Accepting request 177962 from Base:System
- util-linux.spec: work around su(1) PAM problems based on su(1) being provided by both the coreutils and the util-linux package. Fix macro typo in %post and %verifyscript sections related to su(1): s/sysvinit_tools/enable_su/ (forwarded request 177950 from bernhard-voelker) OBS-URL: https://build.opensuse.org/request/show/177962 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/util-linux?expand=0&rev=160
This commit is contained in:
parent
492e97410d
commit
a59bc81b6f
@ -1,41 +0,0 @@
|
||||
From a6f605ed6dcfdf2ea7f6b0bf68e18d8c9ce5ea96 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= <crrodriguez@opensuse.org>
|
||||
Date: Tue, 5 Feb 2013 02:06:04 -0300
|
||||
Subject: [PATCH] Test for secure_getenv too.
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
In current glibc versions, internal __secure_getenv
|
||||
no longer exists and was replaced by secure_getenv()
|
||||
|
||||
Signed-off-by: Cristian Rodríguez <crrodriguez@opensuse.org>
|
||||
---
|
||||
configure.ac | 1 +
|
||||
lib/env.c | 5 +++--
|
||||
2 files changed, 4 insertions(+), 2 deletions(-)
|
||||
|
||||
--- util-linux-2.21.2.orig/configure.ac
|
||||
+++ util-linux-2.21.2/configure.ac
|
||||
@@ -281,6 +281,7 @@ AC_CHECK_FUNCS(
|
||||
posix_fadvise \
|
||||
getmntinfo \
|
||||
__secure_getenv \
|
||||
+ secure_getenv \
|
||||
warn \
|
||||
warnx \
|
||||
rpmatch])
|
||||
--- util-linux-2.21.2.orig/lib/env.c
|
||||
+++ util-linux-2.21.2/lib/env.c
|
||||
@@ -98,8 +98,9 @@ char *safe_getenv(const char *arg)
|
||||
return NULL;
|
||||
#endif
|
||||
#endif
|
||||
-
|
||||
-#ifdef HAVE___SECURE_GETENV
|
||||
+#ifdef HAVE_SECURE_GETENV
|
||||
+return secure_getenv(arg);
|
||||
+#elif HAVE___SECURE_GETENV
|
||||
return __secure_getenv(arg);
|
||||
#else
|
||||
return getenv(arg);
|
@ -1,107 +0,0 @@
|
||||
From f47373c950e812208f5db14cf728a54c31f750bf Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= <crrodriguez@opensuse.org>
|
||||
Date: Wed, 26 Dec 2012 14:30:48 -0300
|
||||
Subject: [PATCH 1/2] include/bitops.h: Use the operating system byteswapping
|
||||
functions
|
||||
|
||||
There is no need to reinvent the wheel.
|
||||
---
|
||||
include/bitops.h | 69 +++++++++++++++-----------------------------------------
|
||||
1 file changed, 18 insertions(+), 51 deletions(-)
|
||||
|
||||
diff --git a/include/bitops.h b/include/bitops.h
|
||||
index 81375d0..89b418c 100644
|
||||
--- a/include/bitops.h
|
||||
+++ b/include/bitops.h
|
||||
@@ -8,6 +8,9 @@
|
||||
*/
|
||||
#include <sys/param.h>
|
||||
|
||||
+#include <byteswap.h>
|
||||
+#include <endian.h>
|
||||
+
|
||||
#ifndef NBBY
|
||||
# define NBBY CHAR_BIT
|
||||
#endif
|
||||
@@ -22,63 +25,27 @@
|
||||
/*
|
||||
* Byte swab macros (based on linux/byteorder/swab.h)
|
||||
*/
|
||||
-#define swab16(x) \
|
||||
- ((uint16_t)( \
|
||||
- (((uint16_t)(x) & (uint16_t)0x00ffU) << 8) | \
|
||||
- (((uint16_t)(x) & (uint16_t)0xff00U) >> 8) ))
|
||||
-
|
||||
-#define swab32(x) \
|
||||
- ((uint32_t)( \
|
||||
- (((uint32_t)(x) & (uint32_t)0x000000ffUL) << 24) | \
|
||||
- (((uint32_t)(x) & (uint32_t)0x0000ff00UL) << 8) | \
|
||||
- (((uint32_t)(x) & (uint32_t)0x00ff0000UL) >> 8) | \
|
||||
- (((uint32_t)(x) & (uint32_t)0xff000000UL) >> 24) ))
|
||||
-
|
||||
-#define swab64(x) \
|
||||
- ((uint64_t)( \
|
||||
- (uint64_t)(((uint64_t)(x) & (uint64_t)0x00000000000000ffULL) << 56) | \
|
||||
- (uint64_t)(((uint64_t)(x) & (uint64_t)0x000000000000ff00ULL) << 40) | \
|
||||
- (uint64_t)(((uint64_t)(x) & (uint64_t)0x0000000000ff0000ULL) << 24) | \
|
||||
- (uint64_t)(((uint64_t)(x) & (uint64_t)0x00000000ff000000ULL) << 8) | \
|
||||
- (uint64_t)(((uint64_t)(x) & (uint64_t)0x000000ff00000000ULL) >> 8) | \
|
||||
- (uint64_t)(((uint64_t)(x) & (uint64_t)0x0000ff0000000000ULL) >> 24) | \
|
||||
- (uint64_t)(((uint64_t)(x) & (uint64_t)0x00ff000000000000ULL) >> 40) | \
|
||||
- (uint64_t)(((uint64_t)(x) & (uint64_t)0xff00000000000000ULL) >> 56) ))
|
||||
-
|
||||
-
|
||||
-#ifdef WORDS_BIGENDIAN
|
||||
+#define swab16(x) bswap_16(x)
|
||||
|
||||
-#define cpu_to_le16(x) swab16(x)
|
||||
-#define cpu_to_le32(x) swab32(x)
|
||||
-#define cpu_to_le64(x) swab64(x)
|
||||
-#define cpu_to_be16(x) ((uint16_t)(x))
|
||||
-#define cpu_to_be32(x) ((uint32_t)(x))
|
||||
-#define cpu_to_be64(x) ((uint64_t)(x))
|
||||
+#define swab32(x) bswap_32(x)
|
||||
|
||||
-#define le16_to_cpu(x) swab16(x)
|
||||
-#define le32_to_cpu(x) swab32(x)
|
||||
-#define le64_to_cpu(x) swab64(x)
|
||||
-#define be16_to_cpu(x) ((uint16_t)(x))
|
||||
-#define be32_to_cpu(x) ((uint32_t)(x))
|
||||
-#define be64_to_cpu(x) ((uint64_t)(x))
|
||||
+#define swab64(x) bswap_64(x)
|
||||
|
||||
-#else /* !WORDS_BIGENDIAN */
|
||||
+#define cpu_to_le16(x) htole16(x)
|
||||
+#define cpu_to_le32(x) htole32(x)
|
||||
+#define cpu_to_le64(x) htole64(x)
|
||||
|
||||
-#define cpu_to_le16(x) ((uint16_t)(x))
|
||||
-#define cpu_to_le32(x) ((uint32_t)(x))
|
||||
-#define cpu_to_le64(x) ((uint64_t)(x))
|
||||
-#define cpu_to_be16(x) swab16(x)
|
||||
-#define cpu_to_be32(x) swab32(x)
|
||||
-#define cpu_to_be64(x) swab64(x)
|
||||
+#define cpu_to_be16(x) htobe16(x)
|
||||
+#define cpu_to_be32(x) htobe32(x)
|
||||
+#define cpu_to_be64(x) htobe64(x)
|
||||
|
||||
-#define le16_to_cpu(x) ((uint16_t)(x))
|
||||
-#define le32_to_cpu(x) ((uint32_t)(x))
|
||||
-#define le64_to_cpu(x) ((uint64_t)(x))
|
||||
-#define be16_to_cpu(x) swab16(x)
|
||||
-#define be32_to_cpu(x) swab32(x)
|
||||
-#define be64_to_cpu(x) swab64(x)
|
||||
+#define le16_to_cpu(x) le16toh(x)
|
||||
+#define le32_to_cpu(x) le32toh(x)
|
||||
+#define le64_to_cpu(x) le64toh(x)
|
||||
|
||||
-#endif /* WORDS_BIGENDIAN */
|
||||
+#define be16_to_cpu(x) be16toh(x)
|
||||
+#define be32_to_cpu(x) be32toh(x)
|
||||
+#define be64_to_cpu(x) be64toh(x)
|
||||
|
||||
#endif /* BITOPS_H */
|
||||
|
||||
--
|
||||
1.8.0.2
|
||||
|
@ -1,78 +0,0 @@
|
||||
From 33c5fd0c5a774458470c86f9d318d8c48a9c9ccb Mon Sep 17 00:00:00 2001
|
||||
From: Karel Zak <kzak@redhat.com>
|
||||
Date: Mon, 26 Nov 2012 16:24:28 +0100
|
||||
Subject: [PATCH] lib/canonicalize: add canonicalize_path_restricted() to
|
||||
canonicalize without suid permisssions
|
||||
|
||||
Signed-off-by: Karel Zak <kzak@redhat.com>
|
||||
Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
|
||||
---
|
||||
include/canonicalize.h | 1 +
|
||||
lib/canonicalize.c | 42 ++++++++++++++++++++++++++++++++++++++++++
|
||||
2 files changed, 43 insertions(+)
|
||||
|
||||
Index: util-linux-2.21.2/include/canonicalize.h
|
||||
===================================================================
|
||||
--- util-linux-2.21.2.orig/include/canonicalize.h
|
||||
+++ util-linux-2.21.2/include/canonicalize.h
|
||||
@@ -4,6 +4,7 @@
|
||||
#include "c.h" /* for PATH_MAX */
|
||||
|
||||
extern char *canonicalize_path(const char *path);
|
||||
+extern char *canonicalize_path_restricted(const char *path);
|
||||
extern char *canonicalize_dm_name(const char *ptname);
|
||||
|
||||
#endif /* CANONICALIZE_H */
|
||||
Index: util-linux-2.21.2/lib/canonicalize.c
|
||||
===================================================================
|
||||
--- util-linux-2.21.2.orig/lib/canonicalize.c
|
||||
+++ util-linux-2.21.2/lib/canonicalize.c
|
||||
@@ -188,6 +188,48 @@ canonicalize_path(const char *path)
|
||||
return strdup(canonical);
|
||||
}
|
||||
|
||||
+char *
|
||||
+canonicalize_path_restricted(const char *path)
|
||||
+{
|
||||
+ char canonical[PATH_MAX+2];
|
||||
+ char *p = NULL;
|
||||
+ int errsv;
|
||||
+ uid_t euid;
|
||||
+ gid_t egid;
|
||||
+
|
||||
+ if (path == NULL)
|
||||
+ return NULL;
|
||||
+
|
||||
+ euid = geteuid();
|
||||
+ egid = getegid();
|
||||
+
|
||||
+ /* drop permissions */
|
||||
+ if (setegid(getgid()) < 0 || seteuid(getuid()) < 0)
|
||||
+ return NULL;
|
||||
+
|
||||
+ errsv = errno = 0;
|
||||
+
|
||||
+ if (myrealpath(path, canonical, PATH_MAX+1)) {
|
||||
+ p = strrchr(canonical, '/');
|
||||
+ if (p && strncmp(p, "/dm-", 4) == 0 && isdigit(*(p + 4)))
|
||||
+ p = canonicalize_dm_name(p+1);
|
||||
+ else
|
||||
+ p = NULL;
|
||||
+ if (!p)
|
||||
+ p = strdup(canonical);
|
||||
+ } else
|
||||
+ errsv = errno;
|
||||
+
|
||||
+ /* restore */
|
||||
+ if (setegid(egid) < 0 || seteuid(euid) < 0) {
|
||||
+ free(p);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ errno = errsv;
|
||||
+ return p;
|
||||
+}
|
||||
+
|
||||
|
||||
#ifdef TEST_PROGRAM_CANONICALIZE
|
||||
int main(int argc, char **argv)
|
@ -1,18 +1,12 @@
|
||||
Index: util-linux-2.21-rc2/fdisk/Makefile.am
|
||||
===================================================================
|
||||
--- util-linux-2.21-rc2.orig/fdisk/Makefile.am
|
||||
+++ util-linux-2.21-rc2/fdisk/Makefile.am
|
||||
@@ -64,9 +64,13 @@ sbin_PROGRAMS += cfdisk
|
||||
dist_man_MANS += cfdisk.8
|
||||
cfdisk_SOURCES = cfdisk.c $(fdisk_common)
|
||||
cfdisk_CFLAGS = $(cflags_blkid)
|
||||
--- util-linux-2.23.1/fdisks/Makemodule.am
|
||||
+++ util-linux-2.23.1/fdisks/Makemodule.am 2013-06-05 09:58:30.753439465 +0000
|
||||
@@ -79,6 +79,9 @@ endif
|
||||
if HAVE_SLANG
|
||||
cfdisk_LDADD += -lslang
|
||||
else
|
||||
+if HAVE_TINFO
|
||||
+cfdisk_LDADD = -ltinfo @NCURSES_LIBS@ $(ldadd_blkid)
|
||||
+else
|
||||
cfdisk_LDADD = @NCURSES_LIBS@ $(ldadd_blkid)
|
||||
endif
|
||||
endif
|
||||
+cfdisk_LDADD += -ltinfo
|
||||
+endif
|
||||
|
||||
endif # !ARCH_SPARC
|
||||
endif # !ARCH_M68K
|
||||
if HAVE_NCURSES
|
||||
cfdisk_LDADD += @NCURSES_LIBS@
|
||||
endif
|
||||
|
@ -1,14 +0,0 @@
|
||||
Index: util-linux-2.21.2/fdisk/fdiskbsdlabel.h
|
||||
===================================================================
|
||||
--- util-linux-2.21.2.orig/fdisk/fdiskbsdlabel.h
|
||||
+++ util-linux-2.21.2/fdisk/fdiskbsdlabel.h
|
||||
@@ -48,7 +48,8 @@
|
||||
|
||||
#if defined (__i386__) || defined (__sparc__) || defined (__arm__) || \
|
||||
defined (__mips__) || defined (__s390__) || defined (__sh__) || \
|
||||
- defined(__x86_64__) || defined (__avr32__) || defined(__cris__)
|
||||
+ defined(__x86_64__) || defined (__avr32__) || defined(__cris__) || \
|
||||
+ defined(__aarch64__)
|
||||
#define BSD_LABELSECTOR 1
|
||||
#define BSD_LABELOFFSET 0
|
||||
#elif defined (__alpha__) || defined (__powerpc__) || defined (__ia64__) || defined (__hppa__)
|
@ -1,59 +0,0 @@
|
||||
From 82756a747e4bcfc13a27b7618d889af080649584 Mon Sep 17 00:00:00 2001
|
||||
From: Karel Zak <kzak@redhat.com>
|
||||
Date: Mon, 28 May 2012 12:26:36 +0200
|
||||
Subject: [PATCH] libmount: add MNT_ERR_LOOPDEV
|
||||
|
||||
Signed-off-by: Karel Zak <kzak@redhat.com>
|
||||
Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
|
||||
---
|
||||
lib/loopdev.c | 4 ++++
|
||||
libmount/src/context_loopdev.c | 1 +
|
||||
libmount/src/libmount.h.in | 1 +
|
||||
3 files changed, 6 insertions(+), 0 deletions(-)
|
||||
|
||||
Index: util-linux-2.21.2/lib/loopdev.c
|
||||
===================================================================
|
||||
--- util-linux-2.21.2.orig/lib/loopdev.c
|
||||
+++ util-linux-2.21.2/lib/loopdev.c
|
||||
@@ -173,6 +173,8 @@ int loopcxt_init(struct loopdev_cxt *lc,
|
||||
*/
|
||||
void loopcxt_deinit(struct loopdev_cxt *lc)
|
||||
{
|
||||
+ int errsv = errno;
|
||||
+
|
||||
if (!lc)
|
||||
return;
|
||||
|
||||
@@ -183,6 +185,8 @@ void loopcxt_deinit(struct loopdev_cxt *
|
||||
|
||||
loopcxt_set_device(lc, NULL);
|
||||
loopcxt_deinit_iterator(lc);
|
||||
+
|
||||
+ errno = errsv;
|
||||
}
|
||||
|
||||
/*
|
||||
Index: util-linux-2.21.2/libmount/src/context_loopdev.c
|
||||
===================================================================
|
||||
--- util-linux-2.21.2.orig/libmount/src/context_loopdev.c
|
||||
+++ util-linux-2.21.2/libmount/src/context_loopdev.c
|
||||
@@ -261,6 +261,7 @@ int mnt_context_setup_loopdev(struct lib
|
||||
|
||||
if (loopdev || rc != -EBUSY) {
|
||||
DBG(CXT, mnt_debug_h(cxt, "failed to setup device"));
|
||||
+ rc = -MNT_ERR_LOOPDEV;
|
||||
goto done;
|
||||
}
|
||||
DBG(CXT, mnt_debug_h(cxt, "loopdev stolen...trying again"));
|
||||
Index: util-linux-2.21.2/libmount/src/libmount.h.in
|
||||
===================================================================
|
||||
--- util-linux-2.21.2.orig/libmount/src/libmount.h.in
|
||||
+++ util-linux-2.21.2/libmount/src/libmount.h.in
|
||||
@@ -126,6 +126,7 @@ enum {
|
||||
#define MNT_ERR_NOFSTAB 5000 /* not found required entry in fstab */
|
||||
#define MNT_ERR_NOFSTYPE 5001 /* failed to detect filesystem type */
|
||||
#define MNT_ERR_NOSOURCE 5002 /* required mount source undefined */
|
||||
+#define MNT_ERR_LOOPDEV 5003 /* loopdev setup failed, errno set by libc */
|
||||
|
||||
/* init.c */
|
||||
extern void mnt_init_debug(int mask);
|
@ -1,68 +0,0 @@
|
||||
From 47dea49b4cb4a4a98a6c518cc17f6d2c92be9528 Mon Sep 17 00:00:00 2001
|
||||
From: Karel Zak <kzak@redhat.com>
|
||||
Date: Tue, 24 Apr 2012 11:57:32 +0200
|
||||
Subject: [PATCH] libmount: add special MNT_ERR_ codes
|
||||
|
||||
... to detect some situations where standard -errno is too generic.
