diff --git a/login.pamd b/login.pamd index 0e774a7..446f853 100644 --- a/login.pamd +++ b/login.pamd @@ -1,10 +1,10 @@ #%PAM-1.0 -auth requisite pam_nologin.so -auth include common-auth -account include common-account -password include common-password -session required pam_loginuid.so -session optional pam_keyinit.so force revoke -session include common-session -#session optional pam_lastlog.so nowtmp showfailed -session optional pam_mail.so standard +auth requisite pam_nologin.so +auth include common-auth +account include common-account +password include common-password +session required pam_loginuid.so +session optional pam_keyinit.so force revoke +session include common-session +#session optional pam_lastlog.so nowtmp showfailed +session optional pam_mail.so standard diff --git a/python3-libmount.changes b/python3-libmount.changes index 9f4a426..d36b692 100644 --- a/python3-libmount.changes +++ b/python3-libmount.changes @@ -1,3 +1,49 @@ +------------------------------------------------------------------- +Tue Aug 6 03:39:25 UTC 2019 - Stanislav Brabec + +- Issue a warning for outdated pam files + (bsc#1082293, boo#1081947#c68). +- Fix comments and unify look of PAM files (login.pamd, + remote.pamd, runuser-l.pamd, runuser.pamd, su-l.pamd, su.pamd). + +------------------------------------------------------------------- +Wed Jul 31 18:08:29 CEST 2019 - sbrabec@suse.com + +- Update to version 2.34: + * new command hardlink + * rewrite of lsblk, now supports --dedup + * support for FUSE in umount + * support for "--all -o remount" in mount + * su: prefer /etc/default/su over /etc/login.defs and ENV_SUPATH + over ENV_ROOTPATH (bsc#1121197), improved --pty + * unshare: add -S/--setuid, -G/--setgid, -R/--root and -w/--wd + * fstrim: do not suppress warnings unless --quiet is used + * lscpu: print 'Frequency boost' and 'Vulnerability' fields, add + --caches + * logger: merge multiple MESSAGE= lines + * libblkid: do not depend on libuuid, supports DRBD9 detection + * libsmartcols: support N:M relationships in tree-like output + * fstrim and uuidd systemd services: hardening settings to + improve security and service isolation + * fstrim: trim root filesystem on --fstab, check for read-only + filesystems on --all and --fstab (boo#1106214). + * fstrim -A: properly de-duplicate sub-volumes (boo#1127701). + * Obsoletes util-linux-login_defs-priority1.patch, + util-linux-login_defs-priority2.patch and + util-linux-login_defs-SYS_UID.patch. + * Many Other fixes, see + https://www.kernel.org/pub/linux/utils/util-linux/v2.34/v2.34-ReleaseNotes +- Provide and obsolete hardlink package. +- util-linux-login_defs-check.sh: Update checksum, login now + supports LASTLOG_UID_MAX. + +------------------------------------------------------------------- +Mon Jul 22 17:19:22 CEST 2019 - sbrabec@suse.com + +- Fix /etc/default/su comments and create /etc/default/runuser + (bsc#1121197#31). +- Remove /etc/default/su migration from coreutils. + ------------------------------------------------------------------- Mon Jul 1 23:45:55 CEST 2019 - sbrabec@suse.com diff --git a/python3-libmount.spec b/python3-libmount.spec index 62b71eb..ebf91dd 100644 --- a/python3-libmount.spec +++ b/python3-libmount.spec @@ -115,7 +115,7 @@ BuildRequires: libmount-devel %endif %endif #END SECOND STAGE DEPENDENCIES -Version: 2.33.2 +Version: 2.34 