- Update to 4.12.3:
Revert removal of subid_init, which should have bumped soname. So note that 4.12 through 4.12.2 were broken for subid users. - Update to 4.12.2: * Address CVE-2013-4235 (TOCTTOU when copying directories) [bsc#916845] - Refresh useradd-userkeleton.patch: LSTAT() was removed with https://github.com/shadow-maint/shadow/pull/545 Let's use fstatat() now. OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=124
This commit is contained in:
@@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:e7102c7cc423bfb76532a8590c85db610e28555e2e29d00ae1330097569c1dc8
|
|
||||||
size 1745968
|
|
@@ -1,11 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iQEzBAABCgAdFiEEqb0/8XByttt4D8+UNXDaFycKziQFAmL6gNkACgkQNXDaFycK
|
|
||||||
ziQIkggAw7OANqSfYO/5ZrU4dkjjhqwZBvMQh3kKNQZ9fBst2+6eVvkWNyQTorMX
|
|
||||||
YUnvEgCFJA1wj2o4gltfaYWEVIkDgpwkexKEzPx02n70oe+sbAukXUcXo4v/8piP
|
|
||||||
D6Q1qLpW1z1vZFp4ZaIj4CP/aa4mTzMNeCWwRn+bCeDLR8jwhwmDN54hEZJ83psB
|
|
||||||
6RhJXxtUyb6fOI0EK8yRlctuPt39LVAXBO3Q265fmFxP/THEBCseNr6G/+dvR0eQ
|
|
||||||
ntLGJsBuAE647WN0CYynJl6Jq8ehGaNnmlQOU0reRnxvT+Mx0dkP9Vk2AoENGDL2
|
|
||||||
D6C+/9v3fpyuyIxWotBK4SenyqKVHA==
|
|
||||||
=AJ3H
|
|
||||||
-----END PGP SIGNATURE-----
|
|
3
shadow-4.12.3.tar.xz
Normal file
3
shadow-4.12.3.tar.xz
Normal file
@@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:3d3ec447cfdd11ab5f0486ebc47d15718349d13fea41fc8584568bc118083ccd
|
||||||
|
size 1747620
|
11
shadow-4.12.3.tar.xz.asc
Normal file
11
shadow-4.12.3.tar.xz.asc
Normal file
@@ -0,0 +1,11 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQEzBAABCgAdFiEEqb0/8XByttt4D8+UNXDaFycKziQFAmMDfQYACgkQNXDaFycK
|
||||||
|
ziQvPQf9HGXVezTAIW+tqa3T/Fpc1q8JPVXJO/GzNQPuyoqZCtHZihqgvc3gkdcB
|
||||||
|
ZXIYXy1pB5lX6SEpSJjIeugXiUDBS465Q+Is1C76HqGh8dH7ws8tn4/ypA0S8/pv
|
||||||
|
rkFT+sSjEqJLGCRpoRNoH2r++WkzUlags9aPabhZgJKHny31rSRAre0bsva7IGPs
|
||||||
|
6iq1r4apKl8YssybAus3jmstxKj6y9S2Cmv+iEN0jY/+Oagrbl45p+NuHf/E0TSp
|
||||||
|
sCnZCLtzUBb5LTeIfz15P+MfG+hDhFLPedWlLVTr7YZSWJVwf4gwttUWUOmSkkuF
|
||||||
|
PEy7hhvMAd7X5Rtz/GVtfas+UUfekA==
|
||||||
|
=WZd1
|
||||||
|
-----END PGP SIGNATURE-----
|
@@ -1,3 +1,19 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Aug 22 13:59:35 UTC 2022 - Michael Vetter <mvetter@suse.com>
|
||||||
|
|
||||||
|
- Update to 4.12.3:
|
||||||
|
Revert removal of subid_init, which should have bumped soname.
