Accepting request 940244 from Linux-PAM

- Drop pam_umask-usergroups-login_defs.patch, does more harm than helps. If not explizit specified as module option, we use UMASK from login.defs unmodified. (forwarded request 940243 from kukuk) OBS-URL: https://build.opensuse.org/request/show/940244 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=120
2021-12-17 22:54:22 +00:00 · 2021-12-17 22:54:22 +00:00 · e11a0c3af1
commit e11a0c3af1
parent 297cc4140e 945f25a7ae
3 changed files with 7 additions and 131 deletions
--- a/pam.changes
+++ b/pam.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Mon Dec 13 13:06:47 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
+
+- Drop pam_umask-usergroups-login_defs.patch, does more harm
+  than helps. If not explizit specified as module option, we
+  use UMASK from login.defs unmodified.
+
 -------------------------------------------------------------------
 Thu Nov 25 10:12:20 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>

--- a/pam.spec
+++ b/pam.spec
@ -68,7 +68,6 @@ Patch1:         pam-limit-nproc.patch
 Patch2:         pam-hostnames-in-access_conf.patch
 Patch3:         pam-xauth_ownership.patch
 Patch4:         pam-bsc1177858-dont-free-environment-string.patch
-Patch5:         pam_umask-usergroups-login_defs.patch
 Patch10:        pam_xauth_data.3.xml.patch
 Patch11:        0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch
 Patch12:        0002-Only-include-vendordir-in-manual-page-if-set-401.patch
@ -182,7 +181,6 @@ cp -a %{SOURCE12} .
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
-%patch5 -p1
 %patch10 -p1
 %patch11 -p1
 %patch12 -p1
--- a/pam_umask-usergroups-login_defs.patch
+++ b/pam_umask-usergroups-login_defs.patch
@ -1,129 +0,0 @@
-Description:
-Deprecate pam_umask explicit "usergroups" option and instead read it from /etc/login.def's
-"USERGROUP_ENAB" option if umask is only defined there.
-Original Author: Martin Pitt <martin.pitt@ubuntu.com>
-Bug-Debian: http://bugs.debian.org/583958
-
-Index: Linux-PAM-1.5.2/modules/pam_umask/README
-===================================================================
--- Linux-PAM-1.5.2.orig/modules/pam_umask/README
-+++ Linux-PAM-1.5.2/modules/pam_umask/README
-@@ -15,7 +15,7 @@ following order:
- 
-   • umask= argument
- 
-  • UMASK entry from /etc/login.defs
-+  • UMASK entry from /etc/login.defs (influenced by USERGROUPS_ENAB)
- 
-   • UMASK= entry from /etc/default/login
- 
-@@ -38,7 +38,10 @@ usergroups
- 
-     If the user is not root and the username is the same as primary group name,
-     the umask group bits are set to be the same as owner bits (examples: 022 ->
-    002, 077 -> 007).
-+    002, 077 -> 007). Note that using this option explicitly is discouraged.
-+    pam_umask enables this functionality by default if /etc/login.defs enables
-+    USERGROUPS_ENAB, and the umask is not set explicitly in other places than /
-+    etc/login.defs.
- 
- nousergroups
- 
-Index: Linux-PAM-1.5.2/modules/pam_umask/pam_umask.8
-===================================================================
--- Linux-PAM-1.5.2.orig/modules/pam_umask/pam_umask.8
-+++ Linux-PAM-1.5.2/modules/pam_umask/pam_umask.8
-@@ -68,7 +68,9 @@ umask= argument
- .sp -1
- .IP \(bu 2.3
- .\}
-UMASK entry from /etc/login\&.defs
-+UMASK entry from
-+/etc/login\&.defs
-+(influenced by USERGROUPS_ENAB)
- .RE
- .sp
- .RS 4
-@@ -79,7 +81,8 @@ UMASK entry from /etc/login\&.defs
- .sp -1
- .IP \(bu 2.3
- .\}
-UMASK= entry from /etc/default/login
-+UMASK= entry from
-+/etc/default/login
- .RE
- .PP
- The GECOS field is split on comma \*(Aq,\*(Aq characters\&. The module also in addition to the umask= entry recognizes pri= entry, which sets the nice priority value for the session, and ulimit= entry, which sets the maximum size of files the processes in the session can create\&.