Release: 0 # util-linux is a base package and uuidd pre-requiring pwdutils pulls # that into the core build cycle. pwdutils also pulls in the whole @@ -124,7 +124,7 @@ Release: 0 # these tools as well #!BuildIgnore: pwdutils Url: https://www.kernel.org/pub/linux/utils/util-linux/ -Source: https://www.kernel.org/pub/linux/utils/util-linux/v2.33/util-linux-%{version}.tar.xz +Source: https://www.kernel.org/pub/linux/utils/util-linux/v2.34/util-linux-%{version}.tar.xz Source1: util-linux-rpmlintrc Source2: util-linux-login_defs-check.sh Source4: raw.service @@ -135,7 +135,7 @@ Source8: login.pamd Source9: remote.pamd Source10: su.pamd Source11: su.default -Source12: https://www.kernel.org/pub/linux/utils/util-linux/v2.33/util-linux-%{version}.tar.sign +Source12: https://www.kernel.org/pub/linux/utils/util-linux/v2.34/util-linux-%{version}.tar.sign Source13: %{_name}.keyring Source14: runuser.pamd Source15: runuser-l.pamd @@ -145,12 +145,6 @@ Source51: blkid.conf Patch0: make-sure-sbin-resp-usr-sbin-are-in-PATH.diff Patch1: libmount-print-a-blacklist-hint-for-unknown-filesyst.patch Patch2: Add-documentation-on-blacklisted-modules-to-mount-8-.patch -# PATCH-FIX-UPSTREAM util-linux-login_defs-priority1.patch bsc1121197 sbrabec@suse.com -- Fix priorities of login.defs values. -Patch3: util-linux-login_defs-priority1.patch -# PATCH-FIX-UPSTREAM util-linux-login_defs-priority2.patch bsc1121197 sbrabec@suse.com -- Fix priorities of login.defs values. -Patch4: util-linux-login_defs-priority2.patch -# PATCH-FIX-UPSTREAM util-linux-login_defs-SYS_UID.patch bsc1121197 sbrabec@suse.com -- Fix discrepancies in SYS_UID* fallback. -Patch5: util-linux-login_defs-SYS_UID.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build # %if %build_util_linux @@ -170,8 +164,12 @@ Provides: rfkill = 0.5 Obsoletes: eject <= 2.1.0 # File conflict of login (up to 12.1 and SLE11). Obsoletes: login <= 4.0 -# File confluct (man page) of rfkill (up to Leap 15 and SLE 15). +# File conflict (man page) of rfkill (up to Leap 15 and SLE 15). Obsoletes: rfkill <= 0.5 +# util-linux-2.34 integrates hardlink (up to Leap 15.1 and SLE 15.1). +# The last version was 1.0+git.e66999f. +Provides: hardlink = 1.1 +Obsoletes: hardlink < 1.1 # bnc#805684: %ifarch s390x Obsoletes: s390-32 @@ -216,16 +214,16 @@ mount program, the fdisk configuration tool, and more. %package -n libblkid1 Summary: Filesystem detection library -Group: System/Libraries License: LGPL-2.1-or-later +Group: System/Libraries %description -n libblkid1 Library for filesystem detection. %package -n libblkid-devel Summary: Development files for the filesystem detection library -Group: Development/Libraries/C and C++ License: LGPL-2.1-or-later +Group: Development/Libraries/C and C++ Requires: libblkid1 = %{version} %description -n libblkid-devel @@ -234,8 +232,8 @@ detection. %package -n libblkid-devel-static Summary: Development files for the filesystem detection library -Group: Development/Libraries/C and C++ License: LGPL-2.1-or-later +Group: Development/Libraries/C and C++ Requires: libblkid-devel = %{version} %description -n libblkid-devel-static @@ -244,16 +242,16 @@ detection. %package -n libuuid1 Summary: Library to generate UUIDs -Group: System/Libraries License: BSD-3-Clause +Group: System/Libraries %description -n libuuid1 A library to generate universally unique IDs (UUIDs). %package -n libuuid-devel Summary: Development files for libuuid -Group: Development/Libraries/C and C++ License: BSD-3-Clause +Group: Development/Libraries/C and C++ Requires: libuuid1 = %{version} %description -n libuuid-devel @@ -262,8 +260,8 @@ unique IDs (UUIDs). %package -n libuuid-devel-static Summary: Development files for libuuid -Group: Development/Libraries/C and C++ License: BSD-3-Clause +Group: Development/Libraries/C and C++ Requires: libuuid-devel = %{version} %description -n libuuid-devel-static @@ -272,8 +270,8 @@ unique IDs (UUIDs). %package -n libmount1 Summary: Device mount library -Group: System/Libraries License: LGPL-2.1-or-later +Group: System/Libraries %description -n libmount1 Library designed to be used in low-level utils like @@ -281,8 +279,8 @@ mount(8) and /usr/sbin/mount. helpers. %package -n libmount-devel Summary: Development files for libmount -Group: Development/Libraries/C and C++ License: LGPL-2.1-or-later +Group: Development/Libraries/C and C++ Requires: libmount1 = %{version} %description -n libmount-devel @@ -290,8 +288,8 @@ Files to develop applications using the libmount library. %package -n libmount-devel-static Summary: Development files for libmount -Group: Development/Libraries/C and C++ License: LGPL-2.1-or-later +Group: Development/Libraries/C and C++ Requires: libmount-devel = %{version} %description -n libmount-devel-static @@ -299,16 +297,16 @@ Files to develop applications using the libmount library. %package -n libsmartcols1 Summary: Column-based text sort engine -Group: System/Libraries License: LGPL-2.1-or-later +Group: System/Libraries %description -n libsmartcols1 Library to sort human readable column-based text output. %package -n libsmartcols-devel Summary: Development files for libsmartcols -Group: Development/Libraries/C and C++ License: LGPL-2.1-or-later +Group: Development/Libraries/C and C++ Requires: libsmartcols1 = %{version} %description -n libsmartcols-devel @@ -316,8 +314,8 @@ Files to develop applications using the libsmartcols library. %package -n libsmartcols-devel-static Summary: Development files for libsmartcols -Group: Development/Libraries/C and C++ License: LGPL-2.1-or-later +Group: Development/Libraries/C and C++ Requires: libsmartcols-devel = %{version} %description -n libsmartcols-devel-static @@ -325,16 +323,16 @@ Files to develop applications using the libsmartcols library. %package -n libfdisk1 Summary: Filesystem detection library -Group: System/Libraries License: LGPL-2.1-or-later +Group: System/Libraries %description -n libfdisk1 Library for filesystem detection. %package -n libfdisk-devel Summary: Development files for the filesystem detection library -Group: Development/Libraries/C and C++ License: LGPL-2.1-or-later +Group: Development/Libraries/C and C++ Requires: libfdisk1 = %{version} %description -n libfdisk-devel @@ -343,8 +341,8 @@ detection. %package -n libfdisk-devel-static Summary: Development files for the filesystem detection library -Group: Development/Libraries/C and C++ License: LGPL-2.1-or-later +Group: Development/Libraries/C and C++ Requires: libfdisk-devel = %{version} %description -n libfdisk-devel-static @@ -357,6 +355,7 @@ detection. %if %build_util_linux %package systemd Summary: %summary_uls +License: GPL-2.0-or-later Group: %group_uls Supplements: packageand(util-linux:systemd) # Split-provides