|
||||||
|
So note that 4.12 through 4.12.2 were broken for subid users.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Aug 19 06:32:28 UTC 2022 - Michael Vetter <mvetter@suse.com>
|
||||||
|
|
||||||
|
- Update to 4.12.2:
|
||||||
|
* Address CVE-2013-4235 (TOCTTOU when copying directories) [bsc#916845]
|
||||||
|
- Refresh useradd-userkeleton.patch:
|
||||||
|
LSTAT() was removed with https://github.com/shadow-maint/shadow/pull/545
|
||||||
|
Let's use fstatat() now.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Aug 15 17:42:01 UTC 2022 - Michael Vetter <mvetter@suse.com>
|
Mon Aug 15 17:42:01 UTC 2022 - Michael Vetter <mvetter@suse.com>
|
||||||
|
|
||||||
|
@@ -22,7 +22,7 @@
|
|||||||
%define no_config 1
|
%define no_config 1
|
||||||
%endif
|
%endif
|
||||||
Name: shadow
|
Name: shadow
|
||||||
Version: 4.12.1
|
Version: 4.12.3
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: Utilities to Manage User and Group Accounts
|
Summary: Utilities to Manage User and Group Accounts
|
||||||
License: BSD-3-Clause AND GPL-2.0-or-later
|
License: BSD-3-Clause AND GPL-2.0-or-later
|
||||||
|
@@ -27,7 +27,7 @@ Index: src/useradd.c
|
|||||||
static const char *def_create_mail_spool = "yes";
|
static const char *def_create_mail_spool = "yes";
|
||||||
static const char *def_log_init = "yes";
|
static const char *def_log_init = "yes";
|
||||||
|
|
||||||
@@ -185,6 +189,7 @@ static bool home_added = false;
|
@@ -188,6 +192,7 @@ static bool home_added = false;
|
||||||
#define DINACT "INACTIVE="
|
#define DINACT "INACTIVE="
|
||||||
#define DEXPIRE "EXPIRE="
|
#define DEXPIRE "EXPIRE="
|
||||||
#define DSKEL "SKEL="
|
#define DSKEL "SKEL="
|
||||||
@@ -35,7 +35,7 @@ Index: src/useradd.c
|
|||||||
#define DCREATE_MAIL_SPOOL "CREATE_MAIL_SPOOL="
|
#define DCREATE_MAIL_SPOOL "CREATE_MAIL_SPOOL="
|
||||||
#define DLOG_INIT "LOG_INIT="
|
#define DLOG_INIT "LOG_INIT="
|
||||||
|
|
||||||
@@ -458,6 +463,29 @@ static void get_defaults (void)
|
@@ -461,6 +466,29 @@ static void get_defaults (void)
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@@ -45,7 +45,7 @@ Index: src/useradd.c
|
|||||||
+ if ('\0' == *cp) {
|
+ if ('\0' == *cp) {
|
||||||
+ cp = USRSKELDIR; /* XXX warning: const */
|
+ cp = USRSKELDIR; /* XXX warning: const */
|
||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
+ if(prefix[0]) {
|
+ if(prefix[0]) {
|
||||||
+ size_t len;
|
+ size_t len;
|
||||||
+ int wlen;
|
+ int wlen;
|
||||||
@@ -65,7 +65,7 @@ Index: src/useradd.c
|
|||||||
* Create by default user mail spool or not ?
|
* Create by default user mail spool or not ?
|
||||||
*/
|
*/
|
||||||
else if (MATCH (buf, DCREATE_MAIL_SPOOL)) {
|
else if (MATCH (buf, DCREATE_MAIL_SPOOL)) {
|
||||||
@@ -499,6 +527,7 @@ static void show_defaults (void)
|
@@ -502,6 +530,7 @@ static void show_defaults (void)
|
||||||
printf ("EXPIRE=%s\n", def_expire);
|
printf ("EXPIRE=%s\n", def_expire);
|
||||||
printf ("SHELL=%s\n", def_shell);
|
printf ("SHELL=%s\n", def_shell);
|
||||||
printf ("SKEL=%s\n", def_template);
|
printf ("SKEL=%s\n", def_template);
|
||||||
@@ -73,7 +73,7 @@ Index: src/useradd.c
|
|||||||
printf ("CREATE_MAIL_SPOOL=%s\n", def_create_mail_spool);
|
printf ("CREATE_MAIL_SPOOL=%s\n", def_create_mail_spool);
|
||||||
printf ("LOG_INIT=%s\n", def_log_init);
|
printf ("LOG_INIT=%s\n", def_log_init);
|
||||||
}
|
}
|
||||||
@@ -527,6 +556,7 @@ static int set_defaults (void)
|
@@ -530,6 +559,7 @@ static int set_defaults (void)
|
||||||
bool out_expire = false;
|
bool out_expire = false;
|
||||||
bool out_shell = false;
|
bool out_shell = false;
|
||||||
bool out_skel = false;
|
bool out_skel = false;
|
||||||
@@ -81,7 +81,7 @@ Index: src/useradd.c
|
|||||||
bool out_create_mail_spool = false;
|
bool out_create_mail_spool = false;
|
||||||
bool out_log_init = false;
|
bool out_log_init = false;
|
||||||
size_t len;
|
size_t len;
|
||||||
@@ -640,6 +670,9 @@ static int set_defaults (void)
|
@@ -643,6 +673,9 @@ static int set_defaults (void)
|
||||||
} else if (!out_skel && MATCH (buf, DSKEL)) {
|
} else if (!out_skel && MATCH (buf, DSKEL)) {
|
||||||
fprintf (ofp, DSKEL "%s\n", def_template);
|
fprintf (ofp, DSKEL "%s\n", def_template);
|
||||||
out_skel = true;
