.

OBS-URL: https://build.opensuse.org/package/show/Base:System/util-linux?expand=0&rev=166

make-sure-sbin-resp-usr-sbin-are-in-PATH.diff

@@ -0,0 +1,143 @@
+--- util-linux-2.23.1/login-utils/su-common.c
++++ util-linux-2.23.1/login-utils/su-common.c	2013-06-06 08:46:59.575872090 +0000
+@@ -473,6 +473,117 @@ set_path(const struct passwd* pw)
+     err (EXIT_FAILURE,  _("failed to set PATH"));
+ }
+ 
++/* Add or clear /sbin and /usr/sbin for the su command
++   used without `-'.  */
++
++/* Set if /sbin is found in path.  */
++#define SBIN_MASK      0x01
++/* Set if /usr/sbin is found in path.  */
++#define USBIN_MASK     0x02
++
++static char *
++addsbin (const char *const path)
++{
++  unsigned char smask = 0;
++  char *ptr, *tmp, *cur, *ret = NULL;
++  size_t len;
++
++  if (!path || *path == 0)
++    return NULL;
++
++  tmp = xstrdup (path);
++  cur = tmp;
++  for (ptr = strsep (&cur, ":"); ptr != NULL; ptr = strsep (&cur, ":"))
++    {
++      if (!strcmp (ptr, "/sbin"))
++	smask |= SBIN_MASK;
++      if (!strcmp (ptr, "/usr/sbin"))
++	smask |= USBIN_MASK;
++    }
++
++  if ((smask & (USBIN_MASK|SBIN_MASK)) == (USBIN_MASK|SBIN_MASK))
++    {
++      free (tmp);
++      return NULL;
++    }
++
++  len = strlen (path);
++  if (!(smask & USBIN_MASK))
++    len += strlen ("/usr/sbin:");
++
++  if (!(smask & SBIN_MASK))
++    len += strlen (":/sbin");
++
++  ret = xmalloc (len + 1);
++  strcpy (tmp, path);
++
++  *ret = 0;
++  cur = tmp;
++  for (ptr = strsep (&cur, ":"); ptr; ptr = strsep (&cur, ":"))
++    {
++      if (!strcmp (ptr, "."))
++	continue;
++      if (*ret)
++	strcat (ret, ":");
++      if (!(smask & USBIN_MASK) && !strcmp (ptr, "/bin"))
++	{
++	  strcat (ret, "/usr/sbin:");
++	  strcat (ret, ptr);
++	  smask |= USBIN_MASK;
++	  continue;
++	}
++      if (!(smask & SBIN_MASK) && !strcmp (ptr, "/usr/bin"))
++	{
++	  strcat (ret, ptr);
++	  strcat (ret, ":/sbin");
++	  smask |= SBIN_MASK;
++	  continue;
++	}
++      strcat (ret, ptr);
++    }
++  free (tmp);
++
++  if (!(smask & USBIN_MASK))
++    strcat (ret, ":/usr/sbin");
++
++  if (!(smask & SBIN_MASK))
++    strcat (ret, ":/sbin");
++
++  return ret;
++}
++
++static char *
++clearsbin (const char *const path)
++{
++  char *ptr, *tmp, *cur, *ret = NULL;
++
++  if (!path || *path == 0)
++    return NULL;
++
++  tmp = strdup (path);
++  if (!tmp)
++    return NULL;
++
++  ret = xmalloc (strlen (path) + 1);
++  *ret = 0;
++  cur = tmp;
++  for (ptr = strsep (&cur, ":"); ptr; ptr = strsep (&cur, ":"))
++    {
++      if (!strcmp (ptr, "/sbin"))
++	continue;
++      if (!strcmp (ptr, "/usr/sbin"))
++	continue;
++      if (!strcmp (ptr, "/usr/local/sbin"))
++	continue;
++      if (*ret)
++	strcat (ret, ":");
++      strcat (ret, ptr);
++    }
++  free (tmp);
++
++  return ret;
++}
++
+ /* Update `environ' for the new shell based on PW, with SHELL being
+    the value for the SHELL environment variable.  */
+ 
+@@ -508,6 +619,22 @@ modify_environment (const struct passwd
+             xsetenv ("SHELL", shell, 1);
+ 	  if (getlogindefs_bool ("ALWAYS_SET_PATH", 0))
+ 	    set_path(pw);
++	  else
++	    {
++	      char const *path = getenv ("PATH");
++	      char *new = NULL;
++
++	      if (pw->pw_uid)
++		new = clearsbin (path);
++	      else
++		new = addsbin (path);
++
++	      if (new)
++		{
++		  xsetenv ("PATH", new, 1);
++		  free (new);
++		}
++	    }
+ 
+           if (pw->pw_uid)
+             {