|
||||
|
||||
Signed-off-by: Karel Zak <kzak@redhat.com>
|
||||
Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
|
||||
---
|
||||
libmount/src/context.c | 20 ++++++++++----------
|
||||
libmount/src/libmount.h.in | 12 ++++++++++++
|
||||
2 files changed, 22 insertions(+), 10 deletions(-)
|
||||
|
||||
Index: util-linux-2.21.2/libmount/src/context.c
|
||||
===================================================================
|
||||
--- util-linux-2.21.2.orig/libmount/src/context.c
|
||||
+++ util-linux-2.21.2/libmount/src/context.c
|
||||
@@ -1186,7 +1186,7 @@ int mnt_context_prepare_srcpath(struct l
|
||||
if (cache)
|
||||
path = mnt_resolve_tag(t, v, cache);
|
||||
|
||||
- rc = path ? mnt_fs_set_source(cxt->fs, path) : -EINVAL;
|
||||
+ rc = path ? mnt_fs_set_source(cxt->fs, path) : -MNT_ERR_NOSOURCE;
|
||||
|
||||
} else if (cache && !mnt_fs_is_pseudofs(cxt->fs)) {
|
||||
/*
|
||||
@@ -1247,7 +1247,7 @@ int mnt_context_prepare_target(struct li
|
||||
cache = mnt_context_get_cache(cxt);
|
||||
if (cache) {
|
||||
char *path = mnt_resolve_path(tgt, cache);
|
||||
- if (strcmp(path, tgt))
|
||||
+ if (path && strcmp(path, tgt) != 0)
|
||||
rc = mnt_fs_set_target(cxt->fs, path);
|
||||
}
|
||||
|
||||
@@ -1543,7 +1543,7 @@ static int apply_table(struct libmnt_con
|
||||
}
|
||||
|
||||
if (!fs)
|
||||
- return -EINVAL;
|
||||
+ return -MNT_ERR_NOFSTAB; /* not found */
|
||||
|
||||
DBG(CXT, mnt_debug_h(cxt, "apply entry:"));
|
||||
DBG(CXT, mnt_fs_print_debug(fs, stderr));
|
||||
Index: util-linux-2.21.2/libmount/src/libmount.h.in
|
||||
===================================================================
|
||||
--- util-linux-2.21.2.orig/libmount/src/libmount.h.in
|
||||
+++ util-linux-2.21.2/libmount/src/libmount.h.in
|
||||
@@ -115,6 +115,18 @@ enum {
|
||||
MNT_ACT_UMOUNT
|
||||
};
|
||||
|
||||
+/*
|
||||
+ * Errors -- by default libmount returns -errno for generic errors (ENOMEM,
|
||||
+ * EINVAL, ...) and for mount(2) errors, but for some specific operations it
|
||||
+ * returns private error codes. Note that maximum system errno value should be
|
||||
+ * 4095 on UNIXes.
|
||||
+ *
|
||||
+ * See also mnt_context_get_syscall_errno() and mnt_context_get_helper_status().
|
||||
+ */
|
||||
+#define MNT_ERR_NOFSTAB 5000 /* not found required entry in fstab */
|
||||
+#define MNT_ERR_NOFSTYPE 5001 /* failed to detect filesystem type */
|
||||
+#define MNT_ERR_NOSOURCE 5002 /* required mount source undefined */
|
||||
+
|
||||
/* init.c */
|
||||
extern void mnt_init_debug(int mask);
|
||||
|
@ -1,115 +0,0 @@
|
||||
From e90e7401d0c318c9dac4a0204e2bca86949b1d32 Mon Sep 17 00:00:00 2001
|
||||
From: Karel Zak <kzak@redhat.com>
|
||||
Date: Thu, 14 Jun 2012 14:19:26 +0200
|
||||
Subject: [PATCH] libmount: don't use nosuid,noexec,nodev for cifs user=foo
|
||||
|
||||
mount -t cifs //127.0.0.1/users /mnt/smb -o user=root,password=linux
|
||||
|
||||
is incorrectly translated to
|
||||
|
||||
mount.cifs -o noexec,nosuid,nodev,user=root,password=linux ...
|
||||
|
||||
The command mount(8) should be sensitive to "user" (without "=<name>")
|
||||
only. The correct cifs command line is:
|
||||
|
||||
mount.cifs -o user=root,password=linux
|
||||
|
||||
Addresses: https://bugzilla.novell.com/show_bug.cgi?id=766157
|
||||
Signed-off-by: Karel Zak <kzak@redhat.com>
|
||||
Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
|
||||
---
|
||||
libmount/src/context_mount.c | 29 +++++++++++++++++++++++++++--
|
||||
libmount/src/optstr.c | 9 +++++----
|
||||
2 files changed, 32 insertions(+), 6 deletions(-)
|
||||
|
||||
Index: util-linux-2.21.2/libmount/src/context_mount.c
|
||||
===================================================================
|
||||
--- util-linux-2.21.2.orig/libmount/src/context_mount.c
|
||||
+++ util-linux-2.21.2/libmount/src/context_mount.c
|
||||
@@ -53,6 +53,15 @@ static int fix_optstr(struct libmnt_cont
|
||||
if (cxt->mountflags & MS_PROPAGATION)
|
||||
cxt->mountflags &= (MS_PROPAGATION | MS_REC | MS_SILENT);
|
||||
|
||||
+ /*
|
||||
+ * The "user" options is our business (so we can modify the option),
|
||||
+ * but exception is command line for /sbin/mount.<type> helpers. Let's
|
||||
+ * save the original user=<name> to call the helpers with unchanged
|
||||
+ * "user" setting.
|
||||
+ *
|
||||
+ * Don't check for MNT_MS_USER in cxt->user_mountflags, the flag maybe
|
||||
+ * removed by evaluate_permissions().
|
||||
+ */
|
||||
if (!mnt_optstr_get_option(fs->user_optstr, "user", &val, &valsz)) {
|
||||
if (val) {
|
||||
cxt->orig_user = strndup(val, valsz);
|
||||
@@ -196,6 +205,10 @@ err:
|
||||
|
||||
/*
|
||||
* this has to be called before fix_optstr()
|
||||
+ *
|
||||
+ * Note that user=<name> maybe be used by some filesystems as filesystem
|
||||
+ * specific option (e.g. cifs). Yes, developers of such filesystems have
|
||||
+ * allocated pretty hot place in hell...
|
||||
*/
|
||||
static int evaluate_permissions(struct libmnt_context *cxt)
|
||||
{
|
||||
@@ -233,10 +246,22 @@ static int evaluate_permissions(struct l
|
||||
}
|
||||
|
||||
/*
|
||||
- * Note that MS_OWNERSECURE and MS_SECURE mount options
|
||||
- * are applied by mnt_optstr_get_flags() from mnt_context_merge_mflags()
|
||||
+ * MS_OWNERSECURE and MS_SECURE mount options are already
|
||||
+ * applied by mnt_optstr_get_flags() in mnt_context_merge_mflags()
|
||||
+ * if "user" (but no user=<name> !) options is set.
|
||||
+ *
|
||||
+ * Let's ignore all user=<name> (if <name> is set) requests.
|
||||
*/
|
||||
+ if (cxt->user_mountflags & MNT_MS_USER) {
|
||||
+ size_t valsz = 0;
|
||||
|
||||
+ if (!mnt_optstr_get_option(cxt->fs->user_optstr,
|
||||
+ "user", NULL, &valsz) && valsz) {
|
||||
+
|
||||
+ DBG(CXT, mnt_debug_h(cxt, "perms: user=<name> detected, ignore"));
|
||||
+ cxt->user_mountflags &= ~MNT_MS_USER;
|
||||
+ }
|
||||
+ }
|
||||
|
||||
/*
|
||||
* MS_OWNER: Allow owners to mount when fstab contains the
|
||||
Index: util-linux-2.21.2/libmount/src/optstr.c
|
||||
===================================================================
|
||||
--- util-linux-2.21.2.orig/libmount/src/optstr.c
|
||||
+++ util-linux-2.21.2/libmount/src/optstr.c
|
||||
@@ -579,7 +579,7 @@ int mnt_optstr_get_flags(const char *opt
|
||||
{
|
||||
struct libmnt_optmap const *maps[2];
|
||||
char *name, *str = (char *) optstr;
|
||||
- size_t namesz = 0;
|
||||
+ size_t namesz = 0, valsz = 0;
|
||||
int nmaps = 0;
|
||||
|
||||
assert(optstr);
|
||||
@@ -596,7 +596,7 @@ int mnt_optstr_get_flags(const char *opt
|
||||
*/
|
||||
maps[nmaps++] = mnt_get_builtin_optmap(MNT_USERSPACE_MAP);
|
||||
|
||||
- while(!mnt_optstr_next_option(&str, &name, &namesz, NULL, NULL)) {
|
||||
+ while(!mnt_optstr_next_option(&str, &name, &namesz, NULL, &valsz)) {
|
||||
const struct libmnt_optmap *ent;
|
||||
const struct libmnt_optmap *m;
|
||||
|
||||
@@ -610,9 +610,10 @@ int mnt_optstr_get_flags(const char *opt
|
||||
else
|
||||
*flags |= ent->id;
|
||||
|
||||
- } else if (nmaps == 2 && m == maps[1]) {
|
||||
+ } else if (nmaps == 2 && m == maps[1] && valsz == 0) {
|
||||
/*
|
||||
- * Special case -- translate "user" to MS_ options
|
||||
+ * Special case -- translate "user" (but no user=) to
|
||||
+ * MS_ options
|
||||
*/
|
||||
if (ent->mask & MNT_INVERT)
|
||||
continue;
|
@ -1,39 +0,0 @@
|
||||
From 2e7035646eb85851171cc2e989bfa858a4f00cd4 Mon Sep 17 00:00:00 2001
|
||||
From: Karel Zak <kzak@redhat.com>
|
||||
Date: Thu, 12 Jul 2012 16:33:52 +0200
|
||||
Subject: login: close tty before vhangup()
|
||||
Git-commit: 2e7035646eb85851171cc2e989bfa858a4f00cd4
|
||||
Patch-mainline: v2.22-rc1
|
||||
References: bnc#778842
|
||||
|
||||
Let's close all tty file descriptors before vhangup() call.
|
||||
|
||||
References: https://lkml.org/lkml/2012/6/5/145
|
||||
Signed-off-by: Karel Zak <kzak@redhat.com>
|
||||
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
|
||||
---
|
||||
login-utils/login.c | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/login-utils/login.c b/login-utils/login.c
|
||||
index fe13d8d..c0cc00a 100644
|
||||
--- a/login-utils/login.c
|
||||
+++ b/login-utils/login.c
|
||||
@@ -409,6 +409,14 @@ static void init_tty(struct login_context *cxt)
|
||||
/* Kill processes left on this tty */
|
||||
tcsetattr(0, TCSAFLUSH, &ttt);
|
||||
|
||||
+ /*
|
||||
+ * Let's close file decriptors before vhangup
|
||||
+ * https://lkml.org/lkml/2012/6/5/145
|
||||
+ */
|
||||
+ close(STDIN_FILENO);
|
||||
+ close(STDOUT_FILENO);
|
||||
+ close(STDERR_FILENO);
|
||||
+
|
||||
signal(SIGHUP, SIG_IGN); /* so vhangup() wont kill us */
|
||||
vhangup();
|
||||
signal(SIGHUP, SIG_DFL);
|
||||
--
|
||||
1.7.12
|
||||
|
143
make-sure-sbin-resp-usr-sbin-are-in-PATH.diff
Normal file
143
make-sure-sbin-resp-usr-sbin-are-in-PATH.diff
Normal file
@ -0,0 +1,143 @@
|
||||
--- util-linux-2.23.1/login-utils/su-common.c
|
||||
+++ util-linux-2.23.1/login-utils/su-common.c 2013-06-06 08:46:59.575872090 +0000
|
||||
@@ -473,6 +473,117 @@ set_path(const struct passwd* pw)
|
||||
err (EXIT_FAILURE, _("failed to set PATH"));
|
||||
}
|
||||
|
||||
+/* Add or clear /sbin and /usr/sbin for the su command
|
||||
+ used without `-'. */
|
||||
+
|
||||
+/* Set if /sbin is found in path. */
|
||||
+#define SBIN_MASK 0x01
|
||||
+/* Set if /usr/sbin is found in path. */
|
||||
+#define USBIN_MASK 0x02
|
||||
+
|
||||
+static char *
|
||||
+addsbin (const char *const path)
|
||||
+{
|
||||
+ unsigned char smask = 0;
|
||||
+ char *ptr, *tmp, *cur, *ret = NULL;
|
||||
+ size_t len;
|
||||
+
|
||||
+ if (!path || *path == 0)
|
||||
+ return NULL;
|
||||
+
|
||||
+ tmp = xstrdup (path);
|
||||
+ cur = tmp;
|
||||
+ for (ptr = strsep (&cur, ":"); ptr != NULL; ptr = strsep (&cur, ":"))
|
||||
+ {
|
||||
+ if (!strcmp (ptr, "/sbin"))
|
||||
+ smask |= SBIN_MASK;
|
||||
+ if (!strcmp (ptr, "/usr/sbin"))
|
||||
+ smask |= USBIN_MASK;
|
||||
+ }
|
||||
+
|
||||
+ if ((smask & (USBIN_MASK|SBIN_MASK)) == (USBIN_MASK|SBIN_MASK))
|
||||
+ {
|
||||
+ free (tmp);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ len = strlen (path);
|
||||
+ if (!(smask & USBIN_MASK))
|
||||
+ len += strlen ("/usr/sbin:");
|
||||
+
|
||||
+ if (!(smask & SBIN_MASK))
|
||||
+ len += strlen (":/sbin");
|
||||
+
|
||||
+ ret = xmalloc (len + 1);
|
||||
+ strcpy (tmp, path);
|
||||
+
|
||||
+ *ret = 0;
|
||||
+ cur = tmp;
|
||||
+ for (ptr = strsep (&cur, ":"); ptr; ptr = strsep (&cur, ":"))
|
||||
+ {
|
||||
+ if (!strcmp (ptr, "."))