-@@ -98,7 +101,10 @@ Don\*(Aqt print informative messages\&.
- .PP
- \fBusergroups\fR
- .RS 4
-If the user is not root and the username is the same as primary group name, the umask group bits are set to be the same as owner bits (examples: 022 \-> 002, 077 \-> 007)\&.
-+If the user is not root and the username is the same as primary group name, the umask group bits are set to be the same as owner bits (examples: 022 \-> 002, 077 \-> 007)\&. Note that using this option explicitly is discouraged\&. pam_umask enables this functionality by default if
-+/etc/login\&.defs
-+enables USERGROUPS_ENAB, and the umask is not set explicitly in other places than
-+/etc/login\&.defs\&.
- .RE
- .PP
- \fBnousergroups\fR
-Index: Linux-PAM-1.5.2/modules/pam_umask/pam_umask.8.xml
-===================================================================
--- Linux-PAM-1.5.2.orig/modules/pam_umask/pam_umask.8.xml
-+++ Linux-PAM-1.5.2/modules/pam_umask/pam_umask.8.xml
-@@ -61,12 +61,13 @@
-         </listitem>
-         <listitem>
-           <para>
-            UMASK entry from /etc/login.defs
-+            UMASK entry from <filename>/etc/login.defs</filename>
-+	    (influenced by USERGROUPS_ENAB)
-           </para>
-         </listitem>
-         <listitem>
-           <para>
-            UMASK= entry from /etc/default/login
-+            UMASK= entry from <filename>/etc/default/login</filename>
-           </para>
-         </listitem>
-       </itemizedlist>
-@@ -118,6 +119,11 @@
-               If the user is not root and the username is the same as
-               primary group name, the umask group bits are set to be the
-               same as owner bits (examples: 022 -> 002, 077 -> 007).
-+	      Note that using this option explicitly is discouraged. pam_umask
-+	      enables this functionality by default if
-+	      <filename>/etc/login.defs</filename> enables
-+	      USERGROUPS_ENAB, and the umask is not set explicitly in other
-+	      places than <filename>/etc/login.defs</filename>.
-             </para>
-           </listitem>
-         </varlistentry>
-Index: Linux-PAM-1.5.2/modules/pam_umask/pam_umask.c
-===================================================================
--- Linux-PAM-1.5.2.orig/modules/pam_umask/pam_umask.c
-+++ Linux-PAM-1.5.2/modules/pam_umask/pam_umask.c
-@@ -104,7 +104,23 @@ get_options (pam_handle_t *pamh, options
-     parse_option (pamh, *argv, options);
- 
-   if (options->umask == NULL) {
-    options->login_umask = pam_modutil_search_key (pamh, LOGIN_DEFS, "UMASK");
-+    {
-+      options->umask = pam_modutil_search_key (pamh, LOGIN_DEFS, "UMASK");
-+      /* login.defs' USERGROUPS_ENAB will modify the UMASK setting there by way
-+       * of usergroups; but we don't want it to influence umask definitions
-+       * from other places (like GECOS).
-+       */
-+      if (options->umask != NULL)
-+       {
-+	 char *result = pam_modutil_search_key (pamh, LOGIN_DEFS,
-+						"USERGROUPS_ENAB");
-+	 if (result != NULL)
-+	   {
-+	     options->usergroups = (strcasecmp (result, "yes") == 0);
-+	     free (result);
-+	   }
-+       }
-+    }
-     if (options->login_umask == NULL)
-       options->login_umask = pam_modutil_search_key (pamh, LOGIN_CONF, "UMASK");
-     options->umask = options->login_umask;