su.default

@@ -0,0 +1,11 @@
+# Per default, only "su -" will set a new PATH.
+# If this variable is changed to "yes" (default is "no"),
+# every su call will overwrite the PATH variable.
+ALWAYS_SET_PATH=no
+
+# Default path. 
+PATH=/usr/local/bin:/bin:/usr/bin
+
+# Default path for a user invoking su to root.
+SUPATH=/usr/sbin:/bin:/usr/bin:/sbin
+

su.pamd

@@ -0,0 +1,8 @@
+#%PAM-1.0
+auth     sufficient     pam_rootok.so
+auth     include        common-auth
+account  sufficient     pam_rootok.so
+account  include        common-account
+password include        common-password
+session  include        common-session
+session  optional       pam_xauth.so

util-linux-rpmlintrc

@@ -4,4 +4,10 @@ addFilter("incoherent-init-script-name raw")
 addFilter("no-reload-entry /etc/init.d/raw")
 # There is no egrep(1) used -> False positive
 addFilter("deprecated-grep")
- 
+# Both pam configs for su and su-l are marked as noreplace 
+addFilter(".*W:.*files-duplicate.*/pam/su.*/pam.d/su-l.*")
+# Useless warning as the /usr/bin variants are known
+addFilter(".*W:.*permissions-symlink.*/bin/su.*")
+addFilter(".*W:.*permissions-symlink.*/bin/umount.*")
+addFilter(".*W:.*permissions-symlink.*/bin/mount.*")
+

util-linux.changes

@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Thu Jun  6 08:27:43 UTC 2013 - werner@suse.de
+
+- Add make-sure-sbin-resp-usr-sbin-are-in-PATH.diff, that is include
+  the old "let `su' handle /sbin and /usr/sbin in path"
+- Provide the new eject utility to avoid file conflict with old
+  eject package
+
 -------------------------------------------------------------------
 Wed Jun  5 12:30:45 UTC 2013 - werner@suse.de
 

util-linux.spec

@@ -70,8 +70,10 @@ Source6:        etc_filesystems
 Source7:        baselibs.conf
 Source8:        login.pamd
 Source9:        remote.pamd
+Source10:       su.pamd
+Source11:       su.default
 # TODO: split to separate package
-Source11:       klogconsole.tar.bz2
+Source40:       klogconsole.tar.bz2
 # XXX: Run a program in a new session and with controlling tty
 Source22:       setctsid.c
 Source23:       setctsid.8
@@ -91,6 +93,8 @@ Source51:       blkid.conf
 Patch1:         util-linux-2.23.1-fdisk_remove_bogus_warnings.patch
 Patch2:         util-linux-2.23.1-eject-fpie.patch
 Patch3:         fdisk-tinfo.patch
+# PATCH-EXTEND-UPSTREAM: Let `su' handle /sbin and /usr/sbin in path
+Patch4:         make-sure-sbin-resp-usr-sbin-are-in-PATH.diff
 