|
||||
+ continue;
|
||||
+ if (*ret)
|
||||
+ strcat (ret, ":");
|
||||
+ if (!(smask & USBIN_MASK) && !strcmp (ptr, "/bin"))
|
||||
+ {
|
||||
+ strcat (ret, "/usr/sbin:");
|
||||
+ strcat (ret, ptr);
|
||||
+ smask |= USBIN_MASK;
|
||||
+ continue;
|
||||
+ }
|
||||
+ if (!(smask & SBIN_MASK) && !strcmp (ptr, "/usr/bin"))
|
||||
+ {
|
||||
+ strcat (ret, ptr);
|
||||
+ strcat (ret, ":/sbin");
|
||||
+ smask |= SBIN_MASK;
|
||||
+ continue;
|
||||
+ }
|
||||
+ strcat (ret, ptr);
|
||||
+ }
|
||||
+ free (tmp);
|
||||
+
|
||||
+ if (!(smask & USBIN_MASK))
|
||||
+ strcat (ret, ":/usr/sbin");
|
||||
+
|
||||
+ if (!(smask & SBIN_MASK))
|
||||
+ strcat (ret, ":/sbin");
|
||||
+
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
+static char *
|
||||
+clearsbin (const char *const path)
|
||||
+{
|
||||
+ char *ptr, *tmp, *cur, *ret = NULL;
|
||||
+
|
||||
+ if (!path || *path == 0)
|
||||
+ return NULL;
|
||||
+
|
||||
+ tmp = strdup (path);
|
||||
+ if (!tmp)
|
||||
+ return NULL;
|
||||
+
|
||||
+ ret = xmalloc (strlen (path) + 1);
|
||||
+ *ret = 0;
|
||||
+ cur = tmp;
|
||||
+ for (ptr = strsep (&cur, ":"); ptr; ptr = strsep (&cur, ":"))
|
||||
+ {
|
||||
+ if (!strcmp (ptr, "/sbin"))
|
||||
+ continue;
|
||||
+ if (!strcmp (ptr, "/usr/sbin"))
|
||||
+ continue;
|
||||
+ if (!strcmp (ptr, "/usr/local/sbin"))
|
||||
+ continue;
|
||||
+ if (*ret)
|
||||
+ strcat (ret, ":");
|
||||
+ strcat (ret, ptr);
|
||||
+ }
|
||||
+ free (tmp);
|
||||
+
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
/* Update `environ' for the new shell based on PW, with SHELL being
|
||||
the value for the SHELL environment variable. */
|
||||
|
||||
@@ -508,6 +619,22 @@ modify_environment (const struct passwd
|
||||
xsetenv ("SHELL", shell, 1);
|
||||
if (getlogindefs_bool ("ALWAYS_SET_PATH", 0))
|
||||
set_path(pw);
|
||||
+ else
|
||||
+ {
|
||||
+ char const *path = getenv ("PATH");
|
||||
+ char *new = NULL;
|
||||
+
|
||||
+ if (pw->pw_uid)
|
||||
+ new = clearsbin (path);
|
||||
+ else
|
||||
+ new = addsbin (path);
|
||||
+
|
||||
+ if (new)
|
||||
+ {
|
||||
+ xsetenv ("PATH", new, 1);
|
||||
+ free (new);
|
||||
+ }
|
||||
+ }
|
||||
|
||||
if (pw->pw_uid)
|
||||
{
|
@ -1,51 +0,0 @@
|
||||
From 10389b1e4535dda7d27e5ab39d3d4f9d7868a5c9 Mon Sep 17 00:00:00 2001
|
||||
From: Karel Zak <kzak@redhat.com>
|
||||
Date: Mon, 28 May 2012 12:26:41 +0200
|
||||
Subject: [PATCH] mount: (new) add loopdev specific error message
|
||||
|
||||
Signed-off-by: Karel Zak <kzak@redhat.com>
|
||||
Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
|
||||
---
|
||||
sys-utils/mount.c | 15 ++++++++++++---
|
||||
1 files changed, 12 insertions(+), 3 deletions(-)
|
||||
|
||||
Index: util-linux-2.21.2/sys-utils/mount.c
|
||||
===================================================================
|
||||
--- util-linux-2.21.2.orig/sys-utils/mount.c
|
||||
+++ util-linux-2.21.2/sys-utils/mount.c
|
||||
@@ -354,6 +354,9 @@ try_readonly:
|
||||
return MOUNT_EX_SUCCESS; /* mount(2) success */
|
||||
}
|
||||
|
||||
+ mnt_context_get_mflags(cxt, &mflags); /* mount(2) flags */
|
||||
+ mnt_context_get_user_mflags(cxt, &uflags); /* userspace flags */
|
||||
+
|
||||
if (!mnt_context_syscall_called(cxt)) {
|
||||
/*
|
||||
* libmount errors (extra library checks)
|
||||
@@ -382,7 +385,15 @@ try_readonly:
|
||||
else
|
||||
warnx(_("mount source not defined"));
|
||||
return MOUNT_EX_USAGE;
|
||||
-
|
||||
+ case -MNT_ERR_LOOPDEV:
|
||||
+ if (errno == ENOENT
|
||||
+ && (uflags & MNT_MS_ENCRYPTION)
|
||||
+ && src && stat(src, &st) == 0)
|
||||
+ warnx(_("%s: failed to setup loop device "
|
||||
+ "(probably unknown encryption type)"), src);
|
||||
+ else
|
||||
+ warn(_("%s: failed to setup loop device"), src);
|
||||
+ return MOUNT_EX_FAIL;
|
||||
default:
|
||||
return handle_generic_errors(rc, _("%s: mount failed"),
|
||||
tgt ? tgt : src);
|
||||
@@ -406,8 +417,6 @@ try_readonly:
|
||||
*/
|
||||
syserr = mnt_context_get_syscall_errno(cxt);
|
||||
|
||||
- mnt_context_get_mflags(cxt, &mflags); /* mount(2) flags */
|
||||
- mnt_context_get_user_mflags(cxt, &uflags); /* userspace flags */
|
||||
|
||||
switch(syserr) {
|
||||
case EPERM:
|
@ -1,25 +0,0 @@
|
||||
From e26de525e21677c680d87f63e4dafbe4859365bf Mon Sep 17 00:00:00 2001
|
||||
From: Karel Zak <kzak@redhat.com>
|
||||
Date: Thu, 14 Jun 2012 14:43:21 +0200
|
||||
Subject: [PATCH] mount: (new) allow sloppy for non-root
|
||||
|
||||
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=825836
|
||||
Signed-off-by: Karel Zak <kzak@redhat.com>
|
||||
Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
|
||||
---
|
||||
sys-utils/mount.c | 2 +-
|
||||
1 files changed, 1 insertions(+), 1 deletions(-)
|
||||
|
||||
Index: util-linux-2.21.2/sys-utils/mount.c
|
||||
===================================================================
|
||||
--- util-linux-2.21.2.orig/sys-utils/mount.c
|
||||
+++ util-linux-2.21.2/sys-utils/mount.c
|
||||
@@ -732,7 +732,7 @@ int main(int argc, char **argv)
|
||||
longopts, NULL)) != -1) {
|
||||
|
||||
/* only few options are allowed for non-root users */
|
||||
- if (mnt_context_is_restricted(cxt) && !strchr("hlLUVvpri", c))
|
||||
+ if (mnt_context_is_restricted(cxt) && !strchr("hlLUVvpris", c))
|
||||
exit_non_root(option_to_longopt(c, longopts));
|
||||
|
||||
switch(c) {
|
@ -1,46 +0,0 @@
|
||||
From 58f108ef2b9c8cc0362e7781a72e5e921dc383b3 Mon Sep 17 00:00:00 2001
|
||||
From: Karel Zak <kzak@redhat.com>
|
||||
Date: Tue, 17 Apr 2012 11:36:36 +0200
|
||||
Subject: [PATCH] mount: (new) improve error messages
|
||||
|
||||
Signed-off-by: Karel Zak <kzak@redhat.com>
|
||||
Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
|
||||
---
|
||||
sys-utils/mount.c | 15 +++++++--------
|
||||
1 files changed, 7 insertions(+), 8 deletions(-)
|
||||
|
||||
Index: util-linux-2.21.2/sys-utils/mount.c
|
||||
===================================================================
|
||||
--- util-linux-2.21.2.orig/sys-utils/mount.c
|
||||
+++ util-linux-2.21.2/sys-utils/mount.c
|
||||
@@ -367,16 +367,13 @@ try_readonly:
|
||||
return MOUNT_EX_USAGE;
|
||||
}
|
||||
|
||||
- /*
|
||||
- * TODO: add mnt_context_fstab_applied() to check if we found
|
||||
- * target/source in the file.
|
||||
- */
|
||||
- if (!tgt) {
|
||||
- if (mflags & MS_REMOUNT)
|
||||
- warnx(_("%s not mounted"), src ? src : tgt);
|
||||
- else
|
||||
+ if (!tgt || (!src && !(mflags & MS_PROPAGATION))) {
|
||||
+ if (!mnt_context_fstab_applied(cxt))
|
||||
warnx(_("can't find %s in %s"), src ? src : tgt,
|
||||
mnt_get_fstab_path());
|
||||
+ else if (mflags & MS_REMOUNT)
|
||||
+ warnx(_("%s not mounted"), src ? src : tgt);
|
||||
+
|
||||
return MOUNT_EX_USAGE;
|
||||
}
|
||||
|
||||
@@ -485,6 +482,8 @@ try_readonly:
|
||||
case EINVAL:
|
||||
if (mflags & MS_REMOUNT)
|
||||
warnx(_("%s not mounted or bad option"), tgt);
|
||||
+ else if (mflags & MS_PROPAGATION)
|
||||
+ warnx(_("%s is not mountpoint or bad option"), tgt);
|
||||
else
|
||||
warnx(_("wrong fs type, bad option, bad superblock on %s,\n"
|
||||
" missing codepage or helper program, or other error"),
|
@ -1,56 +0,0 @@
|
||||
From ba24923e97e099668b8c96dba9596c90cb58c417 Mon Sep 17 00:00:00 2001
|
||||
From: Karel Zak <kzak@redhat.com>
|
||||
Date: Tue, 24 Apr 2012 11:59:18 +0200
|
||||
Subject: [PATCH] mount: (new) use MNT_ERR_ for error messages
|
||||
|
||||
Signed-off-by: Karel Zak <kzak@redhat.com>
|
||||
Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
|
||||
---
|
||||
sys-utils/mount.c | 27 +++++++++++++--------------
|
||||
1 files changed, 13 insertions(+), 14 deletions(-)
|
||||
|
||||
Index: util-linux-2.21.2/sys-utils/mount.c
|
||||
===================================================================
|
||||
--- util-linux-2.21.2.orig/sys-utils/mount.c
|
||||
+++ util-linux-2.21.2/sys-utils/mount.c
|
||||
@@ -365,29 +365,28 @@ try_readonly:
|
||||
case -EBUSY:
|
||||
warnx(_("%s is already mounted"), src);
|
||||
return MOUNT_EX_USAGE;
|
||||
- }
|
||||
-
|
||||
- if (!tgt || (!src && !(mflags & MS_PROPAGATION))) {
|
||||
- if (!mnt_context_fstab_applied(cxt))
|
||||
+ case -MNT_ERR_NOFSTAB:
|
||||
warnx(_("can't find %s in %s"), src ? src : tgt,
|
||||
mnt_get_fstab_path());
|
||||
- else if (mflags & MS_REMOUNT)
|
||||
- warnx(_("%s not mounted"), src ? src : tgt);
|
||||
-
|
||||
return MOUNT_EX_USAGE;
|
||||
- }
|
||||
-
|
||||
- if (!mnt_context_get_fstype(cxt)) {
|
||||
+ case -MNT_ERR_NOFSTYPE:
|
||||
if (restricted)
|
||||
warnx(_("I could not determine the filesystem type, "
|
||||
"and none was specified"));
|
||||
else
|
||||
warnx(_("you must specify the filesystem type"));
|
||||
return MOUNT_EX_USAGE;
|
||||
- }
|
||||
+ case -MNT_ERR_NOSOURCE:
|
||||
+ if (src)
|
||||
+ warnx(_("can't find %s"), src);
|
||||
+ else
|
||||
+ warnx(_("mount source not defined"));
|
||||
+ return MOUNT_EX_USAGE;
|
||||
+
|
||||
+ default:
|
||||
return handle_generic_errors(rc, _("%s: mount failed"),
|
||||
tgt ? tgt : src);
|
||||
-
|
||||
+ }
|
||||
} else if (mnt_context_get_syscall_errno(cxt) == 0) {
|
||||
/*
|
||||
* mount(2) syscall success, but something else failed
|
@ -1,102 +0,0 @@
|
||||
From 5ebbc3865d1e53ef42e5f121c41faab23dd59075 Mon Sep 17 00:00:00 2001
|
||||
From: Karel Zak <kzak@redhat.com>
|
||||
Date: Mon, 26 Nov 2012 14:30:22 +0100
|
||||
Subject: [PATCH] mount: sanitize paths from non-root users
|
||||
|
||||
$ mount /root/.ssh/../../dev/sda2
|
||||
mount: only root can mount UUID=17bc65ec-4125-4e7c-8a7d-e2795064c736 on /boot
|
||||
|
||||
this is too promiscuous. It seems better to ignore on command line
|
||||
specified paths which are not resolve-able for non-root users.
|
||||
|
||||
Fixed version:
|
||||
|
||||
$ mount /root/.ssh/../../dev/sda2
|
||||
mount: /root/.ssh/../../dev/sda2: Permission denied
|
||||
|
||||
$ mount /dev/sda2
|
||||
mount: only root can mount UUID=17bc65ec-4125-4e7c-8a7d-e2795064c736 on /boot
|
||||
|
||||
Note that this bug has no relation to mount(2) permissions evaluation
|
||||
in suid mode. The way how non-root user specifies paths on command
|
||||
line is completely irrelevant for comparison with fstab entries.
