 
-%find_lang shadow
 find $RPM_BUILD_ROOT%{_mandir} -depth -type d -empty -delete
+%find_lang shadow
 for dir in $(ls -1d $RPM_BUILD_ROOT%{_mandir}/{??,??_??}) ; do
     dir=$(echo $dir | sed -e "s|^$RPM_BUILD_ROOT||")
     lang=$(basename $dir)
-    echo "%%lang($lang) $dir" >> shadow.lang
-    echo "%%lang($lang) $dir/man*" >> shadow.lang
-#    echo "%%lang($lang) $dir/man*/*" >> shadow.lang
+#   echo "%%lang($lang) $dir" >> shadow.lang
+#   echo "%%lang($lang) $dir/man*" >> shadow.lang
+    echo "%%lang($lang) $dir/man*/*" >> shadow.lang
 done
 
 %clean
@@ -180,6 +192,29 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man8/vigr.8*
 
 %changelog
+* Tue Jul 20 2010 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.4.2-8
+- fix pwck/grpck hang
+  Resolves: #586322
+
+* Mon Jun 14 2010 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.4.2-7
+- fix integer underflow in faillog (#603683)
+- use preferred GID for reserved static IDs
+
+* Thu Apr 29 2010 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.4.2-6
+- preserve ACL's on files in /etc/skel 
+  Resolves: #513055 
+
+* Wed Apr 28 2010 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.4.2-5
+- newusers man page more informative
+- userdel should not need to run semanage
+  Resolves: #586330 #586408
+
+* Thu Apr 01 2010 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.4.2-4
+- fix man directories ownership (#569418)
+
+* Fri Mar 26 2010 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.4.2-3
+- max group name length set to 32 characters
+
 * Wed Nov 18 2009 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.4.2-2
 - apply patches{1,2,3}
 - enable SHA512 in /etc/login.defs