 # disable encryption
 Patch12:        util-linux-2.23.1-noenc-suse.diff
@@ -112,12 +116,14 @@ BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 PreReq:         %insserv_prereq %fillup_prereq /bin/sed
 #
 Provides:       base = %{version}-%{release}
+Provides:       eject = %{version}-%{release}
 Provides:       login = 4.0-33.7
 Provides:       raw = %{version}-%{release}
 Provides:       rawio = %{version}-%{release}
 Provides:       util = %{version}-%{release}
 Provides:       uuid-runtime = %{version}-%{release}
 Obsoletes:      base < %{version}-%{release}
+Obsoletes:      eject < %{version}-%{release}
 Obsoletes:      login < 4.0-33.7
 Obsoletes:      raw < %{version}-%{release}
 Obsoletes:      rawio < %{version}-%{release}
@@ -199,10 +205,11 @@ Files to develop applications using the libmount library.
 
 %lang_package
 %prep
-%setup -q -n %{name}-%{version} -b 11
+%setup -q -n %{name}-%{version} -b 40
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
+%patch4 -p1
 %patch12 -p1
 #
 %patch20 -p1
@@ -231,7 +238,7 @@ make %{?_smp_mflags} setctsid CFLAGS="%{optflags}" CC="%{__cc}"
 #
 # Version check for libutempter
 #
-uhead=$(find /usr/include -name utempter.h 2>/dev/null)
+uhead=$(find %_includedir -name utempter.h 2>/dev/null)
 if test -n "$uhead" && grep -q utempter_add_record "$uhead"
 then
     uhead=--with-utempter
@@ -293,13 +300,18 @@ make %{?_smp_mflags}
 %{__cc} -fwhole-program %{optflags} -o chrp-addnote %{SOURCE31}
 
 %install
-mkdir -p %{buildroot}{/etc/init.d,/etc/pam.d,%{_mandir}/man{1,8},/bin,/sbin,/usr/bin,/usr/sbin,%{_infodir}}
+mkdir -p %{buildroot}{%{_sysconfdir}/{init.d,pam.d,default},%{_mandir}/man{1,8},/bin,/sbin,%{_bindir},%{_sbindir},%{_infodir}}
 mkdir -p %{buildroot}%{_localstatedir}/lib/libuuid/
 mkdir -p %{buildroot}%{_localstatedir}/run/uuidd/
 install -m 744 %{SOURCE50} %{buildroot}%{_initddir}/uuidd
 install -m 644 %{SOURCE51} %{buildroot}%{_sysconfdir}/blkid.conf
-install -m 644 %{SOURCE8} %{buildroot}/etc/pam.d/login
-install -m 644 %{SOURCE9} %{buildroot}/etc/pam.d/remote
+install -m 644 %{SOURCE8} %{buildroot}%{_sysconfdir}/pam.d/login
+install -m 644 %{SOURCE9} %{buildroot}%{_sysconfdir}/pam.d/remote
+%if %{with enable_su}
+install -m 644 %{SOURCE10} %{buildroot}%{_sysconfdir}/pam.d/su
+install -m 644 %{SOURCE10} %{buildroot}%{_sysconfdir}/pam.d/su-l
+install -m 644 %{SOURCE11} %{buildroot}%{_sysconfdir}/default/su
+%endif
 mkdir -p %{buildroot}%{_localstatedir}/adm/fillup-templates
 pushd ../klogconsole
 # klogconsole install
@@ -370,9 +382,9 @@ install -m 444 setctsid.8 %{buildroot}%{_mandir}/man8/
 echo -e "#! /bin/bash\n/sbin/blockdev --flushbufs \$1" > %{buildroot}%{_sbindir}/flushb
 chmod 755 %{buildroot}%{_sbindir}/flushb
 # Install scripts to configure raw devices at boot time
-install -m 644 $RPM_SOURCE_DIR/etc.raw   %{buildroot}%{_sysconfdir}/raw
+install -m 644 $RPM_SOURCE_DIR%{_sysconfdir}.raw   %{buildroot}%{_sysconfdir}/raw
 install -m 755 $RPM_SOURCE_DIR/raw.init %{buildroot}%{_initddir}/raw
-ln -sf ../../etc/init.d/raw %{buildroot}%{_sbindir}/rcraw
+ln -sf ../..%{_sysconfdir}/init.d/raw %{buildroot}%{_sbindir}/rcraw
 # Stupid hack so we don't have a tcsh dependency
 chmod 644 %{buildroot}%{_datadir}/getopt/getopt*.tcsh
 # Following files we don't want to package, so remove them
@@ -445,12 +457,12 @@ ln -sf ../..%{_sysconfdir}/init.d/uuidd %{buildroot}%{_sbindir}/rcuuidd
 %if 0%{?suse_version} <= 1130
 %run_permissions
 %else
-%set_permissions /usr/bin/wall /usr/bin/write /usr/bin/mount /usr/bin/umount
+%set_permissions %{_bindir}/wall %{_bindir}/write %{_bindir}/mount %{_bindir}/umount
 %if %{with sysvinit_tools}
-%set_permissions /usr/bin/su
+%set_permissions %{_bindir}/su
 %endif
 %if %{with enable_eject}
-%set_permissions /usr/bin/eject
+%set_permissions %{_bindir}/eject
 %endif
 %endif
 