|
||||
|
||||
Signed-off-by: Karel Zak <kzak@redhat.com>
|
||||
Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
|
||||
---
|
||||
sys-utils/Makefile.am | 1 +
|
||||
sys-utils/mount.c | 35 +++++++++++++++++++++++++++++++++++
|
||||
2 files changed, 36 insertions(+)
|
||||
|
||||
Index: util-linux-2.21.2/sys-utils/Makefile.am
|
||||
===================================================================
|
||||
--- util-linux-2.21.2.orig/sys-utils/Makefile.am
|
||||
+++ util-linux-2.21.2/sys-utils/Makefile.am
|
||||
@@ -64,6 +64,7 @@ dist_man_MANS += mount.8 ../mount/fstab.
|
||||
mount_SOURCES = mount.c \
|
||||
$(top_srcdir)/lib/env.c \
|
||||
$(top_srcdir)/lib/xgetpass.c \
|
||||
+ $(top_srcdir)/lib/canonicalize.c \
|
||||
$(top_srcdir)/lib/strutils.c
|
||||
|
||||
mount_LDADD = $(ul_libmount_la) $(SELINUX_LIBS)
|
||||
Index: util-linux-2.21.2/sys-utils/mount.c
|
||||
===================================================================
|
||||
--- util-linux-2.21.2.orig/sys-utils/mount.c
|
||||
+++ util-linux-2.21.2/sys-utils/mount.c
|
||||
@@ -38,6 +38,7 @@
|
||||
#include "strutils.h"
|
||||
#include "exitcodes.h"
|
||||
#include "xalloc.h"
|
||||
+#include "canonicalize.h"
|
||||
|
||||
/*** TODO: DOCS:
|
||||
*
|
||||
@@ -572,6 +573,37 @@ static struct libmnt_table *append_fstab
|
||||
return fstab;
|
||||
}
|
||||
|
||||
+/*
|
||||
+ * Check source and target paths -- non-root user should not be able to
|
||||
+ * resolve paths which are unreadable for him.
|
||||
+ */
|
||||
+static void sanitize_paths(struct libmnt_context *cxt)
|
||||
+{
|
||||
+ const char *p;
|
||||
+ struct libmnt_fs *fs = mnt_context_get_fs(cxt);
|
||||
+
|
||||
+ if (!fs)
|
||||
+ return;
|
||||
+
|
||||
+ p = mnt_fs_get_target(fs);
|
||||
+ if (p) {
|
||||
+ char *np = canonicalize_path_restricted(p);
|
||||
+ if (!np)
|
||||
+ err(MOUNT_EX_USAGE, "%s", p);
|
||||
+ mnt_fs_set_target(fs, np);
|
||||
+ free(np);
|
||||
+ }
|
||||
+
|
||||
+ p = mnt_fs_get_srcpath(fs);
|
||||
+ if (p) {
|
||||
+ char *np = canonicalize_path_restricted(p);
|
||||
+ if (!np)
|
||||
+ err(MOUNT_EX_USAGE, "%s", p);
|
||||
+ mnt_fs_set_source(fs, np);
|
||||
+ free(np);
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
static void __attribute__((__noreturn__)) usage(FILE *out)
|
||||
{
|
||||
fputs(USAGE_HEADER, out);
|
||||
@@ -880,6 +912,9 @@ int main(int argc, char **argv)
|
||||
} else
|
||||
usage(stderr);
|
||||
|
||||
+ if (mnt_context_is_restricted(cxt))
|
||||
+ sanitize_paths(cxt);
|
||||
+
|
||||
if (oper) {
|
||||
/* MS_PROPAGATION operations, let's set the mount flags */
|
||||
mnt_context_set_mflags(cxt, oper);
|
11
su.default
Normal file
11
su.default
Normal file
@ -0,0 +1,11 @@
|
||||
# Per default, only "su -" will set a new PATH.
|
||||
# If this variable is changed to "yes" (default is "no"),
|
||||
# every su call will overwrite the PATH variable.
|
||||
ALWAYS_SET_PATH=no
|
||||
|
||||
# Default path.
|
||||
PATH=/usr/local/bin:/bin:/usr/bin
|
||||
|
||||
# Default path for a user invoking su to root.
|
||||
SUPATH=/usr/sbin:/bin:/usr/bin:/sbin
|
||||
|
8
su.pamd
Normal file
8
su.pamd
Normal file
@ -0,0 +1,8 @@
|
||||
#%PAM-1.0
|
||||
auth sufficient pam_rootok.so
|
||||
auth include common-auth
|
||||
account sufficient pam_rootok.so
|
||||
account include common-account
|
||||
password include common-password
|
||||
session include common-session
|
||||
session optional pam_xauth.so
|
@ -1,84 +0,0 @@
|
||||
From cc8cc8f32c863f3ae6a8a88e97b47bcd6a21825f Mon Sep 17 00:00:00 2001
|
||||
From: Karel Zak <kzak@redhat.com>
|
||||
Date: Mon, 26 Nov 2012 16:25:46 +0100
|
||||
Subject: [PATCH] umount: sanitize paths from non-root users
|
||||
|
||||
Signed-off-by: Karel Zak <kzak@redhat.com>
|
||||
Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
|
||||
---
|
||||
sys-utils/Makefile.am | 4 +++-
|
||||
sys-utils/umount.c | 32 ++++++++++++++++++++++++++++++--
|
||||
2 files changed, 33 insertions(+), 3 deletions(-)
|
||||
|
||||
Index: util-linux-2.21.2/sys-utils/Makefile.am
|
||||
===================================================================
|
||||
--- util-linux-2.21.2.orig/sys-utils/Makefile.am
|
||||
+++ util-linux-2.21.2/sys-utils/Makefile.am
|
||||
@@ -71,7 +71,9 @@ mount_LDADD = $(ul_libmount_la) $(SELINU
|
||||
mount_CFLAGS = $(SUID_CFLAGS) $(AM_CFLAGS) -I$(ul_libmount_incdir)
|
||||
mount_LDFLAGS = $(SUID_LDFLAGS) $(AM_LDFLAGS)
|
||||
|
||||
-umount_SOURCES = umount.c $(top_srcdir)/lib/env.c
|
||||
+umount_SOURCES = umount.c \
|
||||
+ $(top_srcdir)/lib/env.c \
|
||||
+ $(top_srcdir)/lib/canonicalize.c
|
||||
umount_LDADD = $(ul_libmount_la)
|
||||
umount_CFLAGS = $(AM_CFLAGS) $(SUID_CFLAGS) -I$(ul_libmount_incdir)
|
||||
umount_LDFLAGS = $(SUID_LDFLAGS) $(AM_LDFLAGS)
|
||||
Index: util-linux-2.21.2/sys-utils/umount.c
|
||||
===================================================================
|
||||
--- util-linux-2.21.2.orig/sys-utils/umount.c
|
||||
+++ util-linux-2.21.2/sys-utils/umount.c
|
||||
@@ -34,6 +34,7 @@
|
||||
#include "env.h"
|
||||
#include "optutils.h"
|
||||
#include "exitcodes.h"
|
||||
+#include "canonicalize.h"
|
||||
|
||||
static int table_parser_errcb(struct libmnt_table *tb __attribute__((__unused__)),
|
||||
const char *filename, int line)
|
||||
@@ -277,6 +278,24 @@ static int umount_one(struct libmnt_cont
|
||||
return rc;
|
||||
}
|
||||
|
||||
+/*
|
||||
+ * Check path -- non-root user should not be able to resolve path which is
|
||||
+ * unreadable for him.
|
||||
+ */
|
||||
+static char *sanitize_path(const char *path)
|
||||
+{
|
||||
+ char *p;
|
||||
+
|
||||
+ if (!path)
|
||||
+ return NULL;
|
||||
+
|
||||
+ p = canonicalize_path_restricted(path);
|
||||
+ if (!p)
|
||||
+ err(MOUNT_EX_USAGE, "%s", path);
|
||||
+
|
||||
+ return p;
|
||||
+}
|
||||
+
|
||||
int main(int argc, char **argv)
|
||||
{
|
||||
int c, rc = 0, all = 0;
|
||||
@@ -388,8 +407,17 @@ int main(int argc, char **argv)
|
||||
} else if (argc < 1) {
|
||||
usage(stderr);
|
||||
|
||||
- } else while (argc--)
|
||||
- rc += umount_one(cxt, *argv++);
|
||||
+ } else while (argc--) {
|
||||
+ char *path = *argv++;
|
||||
+
|
||||
+ if (mnt_context_is_restricted(cxt))
|
||||
+ path = sanitize_path(path);
|
||||
+
|
||||
+ rc += umount_one(cxt, path);
|
||||
+
|
||||
+ if (mnt_context_is_restricted(cxt))
|
||||
+ free(path);
|
||||
+ }
|
||||
|
||||
mnt_free_context(cxt);
|
||||
return rc;
|
@ -1,20 +0,0 @@
|
||||
Index: util-linux-2.21-rc2/fdisk/fdisk.c
|
||||
===================================================================
|
||||
--- util-linux-2.21-rc2.orig/fdisk/fdisk.c
|
||||
+++ util-linux-2.21-rc2/fdisk/fdisk.c
|
||||
@@ -1767,6 +1767,7 @@ static void check_consistency(struct par
|
||||
/* compute logical ending (c, h, s) */
|
||||
long2chs(get_start_sect(p) + get_nr_sects(p) - 1, &lec, &leh, &les);
|
||||
|
||||
+#if 0
|
||||
/* Same physical / logical beginning? */
|
||||
if (cylinders <= 1024 && (pbc != lbc || pbh != lbh || pbs != lbs)) {
|
||||
printf(_("Partition %d has different physical/logical "
|
||||
@@ -1783,7 +1784,6 @@ static void check_consistency(struct par
|
||||
printf(_("logical=(%d, %d, %d)\n"),lec, leh, les);
|
||||
}
|
||||
|
||||
-#if 0
|
||||
/* Beginning on cylinder boundary? */
|
||||
if (pbh != !pbc || pbs != 1) {
|
||||
printf(_("Partition %i does not start on cylinder "
|
@ -1,13 +0,0 @@
|
||||
Index: util-linux-2.21.2/libmount/src/Makefile.am
|
||||
===================================================================
|
||||
--- util-linux-2.21.2.orig/libmount/src/Makefile.am
|
||||
+++ util-linux-2.21.2/libmount/src/Makefile.am
|
||||
@@ -30,7 +30,7 @@ nodist_libmount_la_SOURCES = mountP.h
|
||||
|
||||
libmount_la_LIBADD = $(ul_libblkid_la) $(SELINUX_LIBS)
|
||||
|
||||
-libmount_la_DEPENDENCIES = $(libmount_la_LIBADD) libmount.sym libmount.h.in
|
||||
+libmount_la_DEPENDENCIES = $(ul_libblkid_la) libmount.sym libmount.h.in
|
||||
|
||||
libmount_la_LDFLAGS = -Wl,--version-script=$(ul_libmount_srcdir)/libmount.sym \
|
||||
-version-info $(LIBMOUNT_VERSION_INFO)
|
@ -1,13 +0,0 @@
|
||||
Index: util-linux-2.21.2/libmount/src/context_loopdev.c
|
||||
===================================================================
|
||||
--- util-linux-2.21.2.orig/libmount/src/context_loopdev.c
|
||||
+++ util-linux-2.21.2/libmount/src/context_loopdev.c
|
||||
@@ -199,6 +199,8 @@ int mnt_context_setup_loopdev(struct lib
|
||||
if (rc == 0 && (cxt->user_mountflags & MNT_MS_ENCRYPTION) &&
|
||||
mnt_optstr_get_option(optstr, "encryption", &val, &len) == 0) {
|
||||
DBG(CXT, mnt_debug_h(cxt, "encryption no longer supported"));
|
||||
+ // XXX: nasty for the lib but there's on better way to give a hint atm
|
||||
+ fprintf(stderr, "mount: encryption no longer supported. Please use /etc/crypttab instead (man 5 crypttab)\n");
|
||||
rc = -EINVAL;
|
||||
}
|
||||
|
@ -1,535 +0,0 @@
|
||||
From e1f7680ca45c5173f7853feb76dd093cec8d17ad Mon Sep 17 00:00:00 2001
|
||||
From: Ludwig Nussel <ludwig.nussel@suse.de>
|
||||
Date: Fri, 15 Jun 2012 09:38:36 +0200
|
||||
Subject: [PATCH] remove obsolete encryption support from losetup
|
||||
|
||||
kernel cryptoloop is deprecated since ages and support for cryptoloop in
|
||||
util-linux is incomplete/broken.
|
||||
- no password hashing
|
||||
- last 8 bit of key are always set to zero
|
||||
- no binary keys possible (stops reading key at \n and \0)
|
||||
|
||||
In the past some Distros added the above features with patches. So
|
||||
remove cryptoloop support from util-linux completely to make sure
|
||||
people won't try using it.
|
||||
|
||||
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
|
||||
---
|
||||
include/loopdev.h | 3 --
|
||||
lib/loopdev.c | 56 ----------------------------------------
|
||||
libmount/src/context_loopdev.c | 22 +++-------------
|
||||
mount/mount.8 | 9 +-----
|
||||
mount/mount.c | 20 +++++---------
|
||||
sys-utils/losetup.8 | 29 ++------------------
|
||||
sys-utils/losetup.c | 30 +++++----------------
|
||||
sys-utils/mount.8 | 7 +----
|
||||
sys-utils/mount.c | 34 +-----------------------
|
||||
9 files changed, 25 insertions(+), 185 deletions(-)
|
||||
|
||||
diff --git a/include/loopdev.h b/include/loopdev.h
|
||||
index 906bee0..030f215 100644
|
||||
--- a/include/loopdev.h
|
||||
+++ b/include/loopdev.h
|
||||
@@ -165,9 +165,6 @@ int loopcxt_set_offset(struct loopdev_cxt *lc, uint64_t offset);
|
||||
int loopcxt_set_sizelimit(struct loopdev_cxt *lc, uint64_t sizelimit);
|
||||
int loopcxt_set_flags(struct loopdev_cxt *lc, uint32_t flags);
|
||||
int loopcxt_set_backing_file(struct loopdev_cxt *lc, const char *filename);
|
||||
-int loopcxt_set_encryption(struct loopdev_cxt *lc,
|
||||
- const char *encryption,
|
||||
- const char *password);
|
||||
|
||||
extern char *loopcxt_get_backing_file(struct loopdev_cxt *lc);
|
||||
extern int loopcxt_get_backing_devno(struct loopdev_cxt *lc, dev_t *devno);
|
||||
diff --git a/lib/loopdev.c b/lib/loopdev.c
|
||||
index fd3f9ba..807984e 100644
|
||||
--- a/lib/loopdev.c
|
||||
+++ b/lib/loopdev.c
|
||||
@@ -963,62 +963,6 @@ int loopcxt_set_backing_file(struct loopdev_cxt *lc, const char *filename)
|
||||
return 0;
|
||||
}
|
||||
|
||||
-static int digits_only(const char *s)
|
||||
-{
|
||||
- while (*s)
|
||||
- if (!isdigit(*s++))
|
||||
- return 0;
|
||||
- return 1;
|
||||
-}
|
||||
-
|
||||
-/*
|
||||
- * @lc: context
|
||||
- * @encryption: encryption name / type (see lopsetup man page)
|
||||
- * @password
|
||||
- *
|
||||
- * Note that the encryption functionality is deprecated an unmaintained. Use
|
||||
- * cryptsetup (it also supports AES-loops).