|
out_skel = true;
|
||||||
@@ -91,7 +91,7 @@ Index: src/useradd.c
|
|||||||
} else if (!out_create_mail_spool
|
} else if (!out_create_mail_spool
|
||||||
&& MATCH (buf, DCREATE_MAIL_SPOOL)) {
|
&& MATCH (buf, DCREATE_MAIL_SPOOL)) {
|
||||||
fprintf (ofp,
|
fprintf (ofp,
|
||||||
@@ -675,6 +708,8 @@ static int set_defaults (void)
|
@@ -678,6 +711,8 @@ static int set_defaults (void)
|
||||||
fprintf (ofp, DSHELL "%s\n", def_shell);
|
fprintf (ofp, DSHELL "%s\n", def_shell);
|
||||||
if (!out_skel)
|
if (!out_skel)
|
||||||
fprintf (ofp, DSKEL "%s\n", def_template);
|
fprintf (ofp, DSKEL "%s\n", def_template);
|
||||||
@@ -100,7 +100,7 @@ Index: src/useradd.c
|
|||||||
|
|
||||||
if (!out_create_mail_spool)
|
if (!out_create_mail_spool)
|
||||||
fprintf (ofp, DCREATE_MAIL_SPOOL "%s\n", def_create_mail_spool);
|
fprintf (ofp, DCREATE_MAIL_SPOOL "%s\n", def_create_mail_spool);
|
||||||
@@ -2739,6 +2774,8 @@ int main (int argc, char **argv)
|
@@ -2756,6 +2791,8 @@ int main (int argc, char **argv)
|
||||||
if (home_added) {
|
if (home_added) {
|
||||||
copy_tree (def_template, prefix_user_home, false, true,
|
copy_tree (def_template, prefix_user_home, false, true,
|
||||||
(uid_t)-1, user_id, (gid_t)-1, user_gid);
|
(uid_t)-1, user_id, (gid_t)-1, user_gid);
|
||||||
@@ -113,22 +113,22 @@ Index: libmisc/copydir.c
|
|||||||
===================================================================
|
===================================================================
|
||||||
--- libmisc/copydir.c.orig
|
--- libmisc/copydir.c.orig
|
||||||
+++ libmisc/copydir.c
|
+++ libmisc/copydir.c
|
||||||
@@ -395,6 +395,14 @@ static int copy_entry (const char *src,
|
@@ -453,6 +453,14 @@ static int copy_entry (const struct path
|
||||||
old_uid, new_uid, old_gid, new_gid);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
+ /*
|
/*
|
||||||
+ * If the destination already exists do nothing.
|
+ * If the destination already exists do nothing.
|
||||||
+ * This is after the copy_dir above to still iterate into subdirectories.
|
+ * This is after the copy_dir above to still iterate into subdirectories.
|
||||||
+ */
|
+ */
|
||||||
+ if (LSTAT (dst, &sb) != -1) {
|
+ if (fstatat(dst->dirfd, dst->name, &sb, AT_SYMLINK_NOFOLLOW) == -1) {
|
||||||
+ return 0;
|
+ return 0;
|
||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
#ifdef S_IFLNK
|
+ /*
|
||||||
/*
|
|
||||||
* Copy any symbolic links
|
* Copy any symbolic links
|
||||||
@@ -456,6 +464,7 @@ static int copy_dir (const char *src, co
|
*/
|
||||||
|
|
||||||
|
@@ -511,6 +519,7 @@ static int copy_dir (const struct path_i
|
||||||
gid_t old_gid, gid_t new_gid)
|
gid_t old_gid, gid_t new_gid)
|
||||||
{
|
{
|
||||||
int err = 0;
|
int err = 0;
|
||||||
@@ -136,20 +136,20 @@ Index: libmisc/copydir.c
|
|||||||
|
|
||||||
/*
|
/*
|
||||||
* Create a new target directory, make it owned by
|
* Create a new target directory, make it owned by
|
||||||
@@ -467,6 +476,16 @@ static int copy_dir (const char *src, co
|
@@ -522,6 +531,16 @@ static int copy_dir (const struct path_i
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
#endif /* WITH_SELINUX */
|
#endif /* WITH_SELINUX */
|
||||||
+
|
+
|
||||||
+ /*
|
+ /*
|
||||||
+ * If the destination is already a directory, don't change it
|
+ * If the destination is already a directory, don't change it
|
||||||
+ * but copy into it (recursively).
|
+ * but copy into it (recursively).
|
||||||
+ */
|
+ */
|
||||||
+ if (LSTAT (dst, &dst_sb) == 0 && S_ISDIR(dst_sb.st_mode)) {
|
+ if (fstatat(dst->dirfd, dst->name, &dst_sb, AT_SYMLINK_NOFOLLOW) == 0 && S_ISDIR(dst_sb.st_mode)) {
|
||||||
+ return (copy_tree (src, dst, false, reset_selinux,
|
+ return (copy_tree (src, dst, false, reset_selinux,
|
||||||
+ old_uid, new_uid, old_gid, new_gid) != 0);
|
+ old_uid, new_uid, old_gid, new_gid) != 0);
|
||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
if ( (mkdir (dst, statp->st_mode) != 0)
|
if ( (mkdirat (dst->dirfd, dst->name, statp->st_mode) != 0)
|
||||||
|| (chown_if_needed (dst, statp,
|
|| (chownat_if_needed (dst, statp,
|
||||||
old_uid, new_uid, old_gid, new_gid) != 0)
|
old_uid, new_uid, old_gid, new_gid) != 0)
|
||||||
|
Reference in New Issue
Block a user