@@ -464,12 +476,12 @@ fi
 %{insserv_cleanup}
 
 %verifyscript
-%verify_permissions -e /usr/bin/wall -e /usr/bin/write -e /usr/bin/mount -e /usr/bin/umount
+%verify_permissions -e %{_bindir}/wall -e %{_bindir}/write -e %{_bindir}/mount -e %{_bindir}/umount
 %if %{with sysvinit_tools}
-%verify_permissions -e /usr/bin/su
+%verify_permissions -e %{_bindir}/su
 %endif
 %if %{with enable_eject}
-%verify_permissions -e /usr/bin/eject
+%verify_permissions -e %{_bindir}/eject
 %endif
 
 %post -n libblkid1 -p /sbin/ldconfig
@@ -481,8 +493,8 @@ fi
 %postun -n libmount1 -p /sbin/ldconfig
 
 %pre -n uuidd
-/usr/sbin/groupadd -r uuidd 2>/dev/null || :
-/usr/sbin/useradd -r -g uuidd -c "User for uuidd" \
+%{_sbindir}/groupadd -r uuidd 2>/dev/null || :
+%{_sbindir}/useradd -r -g uuidd -c "User for uuidd" \
   -d /var/run/uuidd uuidd 2>/dev/null || :
 
 %preun -n uuidd
@@ -493,7 +505,7 @@ fi
 %if 0%{?suse_version} <= 1130
 %run_permissions
 %else
-%set_permissions /usr/sbin/uuidd
+%set_permissions %{_sbindir}/uuidd
 %endif
 
 %postun -n uuidd
@@ -505,7 +517,7 @@ fi
 %postun -n libuuid1 -p /sbin/ldconfig
 
 %verifyscript -n uuidd
-%verify_permissions -e /usr/sbin/uuidd
+%verify_permissions -e %{_sbindir}/uuidd
 
 %files lang -f %{name}.lang
 
@@ -530,8 +542,13 @@ fi
 %config(noreplace) %attr(644,root,root) %{_sysconfdir}/raw
 %config(noreplace) %{_sysconfdir}/filesystems
 %config(noreplace) %{_sysconfdir}/blkid.conf
-%config(noreplace) /etc/pam.d/login
-%config(noreplace) /etc/pam.d/remote
+%config(noreplace) %{_sysconfdir}/pam.d/login
+%config(noreplace) %{_sysconfdir}/pam.d/remote
+%if %{with enable_su}
+%config(noreplace) %{_sysconfdir}/pam.d/su
+%config(noreplace) %{_sysconfdir}/pam.d/su-l
+%config(noreplace) %{_sysconfdir}/default/su
+%endif
 #UsrMerge
 %if %{with enable_su}
 /bin/kill