|
||||
- *
|
||||
- * The setting is removed by loopcxt_set_device() loopcxt_next()!
|
||||
- *
|
||||
- * Returns: 0 on success, <0 on error.
|
||||
- */
|
||||
-int loopcxt_set_encryption(struct loopdev_cxt *lc,
|
||||
- const char *encryption,
|
||||
- const char *password)
|
||||
-{
|
||||
- if (!lc)
|
||||
- return -EINVAL;
|
||||
-
|
||||
- DBG(lc, loopdev_debug("setting encryption '%s'", encryption));
|
||||
-
|
||||
- if (encryption && *encryption) {
|
||||
- if (digits_only(encryption)) {
|
||||
- lc->info.lo_encrypt_type = atoi(encryption);
|
||||
- } else {
|
||||
- lc->info.lo_encrypt_type = LO_CRYPT_CRYPTOAPI;
|
||||
- snprintf((char *)lc->info.lo_crypt_name, LO_NAME_SIZE,
|
||||
- "%s", encryption);
|
||||
- }
|
||||
- }
|
||||
-
|
||||
- switch (lc->info.lo_encrypt_type) {
|
||||
- case LO_CRYPT_NONE:
|
||||
- lc->info.lo_encrypt_key_size = 0;
|
||||
- break;
|
||||
- default:
|
||||
- DBG(lc, loopdev_debug("setting encryption key"));
|
||||
- memset(lc->info.lo_encrypt_key, 0, LO_KEY_SIZE);
|
||||
- strncpy((char *)lc->info.lo_encrypt_key, password, LO_KEY_SIZE);
|
||||
- lc->info.lo_encrypt_key[LO_KEY_SIZE - 1] = '\0';
|
||||
- lc->info.lo_encrypt_key_size = LO_KEY_SIZE;
|
||||
- break;
|
||||
- }
|
||||
-
|
||||
- DBG(lc, loopdev_debug("encryption successfully set"));
|
||||
- return 0;
|
||||
-}
|
||||
-
|
||||
/*
|
||||
* @cl: context
|
||||
*
|
||||
diff --git a/libmount/src/context_loopdev.c b/libmount/src/context_loopdev.c
|
||||
index 023c952..863ee3d 100644
|
||||
--- a/libmount/src/context_loopdev.c
|
||||
+++ b/libmount/src/context_loopdev.c
|
||||
@@ -7,7 +7,6 @@
|
||||
|
||||
/*
|
||||
* DOCS: - "lo@" prefix for fstype is unsupported
|
||||
- * - encyption= mount option for loop device is unssuported
|
||||
*/
|
||||
|
||||
#include <blkid.h>
|
||||
@@ -35,8 +34,7 @@ int mnt_context_is_loopdev(struct libmnt_context *cxt)
|
||||
|
||||
if (cxt->user_mountflags & (MNT_MS_LOOP |
|
||||
MNT_MS_OFFSET |
|
||||
- MNT_MS_SIZELIMIT |
|
||||
- MNT_MS_ENCRYPTION)) {
|
||||
+ MNT_MS_SIZELIMIT)) {
|
||||
|
||||
DBG(CXT, mnt_debug_h(cxt, "loopdev specific options detected"));
|
||||
return 1;
|
||||
@@ -134,7 +132,7 @@ static int is_mounted_same_loopfile(struct libmnt_context *cxt,
|
||||
int mnt_context_setup_loopdev(struct libmnt_context *cxt)
|
||||
{
|
||||
const char *backing_file, *optstr, *loopdev = NULL;
|
||||
- char *val = NULL, *enc = NULL, *pwd = NULL;
|
||||
+ char *val = NULL;
|
||||
size_t len;
|
||||
struct loopdev_cxt lc;
|
||||
int rc = 0, lo_flags = 0;
|
||||
@@ -200,13 +198,8 @@ int mnt_context_setup_loopdev(struct libmnt_context *cxt)
|
||||
*/
|
||||
if (rc == 0 && (cxt->user_mountflags & MNT_MS_ENCRYPTION) &&
|
||||
mnt_optstr_get_option(optstr, "encryption", &val, &len) == 0) {
|
||||
- enc = strndup(val, len);
|
||||
- if (val && !enc)
|
||||
- rc = -ENOMEM;
|
||||
- if (enc && cxt->pwd_get_cb) {
|
||||
- DBG(CXT, mnt_debug_h(cxt, "asking for pass"));
|
||||
- pwd = cxt->pwd_get_cb(cxt);
|
||||
- }
|
||||
+ DBG(CXT, mnt_debug_h(cxt, "encryption no longer supported"));
|
||||
+ rc = -EINVAL;
|
||||
}
|
||||
|
||||
if (rc == 0 && is_mounted_same_loopfile(cxt,
|
||||
@@ -245,8 +238,6 @@ int mnt_context_setup_loopdev(struct libmnt_context *cxt)
|
||||
rc = loopcxt_set_offset(&lc, offset);
|
||||
if (!rc && sizelimit)
|
||||
rc = loopcxt_set_sizelimit(&lc, sizelimit);
|
||||
- if (!rc && enc && pwd)
|
||||
- loopcxt_set_encryption(&lc, enc, pwd);
|
||||
if (!rc)
|
||||
loopcxt_set_flags(&lc, lo_flags);
|
||||
if (rc) {
|
||||
@@ -298,11 +289,6 @@ int mnt_context_setup_loopdev(struct libmnt_context *cxt)
|
||||
loopcxt_set_fd(&lc, -1, 0);
|
||||
}
|
||||
done:
|
||||
- free(enc);
|
||||
- if (pwd && cxt->pwd_release_cb) {
|
||||
- DBG(CXT, mnt_debug_h(cxt, "release pass"));
|
||||
- cxt->pwd_release_cb(cxt, pwd);
|
||||
- }
|
||||
loopcxt_deinit(&lc);
|
||||
return rc;
|
||||
}
|
||||
diff --git a/mount/mount.8 b/mount/mount.8
|
||||
index 789d9fe..0644e8e 100644
|
||||
--- a/mount/mount.8
|
||||
+++ b/mount/mount.8
|
||||
@@ -535,11 +535,6 @@ Don't canonicalize paths. The mount command canonicalizes all paths
|
||||
file. This option can be used together with the
|
||||
.B \-f
|
||||
flag for already canonicalized absolut paths.
|
||||
-.IP "\fB\-p, \-\-pass\-fd \fInum\fP"
|
||||
-In case of a loop mount with encryption, read the passphrase from
|
||||
-file descriptor
|
||||
-.I num
|
||||
-instead of from the terminal.
|
||||
.IP "\fB\-s\fP"
|
||||
Tolerate sloppy mount options rather than failing. This will ignore
|
||||
mount options not supported by a filesystem type. Not all filesystems
|
||||
@@ -2708,8 +2703,8 @@ not specified or the filesystem is known for libblkid, for example:
|
||||
.B "mount -t ext3 /tmp/disk.img /mnt"
|
||||
.sp
|
||||
.RE
|
||||
-This type of mount knows about four options, namely
|
||||
-.BR loop ", " offset ", " sizelimit " and " encryption ,
|
||||
+This type of mount knows about three options, namely
|
||||
+.BR loop ", " offset ", " sizelimit " ,
|
||||
that are really options to
|
||||
.BR \%losetup (8).
|
||||
(These options can be used in addition to those specific
|
||||
diff --git a/mount/mount.c b/mount/mount.c
|
||||
index 396f357..b69fd61 100644
|
||||
--- a/mount/mount.c
|
||||
+++ b/mount/mount.c
|
||||
@@ -83,9 +83,6 @@ static int mounttype = 0;
|
||||
/* True if (ruid != euid) or (0 != ruid), i.e. only "user" mounts permitted. */
|
||||
static int restricted = 1;
|
||||
|
||||
-/* Contains the fd to read the passphrase from, if any. */
|
||||
-static int pfd = -1;
|
||||
-
|
||||
#ifdef HAVE_LIBMOUNT_MOUNT
|
||||
static struct libmnt_update *mtab_update;
|
||||
static char *mtab_opts;
|
||||
@@ -1262,7 +1259,7 @@ loop_check(const char **spec, const char **type, int *flags,
|
||||
*type = opt_vfstype;
|
||||
}
|
||||
|
||||
- *loop = ((*flags & MS_LOOP) || *loopdev || opt_offset || opt_sizelimit || opt_encryption);
|
||||
+ *loop = ((*flags & MS_LOOP) || *loopdev || opt_offset || opt_sizelimit);
|
||||
*loopfile = *spec;
|
||||
|
||||
/* Automatically create a loop device from a regular file if a filesystem
|
||||
@@ -1317,6 +1314,11 @@ loop_check(const char **spec, const char **type, int *flags,
|
||||
return EX_FAIL;
|
||||
}
|
||||
|
||||
+ if (opt_encryption) {
|
||||
+ error("mount: %s", _("encryption not supported, use cryptsetup(8) instead"));
|
||||
+ return EX_FAIL;
|
||||
+ }
|
||||
+
|
||||
loopcxt_init(&lc, 0);
|
||||
/* loopcxt_enable_debug(&lc, 1); */
|
||||
|
||||
@@ -1525,14 +1527,6 @@ update_mtab_entry(const char *spec, const char *node, const char *type,
|
||||
#endif /* !HAVE_LIBMOUNT_MOUNT */
|
||||
|
||||
static void
|
||||
-set_pfd(char *s) {
|
||||
- if (!isdigit(*s))
|
||||
- die(EX_USAGE,
|
||||
- _("mount: argument to -p or --pass-fd must be a number"));
|
||||
- pfd = atoi(optarg);
|
||||
-}
|
||||
-
|
||||
-static void
|
||||
cdrom_setspeed(const char *spec) {
|
||||
#define CDROM_SELECT_SPEED 0x5322 /* Set the CD-ROM speed */
|
||||
if (opt_speed) {
|
||||
@@ -2579,7 +2573,7 @@ main(int argc, char *argv[]) {
|
||||
test_opts = append_opt(test_opts, optarg, NULL);
|
||||
break;
|
||||
case 'p': /* fd on which to read passwd */
|
||||
- set_pfd(optarg);
|
||||
+ error("mount: %s", _("--pass-fd is no longer supported"));
|
||||
break;
|
||||
case 'r': /* mount readonly */
|
||||
readonly = 1;
|
||||
diff --git a/sys-utils/losetup.8 b/sys-utils/losetup.8
|
||||
index f50b072..8c69689 100644
|
||||
--- a/sys-utils/losetup.8
|
||||
+++ b/sys-utils/losetup.8
|
||||
@@ -40,8 +40,6 @@ Setup loop device:
|
||||
.sp
|
||||
.in +5
|
||||
.B losetup
|
||||
-.RB [{ \-e | \-E }
|
||||
-.IR encryption ]
|
||||
.RB [ \-o
|
||||
.IR offset ]
|
||||
.RB [ \-\-sizelimit
|
||||
@@ -82,8 +80,6 @@ force loop driver to reread size of the file associated with the specified loop
|
||||
detach the file or device associated with the specified loop device(s)
|
||||
.IP "\fB\-D, \-\-detach-all\fP"
|
||||
detach all associated loop devices
|
||||
-.IP "\fB\-e, \-E, \-\-encryption \fIencryption_type\fP"
|
||||
-enable data encryption with specified name or number
|
||||
.IP "\fB\-f, \-\-find\fP"
|
||||
find the first unused loop device. If a
|
||||
.I file
|
||||
@@ -98,10 +94,6 @@ the data start is moved \fIoffset\fP bytes into the specified file or
|
||||
device
|
||||
.IP "\fB\-\-sizelimit \fIsize\fP"
|
||||
the data end is set to no more than \fIsize\fP bytes after the data start
|
||||
-.IP "\fB\-p, \-\-pass-fd \fInum\fP"
|
||||
-read the passphrase from file descriptor with number
|
||||
-.I num
|
||||
-instead of from the terminal
|
||||
.IP "\fB\-P, \-\-partscan\fP"
|
||||
force kernel to scan partition table on newly created loop device
|
||||
.IP "\fB\-r, \-\-read-only\fP"
|
||||
@@ -116,25 +108,10 @@ argument are present.
|
||||
verbose mode
|
||||
|
||||
.SH ENCRYPTION
|
||||
-.B Cryptoloop is deprecated in favor of dm-crypt. For more details see
|
||||
-.B cryptsetup (8). It is possible that all bug reports regarding to -E/-e
|
||||
-.B options will be ignored.
|
||||
-
|
||||
-
|
||||
-It is possible to specify transfer functions (for encryption/decryption
|
||||
-or other purposes) using one of the
|
||||
-.B \-E
|
||||
+Cryptoloop is no longer supported in favor of dm-crypt. For more details see
|
||||
+.B cryptsetup (8)
|
||||
and
|
||||
-.B \-e
|
||||
-options.
|
||||
-There are two mechanisms to specify the desired encryption: by number
|
||||
-and by name. If an encryption is specified by number then one
|
||||
-has to make sure that the Linux kernel knows about the encryption with that
|
||||
-number, probably by patching the kernel. Standard numbers that are
|
||||
-always present are 0 (no encryption) and 1 (XOR encryption).
|
||||
-When the cryptoloop module is loaded (or compiled in), it uses number 18.
|
||||
-This cryptoloop module will take the name of an arbitrary encryption type
|
||||
-and find the module that knows how to perform that encryption.
|
||||
+.B crypttab (5).
|
||||
|
||||
.SH RETURN VALUE
|
||||
.B losetup
|
||||
diff --git a/sys-utils/losetup.c b/sys-utils/losetup.c
|
||||
index 9f03151..2513253 100644
|
||||
--- a/sys-utils/losetup.c
|
||||
+++ b/sys-utils/losetup.c
|
||||
@@ -18,7 +18,6 @@
|
||||
#include "nls.h"
|
||||
#include "strutils.h"
|
||||
#include "loopdev.h"
|
||||
-#include "xgetpass.h"
|
||||
|
||||
enum {
|
||||
A_CREATE = 1, /* setup a new device */
|
||||
@@ -164,10 +163,8 @@ static void usage(FILE *out)
|
||||
" -j, --associated <file> list all devices associated with <file>\n"), out);
|
||||
fputs(USAGE_SEPARATOR, out);
|
||||
|
||||
- fputs(_(" -e, --encryption <type> enable encryption with specified <name/num>\n"
|
||||
- " -o, --offset <num> start at offset <num> into file\n"
|
||||
+ fputs(_(" -o, --offset <num> start at offset <num> into file\n"
|
||||
" --sizelimit <num> device limited to <num> bytes of the file\n"
|
||||
- " -p, --pass-fd <num> read passphrase from file descriptor <num>\n"
|
||||
" -P, --partscan create partitioned loop device\n"
|
||||
" -r, --read-only setup read-only loop device\n"
|
||||
" --show print device name after setup (with -f)\n"
|
||||
@@ -185,8 +182,8 @@ static void usage(FILE *out)
|
||||
int main(int argc, char **argv)
|
||||
{
|
||||
struct loopdev_cxt lc;
|
||||
- int act = 0, flags = 0, passfd = -1, c;
|
||||
- char *file = NULL, *encryption = NULL;
|
||||
+ int act = 0, flags = 0, c;
|
||||
+ char *file = NULL;
|
||||
uint64_t offset = 0, sizelimit = 0;
|
||||
int res = 0, showdev = 0, lo_flags = 0;
|
||||
|
||||
@@ -249,7 +246,7 @@ int main(int argc, char **argv)
|
||||
break;
|
||||
case 'E':
|
||||
case 'e':
|
||||
- encryption = optarg;
|
||||
+ errx(EXIT_FAILURE, _("encryption not supported, use cryptsetup(8) instead"));
|
||||
break;
|
||||
case 'f':
|
||||
act = A_FIND_FREE;
|
||||
@@ -268,8 +265,7 @@ int main(int argc, char **argv)
|
||||
flags |= LOOPDEV_FL_OFFSET;
|
||||
break;
|
||||
case 'p':
|
||||
- passfd = strtol_or_err(optarg,
|
||||
- _("invalid passphrase file descriptor"));
|
||||
+ warn(_("--pass-fd is no longer supported"));
|
||||
break;
|
||||
case 'P':
|
||||
lo_flags |= LO_FLAGS_PARTSCAN;
|
||||
@@ -327,10 +323,10 @@ int main(int argc, char **argv)
|
||||
}
|
||||
|
||||
if (act != A_CREATE &&
|
||||
- (encryption || sizelimit || passfd != -1 || lo_flags || showdev))
|
||||
+ (sizelimit || lo_flags || showdev))
|
||||
errx(EXIT_FAILURE,
|
||||
_("the options %s are allowed to loop device setup only"),
|
||||
- "--{encryption,sizelimit,pass-fd,read-only,show}");
|
||||
+ "--{sizelimit,read-only,show}");
|
||||
|
||||
if ((flags & LOOPDEV_FL_OFFSET) &&
|
||||
act != A_CREATE && (act != A_SHOW || !file))
|
||||
@@ -339,16 +335,8 @@ int main(int argc, char **argv)
|
||||
switch (act) {
|
||||
case A_CREATE:
|
||||
{
|
||||
- char *pass = NULL;
|
||||
int hasdev = loopcxt_has_device(&lc);
|
||||
|
||||
- if (encryption) {
|
||||
-#ifdef MCL_FUTURE
|
||||
- if(mlockall(MCL_CURRENT | MCL_FUTURE))
|
||||
- err(EXIT_FAILURE, _("couldn't lock into memory"));
|
||||
-#endif
|
||||
- pass = xgetpass(passfd, _("Password: "));
|
||||
- }
|
||||
do {
|
||||
/* Note that loopcxt_{find_unused,set_device}() resets
|
||||
* loopcxt struct.
|
||||
@@ -357,8 +345,6 @@ int main(int argc, char **argv)
|
||||
warnx(_("not found unused device"));
|
||||
break;
|
||||
}
|
||||
- if (encryption && pass)
|
||||
- loopcxt_set_encryption(&lc, encryption, pass);
|
||||
if (flags & LOOPDEV_FL_OFFSET)
|
||||
loopcxt_set_offset(&lc, offset);
|
||||
if (flags & LOOPDEV_FL_SIZELIMIT)
|
||||
@@ -379,8 +365,6 @@ int main(int argc, char **argv)
|
||||
}
|
||||
} while (hasdev == 0);
|
||||
|
||||
- free(pass);
|
||||
-
|
||||
if (showdev && res == 0)
|
||||
printf("%s\n", loopcxt_get_device(&lc));
|
||||
break;
|
||||
diff --git a/sys-utils/mount.8 b/sys-utils/mount.8
|
||||
index 4f8af0a..73f5170 100644
|
||||
--- a/sys-utils/mount.8
|
||||
+++ b/sys-utils/mount.8
|
||||
@@ -528,11 +528,6 @@ Don't canonicalize paths. The mount command canonicalizes all paths
|
||||
file. This option can be used together with the
|
||||
.B \-f
|
||||
flag for already canonicalized absolut paths.
|
||||
-.IP "\fB\-p, \-\-pass\-fd \fInum\fP"
|
||||
-In case of a loop mount with encryption, read the passphrase from
|
||||
-file descriptor
|
||||
-.I num
|
||||
-instead of from the terminal.
|
||||
.IP "\fB\-s\fP"
|
||||
Tolerate sloppy mount options rather than failing. This will ignore
|
||||
mount options not supported by a filesystem type. Not all filesystems
|
||||
@@ -2715,7 +2710,7 @@ not specified or the filesystem is known for libblkid, for example:
|
||||
.sp
|
||||
.RE
|
||||
This type of mount knows about four options, namely
|
||||
-.BR loop ", " offset ", " sizelimit " and " encryption ,
|
||||
+.BR loop ", " offset ", " sizelimit ",
|
||||
that are really options to
|
||||
.BR \%losetup (8).
|
||||
(These options can be used in addition to those specific
|
||||
diff --git a/sys-utils/mount.c b/sys-utils/mount.c
|
||||
index 7f2d5d8..031fd31 100644
|
||||
--- a/sys-utils/mount.c
|
||||
+++ b/sys-utils/mount.c
|
||||
@@ -36,7 +36,6 @@
|
||||
#include "env.h"
|
||||
#include "optutils.h"
|
||||
#include "strutils.h"
|
||||
-#include "xgetpass.h"
|
||||
#include "exitcodes.h"
|
||||
#include "xalloc.h"
|
||||
|
||||
@@ -49,7 +48,6 @@
|
||||
* --options-source-force MNT_OMODE_FORCE
|
||||
*/
|
||||
|
||||
-static int passfd = -1;
|
||||
static int readwrite;
|
||||
|
||||
static int mk_exit_code(struct libmnt_context *cxt, int rc);
|
||||
@@ -103,32 +101,6 @@ static int table_parser_errcb(struct libmnt_table *tb __attribute__((__unused__)
|
||||
return 0;
|
||||
}
|
||||
|
||||
-static char *encrypt_pass_get(struct libmnt_context *cxt)
|
||||
-{
|
||||
- if (!cxt)
|
||||
- return 0;
|
||||
-
|
||||
-#ifdef MCL_FUTURE
|
||||
- if (mlockall(MCL_CURRENT | MCL_FUTURE)) {
|
||||
- warn(_("couldn't lock into memory"));
|
||||
- return NULL;
|
||||
- }
|
||||
-#endif
|
||||
- return xgetpass(passfd, _("Password: "));
|
||||
-}
|
||||
-
|
||||
-static void encrypt_pass_release(struct libmnt_context *cxt
|
||||
- __attribute__((__unused__)), char *pwd)
|
||||
-{
|
||||
- char *p = pwd;
|
||||
-
|
||||
- while (p && *p)
|
||||
- *p++ = '\0';
|
||||
-
|
||||
- free(pwd);
|
||||
- munlockall();
|
||||
-}
|
||||
-
|
||||
static void print_all(struct libmnt_context *cxt, char *pattern, int show_label)
|
||||
{
|
||||
struct libmnt_table *tb;
|
||||
@@ -616,7 +588,6 @@ static void __attribute__((__noreturn__)) usage(FILE *out)
|
||||
fprintf(out, _(
|
||||
" -o, --options <list> comma-separated list of mount options\n"
|
||||
" -O, --test-opts <list> limit the set of filesystems (use with -a)\n"
|
||||
- " -p, --pass-fd <num> read the passphrase from file descriptor\n"
|
||||
" -r, --read-only mount the filesystem read-only (same as -o ro)\n"
|
||||
" -t, --types <list> limit the set of filesystem types\n"));
|
||||
fprintf(out, _(
|
||||
@@ -782,8 +753,7 @@ int main(int argc, char **argv)
|
||||
err(MOUNT_EX_SYSERR, _("failed to set options pattern"));
|
||||
break;
|
||||
case 'p':
|
||||
- passfd = strtol_or_err(optarg,
|
||||
- _("invalid passphrase file descriptor"));
|
||||
+ warnx(_("--pass-fd is no longer supported"));
|
||||
break;
|
||||
case 'L':
|
||||
case 'U':
|
||||
@@ -864,8 +834,6 @@ int main(int argc, char **argv)
|
||||
else if (types)
|
||||
mnt_context_set_fstype(cxt, types);
|
||||
|
||||
- mnt_context_set_passwd_cb(cxt, encrypt_pass_get, encrypt_pass_release);
|
||||
-
|
||||
if (all) {
|
||||
/*
|
||||
* A) Mount all
|
||||
--
|
||||
1.7.7
|
||||
|
BIN
util-linux-2.21.2.tar.bz2
(Stored with Git LFS)
BIN
util-linux-2.21.2.tar.bz2
(Stored with Git LFS)
Binary file not shown.
13
util-linux-2.23.1-eject-fpie.patch
Normal file
13
util-linux-2.23.1-eject-fpie.patch
Normal file
@ -0,0 +1,13 @@
|
||||
--- util-linux-2.23.1/sys-utils/Makemodule.am
|
||||
+++ util-linux-2.23.1/sys-utils/Makemodule.am 2013-06-05 12:55:10.921439066 +0000
|
||||
@@ -142,8 +142,8 @@ endif # LINUX
|
||||
if BUILD_EJECT
|
||||
usrbin_exec_PROGRAMS += eject
|
||||
eject_SOURCES = sys-utils/eject.c
|
||||
-eject_LDADD = $(LDADD) libmount.la libcommon.la
|
||||
-eject_CFLAGS = $(AM_CFLAGS) -I$(ul_libmount_incdir)
|
||||
+eject_LDADD = $(SUID_LDFLAGS) $(LDADD) libmount.la libcommon.la
|
||||
+eject_CFLAGS = $(SUID_CFLAGS) $(AM_CFLAGS) -I$(ul_libmount_incdir)
|
||||
dist_man_MANS += sys-utils/eject.1
|
||||
endif
|
||||
|
20
util-linux-2.23.1-fdisk_remove_bogus_warnings.patch
Normal file
20
util-linux-2.23.1-fdisk_remove_bogus_warnings.patch
Normal file
@ -0,0 +1,20 @@
|
||||
--- util-linux-2.23.1/fdisks/fdiskdoslabel.c
|
||||
+++ util-linux-2.23.1/fdisks/fdiskdoslabel.c 2013-06-05 10:11:14.121939007 +0000
|
||||
@@ -817,7 +817,7 @@ static void check_consistency(struct fdi
|
||||
|
||||
/* compute logical ending (c, h, s) */
|
||||
long2chs(cxt, get_start_sect(p) + get_nr_sects(p) - 1, &lec, &leh, &les);
|
||||
-
|
||||
+#if 0
|
||||
/* Same physical / logical beginning? */
|
||||
if (cxt->geom.cylinders <= 1024 && (pbc != lbc || pbh != lbh || pbs != lbs)) {
|
||||
printf(_("Partition %zd has different physical/logical "
|
||||
@@ -833,7 +833,7 @@ static void check_consistency(struct fdi
|
||||
printf(_(" phys=(%d, %d, %d) "), pec, peh, pes);
|
||||
printf(_("logical=(%d, %d, %d)\n"),lec, leh, les);
|
||||
}
|
||||
-
|
||||
+#endif
|
||||
/* Ending on cylinder boundary? */
|
||||
if (peh != (cxt->geom.heads - 1) || pes != cxt->geom.sectors) {
|
||||
printf(_("Partition %zd does not end on cylinder boundary.\n"),
|
12
util-linux-2.23.1-noenc-suse.diff
Normal file
12
util-linux-2.23.1-noenc-suse.diff
Normal file
@ -0,0 +1,12 @@
|
||||
--- util-linux-2.23.1/libmount/src/context_loopdev.c
|
||||
+++ util-linux-2.23.1/libmount/src/context_loopdev.c 2013-06-05 09:44:37.081939564 +0000
|
||||
@@ -213,6 +213,9 @@ int mnt_context_setup_loopdev(struct lib
|
||||
if (rc == 0 && (cxt->user_mountflags & MNT_MS_ENCRYPTION) &&
|
||||
mnt_optstr_get_option(optstr, "encryption", &val, &len) == 0) {
|
||||
DBG(CXT, mnt_debug_h(cxt, "encryption no longer supported"));
|
||||
+ // XXX: nasty for the lib but there's on better way to give a hint atm
|
||||
+ fprintf(stderr, "mount: encryption no longer supported.\n"
|
||||
+ " Please use /etc/crypttab instead (man 5 crypttab)\n");
|
||||
rc = -MNT_ERR_MOUNTOPT;
|
||||
}
|
||||
|
BIN
util-linux-2.23.1.tar.bz2
(Stored with Git LFS)
Normal file
BIN
util-linux-2.23.1.tar.bz2
(Stored with Git LFS)
Normal file
Binary file not shown.
@ -4,4 +4,10 @@ addFilter("incoherent-init-script-name raw")
|
||||
addFilter("no-reload-entry /etc/init.d/raw")
|
||||
# There is no egrep(1) used -> False positive
|
||||
addFilter("deprecated-grep")
|
||||
# Both pam configs for su and su-l are marked as noreplace
|
||||
addFilter(".*W:.*files-duplicate.*/pam/su.*/pam.d/su-l.*")
|
||||
# Useless warning as the /usr/bin variants are known
|
||||
addFilter(".*W:.*permissions-symlink.*/bin/su.*")
|
||||
addFilter(".*W:.*permissions-symlink.*/bin/umount.*")
|
||||
addFilter(".*W:.*permissions-symlink.*/bin/mount.*")
|
||||
|
||||
|
@ -1,3 +1,75 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Jun 7 00:13:25 UTC 2013 - mail@bernhard-voelker.de
|
||||
|
||||
- util-linux.spec: work around su(1) PAM problems based on su(1)
|
||||
being provided by both the coreutils and the util-linux package.
|
||||
Fix macro typo in %post and %verifyscript sections related to su(1):
|
||||
s/sysvinit_tools/enable_su/
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jun 6 08:27:43 UTC 2013 - werner@suse.de
|
||||
|
||||
- Add make-sure-sbin-resp-usr-sbin-are-in-PATH.diff, that is include
|
||||
the old "let `su' handle /sbin and /usr/sbin in path"
|
||||
- Provide the new eject utility to avoid file conflict with old
|
||||
eject package
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jun 5 12:30:45 UTC 2013 - werner@suse.de
|
||||
|
||||
- Update to util-linux-2.23.1
|
||||
+ Release highlights (2.22)
|
||||
su(1):
|
||||
* has been merged from coreutils into util-linux
|
||||
* utils-linux version uses /etc/pam.d/su-l PAM config file for --login
|
||||
(e.g. "su -") session.
|
||||
sulogin(8):
|
||||
* has been merged from sysvinit into util-linux
|
||||
utmpdump(1):
|
||||
* has been merged from sysvinit into util-linux
|
||||
eject(1):
|
||||
* has been merged from inactive upstream from sf.net and Fedora into util-linux
|
||||
* supports new options --manualeject, --force and --no-partitions-unmount
|
||||
lslocks(1)
|
||||
* this NEW COMMAND prints local system locks and it's replacement to very
|
||||
long time unmaintained lslk(1)
|
||||
wdctl(8):
|
||||
* this NEW COMMAND shows hardware watchdog status
|
||||
libuuid:
|
||||
* does NOT EXECUTE uuidd on demand, the daemon has to be started by
|
||||
init scripts / systemd
|
||||
uuidd:
|
||||
* supports socket activation (for systemd)
|
||||
* supports new options -no-fork, --no-pid and --socket-activation
|
||||
+ Release highlights (2.23)
|
||||
blkdiscard(8):
|
||||
* this NEW COMMAND discard sectors on a device (for example on SSD disks)
|
||||
sulogin(8):
|
||||
* provides multi-console feature from SysVinit
|
||||
- Removed following patches now upstream
|
||||
* 0001-Test-for-secure_getenv-too.patch
|
||||
* 0001-include-bitops.h-Use-the-operating-system-byteswappi.patch
|
||||
* add-canonicalize_path_restricted.patch
|
||||
* fdiskbsdlabel.patch
|
||||
* libmount-add-MNT_ERR_LOOPDEV.patch
|
||||
* libmount-add-special-MNT_ERR-codes.patch
|
||||
* libmount-don-t-use-nosuid-noexec-nodev-for-cifs-user.patch
|
||||
* login-close-tty-before-vhangup.patch
|
||||
* mount-new-add-loopdev-specific-error-message.patch
|
||||
* mount-new-allow-sloppy-for-non-root.patch
|
||||
* mount-new-improve-error-messages.patch
|
||||
* mount-new-use-MNT_ERR-for-error-messages.patch
|
||||
* mount-sanitize-paths-from-non-root-users.patch
|
||||
* util-linux-2.21.2-noenc.diff
|
||||
* umount-sanitize-paths-from-non-root-users.patch
|
||||
- Removed following patch which otherwise cause to break build
|
||||
* util-linux-2.20-libmount-deps.patch
|
||||
- Refreshed following patches with updating version string
|
||||
* util-linux-2.23.1-fdisk_remove_bogus_warnings.patch
|
||||
* util-linux-2.23.1-noenc-suse.diff
|
||||
- Add util-linux-2.23.1-eject-fpie.patch to compile and link eject
|
||||
with PIE
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed May 29 11:45:04 UTC 2013 - ihno@suse.com
|
||||
|
||||
|
269
util-linux.spec
269
util-linux.spec
@ -16,6 +16,26 @@
|
||||
#
|
||||
|
||||
|
||||
#
|
||||
# Following package should be fixed:
|
||||
# coreutils ... do not install su and kill
|
||||
# sysvinit-tools ... do not install sulogin and utmpdump
|
||||
# eject ... simply drop this package
|
||||
#
|
||||
%bcond_without sysvinit_tools
|
||||
%bcond_without enable_su
|
||||
%bcond_without enable_eject
|
||||
|
||||
# === MOVING SU TRICKERY (0/3) START ===
|
||||
# Work around su(1) PAM problems based on su(1) being provided by both the
|
||||
# coreutils and the util-linux package. In the case the former is installed
|
||||
# first, the latter will save the config files as ".rpmnew". When the new
|
||||
# su(1)-less coreutils package is then installed, the `trickery (tm)` symlinks
|
||||
# of the config files would then remain as dangling.
|
||||
# This "MOVING SU TRICKERY" consists of 3 parts: 1/3, 2/3 and 3/3.
|
||||
# This hack can go away when the new su-less coreutils package is out.
|
||||
# === MOVING SU TRICKERY (0/3) END ===
|
||||
|
||||
Name: util-linux
|
||||
BuildRequires: audit-devel
|
||||
BuildRequires: binutils-devel
|
||||
@ -28,8 +48,10 @@ BuildRequires: ncurses-devel
|
||||
BuildRequires: pam-devel
|
||||
BuildRequires: pkg-config
|
||||
BuildRequires: readline-devel
|
||||
BuildRequires: utempter-devel
|
||||
BuildRequires: zlib-devel
|
||||
Version: 2.21.2
|
||||
BuildRequires: pkgconfig(systemd)
|
||||
Version: 2.23.1
|
||||
Release: 0
|
||||
# util-linux is a base package and uuidd pre-requiring pwdutils pulls
|
||||
# that into the core build cycle. pwdutils also pulls in the whole
|
||||
@ -37,7 +59,7 @@ Release: 0
|
||||
# make the rpm install check of uuidd happy which has support to work without
|
||||
# these tools as well
|
||||
#!BuildIgnore: pwdutils
|
||||
Url: http://kernel.org/~kzak/util-linux/
|
||||
Url: https://www.kernel.org/pub/linux/utils/util-linux/
|
||||
Supplements: filesystem(minix)
|
||||
Provides: fsck-with-dev-lock = %{version}
|
||||
# bnc#651598:
|
||||
@ -58,9 +80,11 @@ Source6: etc_filesystems
|
||||
Source7: baselibs.conf
|
||||
Source8: login.pamd
|
||||
Source9: remote.pamd
|
||||
Source10: su.pamd
|
||||
Source11: su.default
|
||||
# TODO: split to separate package
|
||||
Source11: klogconsole.tar.bz2
|
||||
# XXX: needed?
|
||||
Source40: klogconsole.tar.bz2
|
||||
# XXX: Run a program in a new session and with controlling tty
|
||||
Source22: setctsid.c
|
||||
Source23: setctsid.8
|
||||
# XXX: ppc specific, still needed?
|
||||
@ -76,40 +100,18 @@ Source51: blkid.conf
|
||||
## util-linux patches
|
||||
##
|
||||
# 241372 - remove legacy warnings from fdisk
|
||||
Patch1: util-linux-2.12r-fdisk_remove_bogus_warnings.patch
|
||||
Patch2: util-linux-2.20-libmount-deps.patch
|
||||
Patch1: util-linux-2.23.1-fdisk_remove_bogus_warnings.patch
|
||||
Patch2: util-linux-2.23.1-eject-fpie.patch
|
||||
Patch3: fdisk-tinfo.patch
|
||||
Patch4: mount-new-allow-sloppy-for-non-root.patch
|
||||
Patch5: libmount-don-t-use-nosuid-noexec-nodev-for-cifs-user.patch
|
||||
|
||||
# Patches 6-10: bcn#767208 (taken from upstream
|
||||
Patch6: mount-new-improve-error-messages.patch
|
||||
Patch7: libmount-add-special-MNT_ERR-codes.patch
|
||||
Patch8: mount-new-use-MNT_ERR-for-error-messages.patch
|
||||
Patch9: libmount-add-MNT_ERR_LOOPDEV.patch
|
||||
Patch10: mount-new-add-loopdev-specific-error-message.patch
|
||||
# PATCH-EXTEND-UPSTREAM: Let `su' handle /sbin and /usr/sbin in path
|
||||
Patch4: make-sure-sbin-resp-usr-sbin-are-in-PATH.diff
|
||||
|
||||
# disable encryption
|
||||
Patch11: util-linux-2.21.2-noenc.diff
|
||||
Patch12: util-linux-2.21.2-noenc-suse.diff
|
||||
|
||||
Patch13: login-close-tty-before-vhangup.patch
|
||||
Patch12: util-linux-2.23.1-noenc-suse.diff
|
||||
|
||||
# hack for boot.localfs
|
||||
Patch20: util-linux-HACK-boot.localfs.diff
|
||||
|
||||
Patch21: 0001-include-bitops.h-Use-the-operating-system-byteswappi.patch
|
||||
|
||||
#bnc#797002
|
||||
Patch22: add-canonicalize_path_restricted.patch
|
||||
Patch23: mount-sanitize-paths-from-non-root-users.patch
|
||||
Patch24: umount-sanitize-paths-from-non-root-users.patch
|
||||
#####
|
||||
# There is no __secure_getenv anymore..
|
||||
Patch25: 0001-Test-for-secure_getenv-too.patch
|
||||
|
||||
# fix fdisk compilation on aarch64
|
||||
Patch26: fdiskbsdlabel.patch
|
||||
##
|
||||
## klogconsole
|
||||
##
|
||||
@ -124,12 +126,14 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
PreReq: %insserv_prereq %fillup_prereq /bin/sed
|
||||
#
|
||||
Provides: base = %{version}-%{release}
|
||||
Provides: eject = %{version}-%{release}
|
||||
Provides: login = 4.0-33.7
|
||||
Provides: raw = %{version}-%{release}
|
||||
Provides: rawio = %{version}-%{release}
|
||||
Provides: util = %{version}-%{release}
|
||||
Provides: uuid-runtime = %{version}-%{release}
|
||||
Obsoletes: base < %{version}-%{release}
|
||||
Obsoletes: eject < %{version}-%{release}
|
||||
Obsoletes: login < 4.0-33.7
|
||||
Obsoletes: raw < %{version}-%{release}
|
||||
Obsoletes: rawio < %{version}-%{release}
|
||||
@ -211,52 +215,47 @@ Files to develop applications using the libmount library.
|
||||
|
||||
%lang_package
|
||||
%prep
|
||||
%setup -q -n %{name}-%{version} -b 11
|
||||
%setup -q -n %{name}-%{version} -b 40
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
%patch8 -p1
|
||||
%patch9 -p1
|
||||
%patch10 -p1
|
||||
%patch11 -p1
|
||||
%patch12 -p1
|
||||
%patch13 -p1
|
||||
#
|
||||
%patch20 -p1
|
||||
%patch21 -p1
|
||||
%patch22 -p1
|
||||
%patch23 -p1
|
||||
%patch24 -p1
|
||||
%patch25 -p1
|
||||
%patch26 -p1
|
||||
#
|
||||
# setctsid
|
||||
cp %{S:22} %{S:23} .
|
||||
cp -p %{S:22} %{S:23} .
|
||||
# nologin
|
||||
cp %{S:2} %{S:3} %{S:26} %{S:30} .
|
||||
cp -p %{S:2} %{S:3} %{S:26} %{S:30} .
|
||||
|
||||
%patch60 -p1
|
||||
%patch61 -p1
|
||||
|
||||
cd ../klogconsole
|
||||
pushd ../klogconsole
|
||||
%patch55 -p1
|
||||
%patch56 -p1
|
||||
popd
|
||||
|
||||
%build
|
||||
pushd ../
|
||||
pushd ../klogconsole
|
||||
# klogconsole build
|
||||
cd klogconsole
|
||||
make %{?_smp_mflags} CFLAGS="%{optflags}" CC="%{__cc}"
|
||||
cd ..
|
||||
popd
|
||||
# setctsid build
|
||||
rm -f setctsid
|
||||
make %{?_smp_mflags} setctsid CFLAGS="%{optflags}" CC="%{__cc}"
|
||||
#
|
||||
# Version check for libutempter
|
||||
#
|
||||
uhead=$(find %_includedir -name utempter.h 2>/dev/null)
|
||||
if test -n "$uhead" && grep -q utempter_add_record "$uhead"
|
||||
then
|
||||
uhead=--with-utempter
|
||||
else
|
||||
uhead=--without-utempter
|
||||
fi
|
||||
#
|
||||
# util-linux itself
|
||||
#
|
||||
autoreconf -fi
|
||||
@ -264,16 +263,41 @@ export SUID_CFLAGS="-fpie"
|
||||
export SUID_LDFLAGS="-pie"
|
||||
%configure \
|
||||
--with-audit \
|
||||
--with-gnu-ld \
|
||||
--with-ncurses \
|
||||
--with-selinux \
|
||||
$uhead \
|
||||
--with-systemdsystemunitdir=%_unitdir \
|
||||
--with-bashcompletiondir=%{_datadir}/bash-completion \
|
||||
--enable-mesg \
|
||||
--enable-partx \
|
||||
--enable-raw \
|
||||
--enable-write \
|
||||
--enable-line \
|
||||
--enable-new-mount \
|
||||
--enable-ddate \
|
||||
--enable-login-utils \
|
||||
--enable-tunelp \
|
||||
--enable-logger \
|
||||
%if %{with enable_eject}
|
||||
--enable-eject \
|
||||
%else
|
||||
--disable-eject \
|
||||
%endif
|
||||
%if %{with sysvinit_tools}
|
||||
--enable-sulogin \
|
||||
--enable-sulogin-emergency-mount \
|
||||
--enable-mountpoint \
|
||||
%else
|
||||
--disable-sulogin \
|
||||
--disable-mountpoint \
|
||||
%endif
|
||||
%if %{with enable_su}
|
||||
--enable-kill \
|
||||
--enable-su \
|
||||
%else
|
||||
--disable-su \
|
||||
--disable-kill \
|
||||
%endif
|
||||
--disable-use-tty-group \
|
||||
--disable-static \
|
||||
--disable-silent-rules \
|
||||
@ -286,17 +310,28 @@ make %{?_smp_mflags}
|
||||
%{__cc} -fwhole-program %{optflags} -o chrp-addnote %{SOURCE31}
|
||||
|
||||
%install
|
||||
mkdir -p %{buildroot}{/etc/init.d,/etc/pam.d,%{_mandir}/man{1,8},/bin,/sbin,/usr/bin,/usr/sbin,%{_infodir}}
|
||||
mkdir -p %{buildroot}{%{_sysconfdir}/{init.d,pam.d,default},%{_mandir}/man{1,8},/bin,/sbin,%{_bindir},%{_sbindir},%{_infodir}}
|
||||
mkdir -p %{buildroot}%{_localstatedir}/lib/libuuid/
|
||||
mkdir -p %{buildroot}%{_localstatedir}/run/uuidd/
|
||||
install -m 744 %{SOURCE50} %{buildroot}%{_initddir}/uuidd
|
||||
install -m 644 %{SOURCE51} %{buildroot}%{_sysconfdir}/blkid.conf
|
||||
install -m 644 %{SOURCE8} %{buildroot}/etc/pam.d/login
|
||||
install -m 644 %{SOURCE9} %{buildroot}/etc/pam.d/remote
|
||||
install -m 644 %{SOURCE8} %{buildroot}%{_sysconfdir}/pam.d/login
|
||||
install -m 644 %{SOURCE9} %{buildroot}%{_sysconfdir}/pam.d/remote
|
||||
%if %{with enable_su}
|
||||
install -m 644 %{SOURCE10} %{buildroot}%{_sysconfdir}/pam.d/su
|
||||
install -m 644 %{SOURCE10} %{buildroot}%{_sysconfdir}/pam.d/su-l
|
||||
install -m 644 %{SOURCE11} %{buildroot}%{_sysconfdir}/default/su
|
||||
# === MOVING SU TRICKERY (1/3) START ===
|
||||
# Install a copy of the su(1) config files with .ul suffix.
|
||||
# This hack can go away when the new su-less coreutils package is out.
|
||||
install -m 644 %{SOURCE10} %{buildroot}%{_sysconfdir}/pam.d/su.ul
|
||||
install -m 644 %{SOURCE10} %{buildroot}%{_sysconfdir}/pam.d/su-l.ul
|
||||
install -m 644 %{SOURCE11} %{buildroot}%{_sysconfdir}/default/su.ul
|
||||
# === MOVING SU TRICKERY (1/3) END ===
|
||||
%endif
|
||||
mkdir -p %{buildroot}%{_localstatedir}/adm/fillup-templates
|
||||
pushd ..
|
||||
pushd ../klogconsole
|
||||
# klogconsole install
|
||||
cd klogconsole
|
||||
make install DEST=%{buildroot}
|
||||
popd
|
||||
#
|
||||
@ -304,6 +339,10 @@ popd
|
||||
#
|
||||
%make_install
|
||||
#UsrMerge
|
||||
%if %{with enable_su}
|
||||
ln -s %{_bindir}/kill %{buildroot}/bin
|
||||
ln -s %{_bindir}/su %{buildroot}/bin
|
||||
%endif
|
||||
ln -s %{_bindir}/logger %{buildroot}/bin
|
||||
ln -s %{_bindir}/dmesg %{buildroot}/bin
|
||||
ln -s %{_bindir}/more %{buildroot}/bin
|
||||
@ -360,9 +399,9 @@ install -m 444 setctsid.8 %{buildroot}%{_mandir}/man8/
|
||||
echo -e "#! /bin/bash\n/sbin/blockdev --flushbufs \$1" > %{buildroot}%{_sbindir}/flushb
|
||||
chmod 755 %{buildroot}%{_sbindir}/flushb
|
||||
# Install scripts to configure raw devices at boot time
|
||||
install -m 644 $RPM_SOURCE_DIR/etc.raw %{buildroot}%{_sysconfdir}/raw
|
||||
install -m 644 $RPM_SOURCE_DIR%{_sysconfdir}.raw %{buildroot}%{_sysconfdir}/raw
|
||||
install -m 755 $RPM_SOURCE_DIR/raw.init %{buildroot}%{_initddir}/raw
|
||||
ln -sf ../../etc/init.d/raw %{buildroot}%{_sbindir}/rcraw
|
||||
ln -sf ../..%{_sysconfdir}/init.d/raw %{buildroot}%{_sbindir}/rcraw
|
||||
# Stupid hack so we don't have a tcsh dependency
|
||||
chmod 644 %{buildroot}%{_datadir}/getopt/getopt*.tcsh
|
||||
# Following files we don't want to package, so remove them
|
||||
@ -435,7 +474,13 @@ ln -sf ../..%{_sysconfdir}/init.d/uuidd %{buildroot}%{_sbindir}/rcuuidd
|
||||
%if 0%{?suse_version} <= 1130
|
||||
%run_permissions
|
||||
%else
|
||||
%set_permissions /usr/bin/wall /usr/bin/write /usr/bin/mount /usr/bin/umount
|
||||
%set_permissions %{_bindir}/wall %{_bindir}/write %{_bindir}/mount %{_bindir}/umount
|
||||
%if %{with enable_su}
|
||||
%set_permissions %{_bindir}/su
|
||||
%endif
|
||||
%if %{with enable_eject}
|
||||
%set_permissions %{_bindir}/eject
|
||||
%endif
|
||||
%endif
|
||||
|
||||
# mount option 'code=' is now called 'codepage=' so change fstab
|
||||
@ -443,12 +488,35 @@ if [ -f etc/fstab ]; then
|
||||
sed -i 's:code=:codepage=:' etc/fstab
|
||||
fi
|
||||
|
||||
%posttrans
|
||||
%if "%{with enable_su}"
|
||||
# === MOVING SU TRICKERY (2/3) START ===
|
||||
# If su(1)'s PAM config files are symbolic links, then they have been installed
|
||||
# by the coreutils package (because su-enabled coreutils has been installed
|
||||
# before util-linux). Remove the symlinks and install a copy of our .ul files
|
||||
# in their correct places.
|
||||
# This hack can go away when the new su-less coreutils package is out.
|
||||
for f in pam.d/su pam.d/su-l default/su ; do
|
||||
if [ -L %{_sysconfdir}/$f -a -e %{_sysconfdir}/$f.ul ]; then
|
||||
rm -v %{_sysconfdir}/$f
|
||||
cp -av %{_sysconfdir}/$f.ul %{_sysconfdir}/$f
|
||||
fi
|
||||
done
|
||||
# === MOVING SU TRICKERY (2/3) END ===
|
||||
%endif
|
||||
|
||||
%postun
|
||||
%install_info_delete --info-dir=%{_infodir} %{_infodir}/ipc.info.gz
|
||||
%{insserv_cleanup}
|
||||
|
||||
%verifyscript
|
||||
%verify_permissions -e /usr/bin/wall -e /usr/bin/write -e /usr/bin/mount -e /usr/bin/umount
|
||||
%verify_permissions -e %{_bindir}/wall -e %{_bindir}/write -e %{_bindir}/mount -e %{_bindir}/umount
|
||||
%if %{with enable_su}
|
||||
%verify_permissions -e %{_bindir}/su
|
||||
%endif
|
||||
%if %{with enable_eject}
|
||||
%verify_permissions -e %{_bindir}/eject
|
||||
%endif
|
||||
|
||||
%post -n libblkid1 -p /sbin/ldconfig
|
||||
|
||||
@ -459,8 +527,8 @@ fi
|
||||
%postun -n libmount1 -p /sbin/ldconfig
|
||||
|
||||
%pre -n uuidd
|
||||
/usr/sbin/groupadd -r uuidd 2>/dev/null || :
|
||||
/usr/sbin/useradd -r -g uuidd -c "User for uuidd" \
|
||||
%{_sbindir}/groupadd -r uuidd 2>/dev/null || :
|
||||
%{_sbindir}/useradd -r -g uuidd -c "User for uuidd" \
|
||||
-d /var/run/uuidd uuidd 2>/dev/null || :
|
||||
|
||||
%preun -n uuidd
|
||||
@ -471,7 +539,7 @@ fi
|
||||
%if 0%{?suse_version} <= 1130
|
||||
%run_permissions
|
||||
%else
|
||||
%set_permissions /usr/sbin/uuidd
|
||||
%set_permissions %{_sbindir}/uuidd
|
||||
%endif
|
||||
|
||||
%postun -n uuidd
|
||||
@ -483,7 +551,7 @@ fi
|
||||
%postun -n libuuid1 -p /sbin/ldconfig
|
||||
|
||||
%verifyscript -n uuidd
|
||||
%verify_permissions -e /usr/sbin/uuidd
|
||||
%verify_permissions -e %{_sbindir}/uuidd
|
||||
|
||||
%files lang -f %{name}.lang
|
||||
|
||||
@ -495,7 +563,6 @@ fi
|
||||
%doc Documentation/cal.txt
|
||||
%doc Documentation/cfdisk.txt
|
||||
%doc Documentation/col.txt
|
||||
%doc Documentation/ddate.txt
|
||||
%doc Documentation/deprecated.txt
|
||||
%doc Documentation/fdisk.txt
|
||||
%doc Documentation/getopt.txt
|
||||
@ -509,9 +576,25 @@ fi
|
||||
%config(noreplace) %attr(644,root,root) %{_sysconfdir}/raw
|
||||
%config(noreplace) %{_sysconfdir}/filesystems
|
||||
%config(noreplace) %{_sysconfdir}/blkid.conf
|
||||
%config(noreplace) /etc/pam.d/login
|
||||
%config(noreplace) /etc/pam.d/remote
|
||||
%config(noreplace) %{_sysconfdir}/pam.d/login
|
||||
%config(noreplace) %{_sysconfdir}/pam.d/remote
|
||||
%if %{with enable_su}
|
||||
%config(noreplace) %{_sysconfdir}/pam.d/su
|
||||
%config(noreplace) %{_sysconfdir}/pam.d/su-l
|
||||
%config(noreplace) %{_sysconfdir}/default/su
|
||||
# === MOVING SU TRICKERY (3/3) START ===
|
||||
# Package su(1) config files with .ul suffix needed in posttrans above.
|
||||
# This hack can go away when the new su-less coreutils package is out.
|
||||
%config %{_sysconfdir}/pam.d/su.ul
|
||||
%config %{_sysconfdir}/pam.d/su-l.ul
|
||||
%config %{_sysconfdir}/default/su.ul
|
||||
# === MOVING SU TRICKERY (3/3) END ===
|
||||
%endif
|
||||
#UsrMerge
|
||||
%if %{with enable_su}
|
||||
/bin/kill
|
||||
/bin/su
|
||||
%endif
|
||||
/bin/dmesg
|
||||
/bin/more
|
||||
/bin/mount
|
||||
@ -546,13 +629,19 @@ fi
|
||||
/sbin/fstrim
|
||||
/sbin/chcpu
|
||||
#EndUsrMerge
|
||||
%if %{with enable_su}
|
||||
%{_bindir}/kill
|
||||
%{_bindir}/su
|
||||
%endif
|
||||
%if %{with enable_eject}
|
||||
%verify(not mode) %attr(4750,root,audio) %{_bindir}/eject
|
||||
%endif
|
||||
%{_bindir}/cal
|
||||
%{_bindir}/chrt
|
||||
%{_bindir}/col
|
||||
%{_bindir}/colcrt
|
||||
%{_bindir}/colrm
|
||||
%{_bindir}/column
|
||||
%{_bindir}/ddate
|
||||
%{_bindir}/dmesg
|
||||
%{_bindir}/fallocate
|
||||
%{_bindir}/findmnt
|
||||
@ -569,11 +658,13 @@ fi
|
||||
%{_bindir}/look
|
||||
%{_bindir}/lsblk
|
||||
%{_bindir}/lscpu
|
||||
%{_bindir}/lslocks
|
||||
%{_bindir}/mcookie
|
||||
%{_bindir}/mesg
|
||||
%{_bindir}/more
|
||||
%{_bindir}/mount
|
||||
%{_bindir}/namei
|
||||
%{_bindir}/nsenter
|
||||
%{_bindir}/prlimit
|
||||
%{_bindir}/rename
|
||||
%{_bindir}/renice
|
||||
@ -587,14 +678,20 @@ fi
|
||||
%{_bindir}/ul
|
||||
%{_bindir}/umount
|
||||
%{_bindir}/unshare
|
||||
%if %{with sysvinit_tools}
|
||||
%{_bindir}/mountpoint
|
||||
%{_bindir}/utmpdump
|
||||
%endif
|
||||
%{_bindir}/uuidgen
|
||||
%ifnarch ppc ppc64
|
||||
%{_bindir}/chrp-addnote
|
||||
%{_bindir}/mkzimage_cmdline
|
||||
%endif
|
||||
%{_bindir}/wdctl
|
||||
%{_sbindir}/addpart
|
||||
%{_sbindir}/agetty
|
||||
%{_sbindir}/blkid
|
||||
%{_sbindir}/blkdiscard
|
||||
%{_sbindir}/blockdev
|
||||
%{_sbindir}/chcpu
|
||||
%{_sbindir}/ctrlaltdel
|
||||
@ -617,8 +714,13 @@ fi
|
||||
%{_sbindir}/pivot_root
|
||||
%{_sbindir}/raw
|
||||
%{_sbindir}/rcraw
|
||||
%{_sbindir}/resizepart
|
||||
%{_sbindir}/rtcwake
|
||||
%{_sbindir}/runuser
|
||||
%{_sbindir}/setctsid
|
||||
%if %{with sysvinit_tools}
|
||||
%{_sbindir}/sulogin
|
||||
%endif
|
||||
%{_sbindir}/swaplabel
|
||||
%{_sbindir}/swapoff
|
||||
%{_sbindir}/swapon
|
||||
@ -627,14 +729,20 @@ fi
|
||||
%verify(not mode) %attr(0755,root,tty) %{_bindir}/wall
|
||||
%{_bindir}/whereis
|
||||
%verify(not mode) %attr(0755,root,tty) %{_bindir}/write
|
||||
%if %{with enable_su}
|
||||
%{_mandir}/man1/kill.1.gz
|
||||
%{_mandir}/man1/su.1.gz
|
||||
%endif
|
||||
%{_mandir}/man1/cal.1.gz
|
||||
%{_mandir}/man1/chrt.1.gz
|
||||
%{_mandir}/man1/col.1.gz
|
||||
%{_mandir}/man1/colcrt.1.gz
|
||||
%{_mandir}/man1/colrm.1.gz
|
||||
%{_mandir}/man1/column.1.gz
|
||||
%{_mandir}/man1/ddate.1.gz
|
||||
%{_mandir}/man1/dmesg.1.gz
|
||||
%if %{with enable_eject}
|
||||
%{_mandir}/man1/eject.1.gz
|
||||
%endif
|
||||
%{_mandir}/man1/fallocate.1.gz
|
||||
%{_mandir}/man1/flock.1.gz
|
||||
%{_mandir}/man1/getopt.1.gz
|
||||
@ -650,6 +758,7 @@ fi
|
||||
%{_mandir}/man1/mesg.1.gz
|
||||
%{_mandir}/man1/more.1.gz
|
||||
%{_mandir}/man1/namei.1.gz
|
||||
%{_mandir}/man1/nsenter.1.gz
|
||||
%{_mandir}/man1/ionice.1.gz
|
||||
%{_mandir}/man1/prlimit.1.gz
|
||||
%{_mandir}/man1/rename.1.gz
|
||||
@ -667,6 +776,11 @@ fi
|
||||
%{_mandir}/man1/whereis.1.gz
|
||||
%{_mandir}/man1/write.1.gz
|
||||
%{_mandir}/man1/ipcmk.1.gz
|
||||
%if %{with sysvinit_tools}
|
||||
%{_mandir}/man1/mountpoint.1.gz
|
||||
%{_mandir}/man1/utmpdump.1.gz
|
||||
%endif
|
||||
%{_mandir}/man1/runuser.1.gz
|
||||
%{_mandir}/man1/uuidgen.1.gz
|
||||
%{_mandir}/man5/fstab.5.gz
|
||||
%{_mandir}/man8/addpart.8.gz
|
||||
@ -675,16 +789,20 @@ fi
|
||||
%{_mandir}/man8/delpart.8.gz
|
||||
%{_mandir}/man8/ctrlaltdel.8.gz
|
||||
%{_mandir}/man8/blkid.8.gz
|
||||
%{_mandir}/man8/blkdiscard.8.gz
|
||||
%{_mandir}/man8/switch_root.8.gz
|
||||
%{_mandir}/man8/mkfs.bfs.8.gz
|
||||
%{_mandir}/man8/mkfs.minix.8.gz
|
||||
%{_mandir}/man8/findfs.8.gz
|
||||
%{_mandir}/man8/fsck.8.gz
|
||||
%{_mandir}/man8/fsck.cramfs.8.gz
|
||||
%{_mandir}/man8/fsck.minix.8.gz
|
||||
%{_mandir}/man8/isosize.8.gz
|
||||
%{_mandir}/man8/ldattach.8.gz
|
||||
%{_mandir}/man8/losetup.8.gz
|
||||
%{_mandir}/man8/lslocks.8.gz
|
||||
%{_mandir}/man8/mkfs.8.gz
|
||||
%{_mandir}/man8/mkfs.cramfs.8.gz
|
||||
%{_mandir}/man8/mkswap.8.gz
|
||||
%{_mandir}/man8/mount.8.gz
|
||||
%{_mandir}/man8/nologin.8.gz
|
||||
@ -708,12 +826,17 @@ fi
|
||||
%{_mandir}/man8/wipefs.8.gz
|
||||
%{_mandir}/man8/fstrim.8.gz
|
||||
%{_mandir}/man8/lsblk.8.gz
|
||||
%{_mandir}/ru
|
||||
%{_mandir}/man8/resizepart.8.gz
|
||||
%if %{with sysvinit_tools}
|
||||
%{_mandir}/man8/sulogin.8.gz
|
||||
%endif
|
||||
%{_mandir}/man8/wdctl.8.gz
|
||||
%{_sbindir}/flushb
|
||||
%{_sbindir}/readprofile
|
||||
%dir %{_datadir}/getopt
|
||||
%attr (755,root,root) %{_datadir}/getopt/getopt-parse.bash
|
||||
%attr (755,root,root) %{_datadir}/getopt/getopt-parse.tcsh
|
||||
%{_datadir}/bash-completion/*
|
||||
%ifnarch ia64
|
||||
#XXX: post our patches upstream
|
||||
#XXX: call fdupes on /usr/share/man
|
||||
@ -784,6 +907,8 @@ fi
|
||||
%{_initddir}/uuidd
|
||||
%{_mandir}/man8/uuidd.8.gz
|
||||
%{_sbindir}/rcuuidd
|
||||
%{_unitdir}/uuidd.service
|
||||
%{_unitdir}/uuidd.socket
|
||||
|
||||
%files -n libuuid1
|
||||
%defattr(-, root, root)
|
||||
|
Loading…
Reference in New Issue
Block a user