for upgrade from SLE < 12 and openSUSE <= 13.1 @@ -372,6 +371,7 @@ This package contains low-level util-linux utilities that use systemd. %package -n uuidd Summary: Helper daemon to guarantee uniqueness of time-based UUIDs +License: GPL-2.0-or-later Group: System/Filesystems %if 0%{?suse_version} >= 1330 Requires(pre): group(uuidd) @@ -393,6 +393,7 @@ SMP systems. %if %build_util_linux %package -n python3-libmount Summary: %summary_pl +License: GPL-2.0-or-later Group: %group_pl %description -n python3-libmount @@ -409,15 +410,11 @@ cp -a %{S:2} . %patch0 -p1 %patch1 -p1 %patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 %build %global _lto_cflags %{_lto_cflags} -ffat-lto-objects bash ./util-linux-login_defs-check.sh %if %build_util_linux -# #BEGIN SYSTEMD SAFETY CHECK # With systemd, some utilities are built differently. Keep track of these # sources to prevent building of systemd-less versions. @@ -627,6 +624,8 @@ install -m 644 %{SOURCE15} %{buildroot}%{_sysconfdir}/pam.d/runuser-l install -m 644 %{SOURCE10} %{buildroot}%{_sysconfdir}/pam.d/su install -m 644 %{SOURCE16} %{buildroot}%{_sysconfdir}/pam.d/su-l install -m 644 %{SOURCE11} %{buildroot}%{_sysconfdir}/default/su +sed 's/\bsu\b/runuser/g' <%{SOURCE11} >runuser.default +install -m 644 runuser.default %{buildroot}%{_sysconfdir}/default/runuser %endif # # util-linux install @@ -756,6 +755,7 @@ ln -sf /sbin/service %{buildroot}/usr/sbin/rcfstrim %service_add_post raw.service %set_permissions %{_bindir}/wall %{_bindir}/write %{_bindir}/mount %{_bindir}/umount %set_permissions %{_bindir}/su +# # Safely migrate PAM files from coreutils to util-linux # (openSUSE 12.3->13.1, SLE11->SLE12) # @@ -767,15 +767,25 @@ ln -sf /sbin/service %{buildroot}/usr/sbin/rcfstrim # no changes, we should restore admin modification, and rename the # clean file to .rpmnew, as it would happen if the file was not moved # from one package to another. -for PAM_FILE in default/su pam.d/su pam.d/su-l ; do - if test -f %{_sysconfdir}/$PAM_FILE.rpmsave ; then - mv %{_sysconfdir}/$PAM_FILE %{_sysconfdir}/$PAM_FILE.rpmnew - mv %{_sysconfdir}/$PAM_FILE.rpmsave %{_sysconfdir}/$PAM_FILE +for PAM_FILE in su su-l ; do + if test -f %{_sysconfdir}/pam.d/$PAM_FILE.rpmsave ; then + mv %{_sysconfdir}/pam.d/$PAM_FILE %{_sysconfdir}/pam.d/$PAM_FILE.rpmnew + mv %{_sysconfdir}/pam.d/$PAM_FILE.rpmsave %{_sysconfdir}/pam.d/$PAM_FILE fi done -# %{_sysconfdir}/default/su is tagged as noreplace. +# +# If outdated PAM file is detected, issue a warning. +for PAM_FILE in login remote runuser runuser-l su su-l ; do + if test -f %{_sysconfdir}/pam.d/$PAM_FILE.rpmnew ; then + echo "Your %{_sysconfdir}/pam.d/$PAM_FILE is outdated. Please check %{_sysconfdir}/pam.d/$PAM_FILE.rpmnew!" >&2 + fi +done +# +# /etc/default/su is tagged as noreplace. # But we want to migrate variables to /etc/login.defs (bsc#1121197). # Perform one-time config replace. +# Applies for: Update from SLE11, online update for SLE15 SP1, Leap15.1. +# Not needed for /etc/default/runuser. It was first packaged after the change. if ! grep -q "^# /etc/default/su is an override" %{_sysconfdir}/default/su ; then if test -f %{_sysconfdir}/default/su.rpmnew ; then if ! test -f %{_sysconfdir}/default/su.rpmorig ; then @@ -891,6 +901,7 @@ rmdir --ignore-fail-on-non-empty /run/run >/dev/null 2>&1 || : %config(noreplace) %{_sysconfdir}/pam.d/runuser-l %config(noreplace) %{_sysconfdir}/pam.d/su %config(noreplace) %{_sysconfdir}/pam.d/su-l +%config(noreplace) %{_sysconfdir}/default/runuser %config(noreplace) %{_sysconfdir}/default/su %config %dir %{_sysconfdir}/issue.d #UsrMerge @@ -946,6 +957,7 @@ rmdir --ignore-fail-on-non-empty /run/run >/dev/null 2>&1 || : %{_bindir}/findmnt %{_bindir}/flock %{_bindir}/getopt +%{_bindir}/hardlink %{_bindir}/hexdump %{_bindir}/ionice %{_bindir}/ipcmk @@ -1048,6 +1060,7 @@ rmdir --ignore-fail-on-non-empty /run/run >/dev/null 2>&1 || : %{_mandir}/man1/fincore.1.gz %{_mandir}/man1/flock.1.gz %{_mandir}/man1/getopt.1.gz +%{_mandir}/man1/hardlink.1.gz %{_mandir}/man1/hexdump.1.gz %{_mandir}/man1/ipcrm.1.gz %{_mandir}/man1/ipcs.1.gz diff --git a/remote.pamd b/remote.pamd index c74ab91..61a2f4e 100644 --- a/remote.pamd +++ b/remote.pamd @@ -1,13 +1,13 @@ #%PAM-1.0 # This file is used by /bin/login in case of remote logins (means where -# the -h option is used -auth requisite pam_nologin.so -auth [user_unknown=ignore success=ok ignore=ignore auth_err=die default=bad] pam_securetty.so -auth include common-auth -account include common-account -password include common-password -session required pam_loginuid.so -session optional pam_keyinit.so force revoke -session include common-session -session optional pam_lastlog.so nowtmp showfailed -session optional pam_mail.so standard +# the -h option is used). +auth requisite pam_nologin.so +auth [user_unknown=ignore success=ok ignore=ignore auth_err=die default=bad] pam_securetty.so +auth include common-auth +account include common-account +password include common-password +session required pam_loginuid.so +session optional pam_keyinit.so force revoke +session include common-session +session optional pam_lastlog.so nowtmp showfailed +session optional pam_mail.so standard diff --git a/runuser-l.pamd b/runuser-l.pamd index cc01ebb..8391fb1 100644 --- a/runuser-l.pamd +++ b/runuser-l.pamd @@ -1,6 +1,7 @@ #%PAM-1.0 -# Note that runuser requires only "session" setting (and for example "auth sufficient pam_rootok.so" dummy line). -auth sufficient pam_rootok.so -session optional pam_keyinit.so force revoke -session include common-session -session optional pam_xauth.so +# Note that runuser requires only "session" setting (and for example +# "auth sufficient pam_rootok.so" dummy line). +auth sufficient pam_rootok.so +session optional pam_keyinit.so force revoke +session include common-session +session optional pam_xauth.so diff --git a/runuser.pamd b/runuser.pamd index 47f600b..e71ab51 100644 --- a/runuser.pamd +++ b/runuser.pamd @@ -1,6 +1,7 @@ #%PAM-1.0 -# Note that runuser requires only "session" setting (and for example "auth sufficient pam_rootok.so" dummy line). -auth sufficient pam_rootok.so -session optional pam_keyinit.so revoke -session include common-session -session optional pam_xauth.so +# Note that runuser requires only "session" setting (and for example +# "auth sufficient pam_rootok.so" dummy line). +auth sufficient pam_rootok.so +session optional pam_keyinit.so revoke +session include common-session +session optional pam_xauth.so diff --git a/su-l.pamd b/su-l.pamd index d4e4241..2aa1d09 100644 --- a/su-l.pamd +++ b/su-l.pamd @@ -1,9 +1,9 @@ #%PAM-1.0 -auth sufficient pam_rootok.so -auth include common-auth -account sufficient pam_rootok.so -account include common-account -password include common-password -session optional pam_keyinit.so force revoke -session include common-session -session optional pam_xauth.so +auth sufficient pam_rootok.so +auth include common-auth +account sufficient pam_rootok.so +account include common-account +password include common-password +session optional pam_keyinit.so force revoke +session include common-session +session optional pam_xauth.so diff --git a/su.default b/su.default index 0840fb4..3eb5b7f 100644 --- a/su.default +++ b/su.default @@ -1,8 +1,6 @@ -# /etc/default/su is an override for /etc/login.defs for su and runuser -# (It is also read as a fallback for login.) +# /etc/default/su is an override of /etc/login.defs for su. +# See /etc/login.defs and su(1) for more. # -# See /etc/login.defs, su(1) or runuser(1) for more. -# -# List of su/runuser variables: +# List of supported variables: # ALWAYS_SET_PATH, ENV_PATH, ENV_ROOTPATH, ENV_SUPATH, FAIL_DELAY # diff --git a/su.pamd b/su.pamd index d0c9fe8..66e4e37 100644 --- a/su.pamd +++ b/su.pamd @@ -1,8 +1,8 @@ #%PAM-1.0 -auth sufficient pam_rootok.so -auth include common-auth -account sufficient pam_rootok.so -account include common-account -password include common-password -session include common-session -session optional pam_xauth.so +auth sufficient pam_rootok.so +auth include common-auth +account sufficient pam_rootok.so +account include common-account +password include common-password +session include common-session +session optional pam_xauth.so diff --git a/util-linux-2.33.2.tar.sign b/util-linux-2.33.2.tar.sign deleted file mode 100644 index 7015622..0000000 --- a/util-linux-2.33.2.tar.sign +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEsMZNFDAcxu+u32Dk5LcdXuw5woQFAlyspAgACgkQ5LcdXuw5 -woRdIA/+NyJ0z27Qpg9JHUja6jQJRfpzEEg2kCc1hVyVlAuXVVo2ovWNjpTnJqsY -tQk/rHlfnj/X1XGhsCa00R8xYrnfLDLujJoJw8F0Ghe25exOgh9gB7Ah77p5NXox -IhGuSY8tg7WrxI2LI1VFnIOvrBXXMtcrE99QgcwcaZFzzOjybkCFYT7o26PHhXi1 -HF0rpRi3J8q6QCHoHVofiG8bfYClDohj89WdWlQ2OcTRRXS3x6NOYzc021crmwIe -aa1WP6hZhre6rK6YtMRAIZKM+zArzS6sMkSsjSpU30bBMIxHlP2mwmrhuTWtDmfS -Q7rybUT4s0fxjIaa6dn7twXRYqxkYu1ZMUw0oF1D6mJD3fJM1jjz5paMKQYRswWN -FDEGn8yNPmDzh3v2tJHOetN76l7LcEEcXiBk/8/5FDwDB8XvZQFGnIOeivXgZPDn -tz+Qc7/1fb9lkE11kM2DBpbL9+Trv/PlX6AtBorOYZrDiAQbvTGfCFG2KcA4sRKn -zIrjycH1B2mjdhTm3tP5hY+MkAWECwx92cuf95tD0KxKnFsmfv3HgYl86VgjHvHE -EvaShFmct6TaHzskvMaHIaiywRX2OqvwzPQyapymreHwAMdyFRRRGcJV13uVQppj -P1rWKP9lAMOMETH9IinGKSYY2fLwrK84t9SttymEAdSuAant4Lo= -=alGJ ------END PGP SIGNATURE----- diff --git a/util-linux-2.33.2.tar.xz b/util-linux-2.33.2.tar.xz deleted file mode 100644 index f35908c..0000000 --- a/util-linux-2.33.2.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:631be8eac6cf6230ba478de211941d526808dba3cd436380793334496013ce97 -size 4707024 diff --git a/util-linux-2.34.tar.sign b/util-linux-2.34.tar.sign new file mode 100644 index 0000000..183b5e0 --- /dev/null +++ b/util-linux-2.34.tar.sign @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEsMZNFDAcxu+u32Dk5LcdXuw5woQFAl0Dem4ACgkQ5LcdXuw5 +woSlGg//eWI46Oy/Bwvd4QuZ5CGvuDzmoLsYyr3YvJrVTTZci9I/j0tZYpGKRsK4 +ftUP+dJ0eyur9b+xUlQi5WPMHITPpbo0HoKRzkBJQ+Z98IhiLDclhxgzX8wy1bos +gbZ0fVcct4L9fcrL8x/yRrT2WFIrVVdPeNUcR1gN0J4PaIr1Itd3CvXmkOU3JsxG +6KnfnQRxUcSb9QxNIrc3ME0MRnJzI+YehG66rdh7PKiTat26YYehWukelEzju22Q +BHvj4wwDNs6UQ8Y26cVArYKf+5S1FSvudY0c+4C7aQC9IYjQYh99l/APBMr1Tvep +d8f02zxZbCB30lmkCov0JQB1ajRMHlgnH4tG1nki9gi4kyBc89HY4CFX00PiCFX8 +NOJI9559syCu76aK+KMwNZTPxjxy5HzYfSDqsSSizajYahDpZ9ge9NT3dOqkM4Sz +wFwAv5IdmgH5cIO0va4obNKR0TNUCEIThETpxaY9GAkyyUavCA6RXywobYSnTdbQ +K+prQfTH25/UDoW1rDdoNe2IrDeUsPD74oXUxmDgCMBpWAHPdt+gQMzv6fhl2A3Y +e+A5Ypmh6YgIppY+rtjLbkMCYhJ1jVbV6eLVyb2y0IIltw4xrvzNlbpIHW7DPdY8 ++BUJMSG/Yq5+qKPijsq1th5s7a2B0r816ti+EllZxOTpKbKMSYo= +=iGKC +-----END PGP SIGNATURE----- diff --git a/util-linux-2.34.tar.xz b/util-linux-2.34.tar.xz new file mode 100644 index 0000000..5391fda --- /dev/null +++ b/util-linux-2.34.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:743f9d0c7252b6db246b659c1e1ce0bd45d8d4508b4dfa427bbb4a3e9b9f62b5 +size 4974812 diff --git a/util-linux-login_defs-SYS_UID.patch b/util-linux-login_defs-SYS_UID.patch deleted file mode 100644 index 7098d21..0000000 --- a/util-linux-login_defs-SYS_UID.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 0d37969cbe2cb85d9c01f78071528a8a7c789f96 Mon Sep 17 00:00:00 2001 -From: Stanislav Brabec -Date: Wed, 24 Apr 2019 11:16:53 +0200 -Subject: [PATCH] lslogins: Fix discrepancies of SYS_UID_MIN - -util-linux does not contain useradd. Its most popular implementation -comes from shadow. SYS_UID_MIN is one of common parameters. Its -hardcoded fallback value is equal to 101 in shadow useradd (see -shadow-4.6/libmisc/find_new_uid.c: get_ranges()), but 201 in -login-utils/lslogins.c. - -Let lslogins use the same fallback as useradd from shadow. - -Hopefully most distros define its custom value of SYS_UID_MIN in -/etc/login.defs, so this problem is not visible. - -login-utils/lslogins.1 does not mention its default at all. Add a -reference and improve text of lslogins(1) to prevent off-by-one -interpretation. - -Signed-off-by: Stanislav Brabec -Signed-off-by: Karel Zak ---- - login-utils/lslogins.1 | 6 +++--- - login-utils/lslogins.c | 2 +- - 2 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/login-utils/lslogins.1 b/login-utils/lslogins.1 -index 5aa14c706..f003ef264 100644 ---- a/login-utils/lslogins.1 -+++ b/login-utils/lslogins.1 -@@ -92,9 +92,9 @@ Display information related to login by password (see also \fB\-afL). - Raw output (no columnation). - .TP - \fB\-s\fR, \fB\-\-system\-accs\fR --Show system accounts. These are by default all accounts with a UID below 1000 --(non-inclusive), with the exception of either nobody or nfsnobody (UID 65534). --This hardcoded default maybe overwritten by parameters SYS_UID_MIN and SYS_UID_MAX in -+Show system accounts.  These are by default all accounts with a UID between 101 and 999 -+(inclusive), with the exception of either nobody or nfsnobody (UID 65534). -+This hardcoded default may be overwritten by parameters SYS_UID_MIN and SYS_UID_MAX in - the file /etc/login.defs. - .TP - \fB\-\-time\-format\fR \fItype\fP -diff --git a/login-utils/lslogins.c b/login-utils/lslogins.c -index efb20a4f7..3d9c9b97a 100644 ---- a/login-utils/lslogins.c -+++ b/login-utils/lslogins.c -@@ -74,7 +74,7 @@ static int lslogins_flag; - - #define UL_UID_MIN 1000 - #define UL_UID_MAX 60000 --#define UL_SYS_UID_MIN 201 -+#define UL_SYS_UID_MIN 101 - #define UL_SYS_UID_MAX 999 - - /* we use the value of outmode to determine --- -2.21.0 - diff --git a/util-linux-login_defs-check.sh b/util-linux-login_defs-check.sh index b500955..db14433 100644 --- a/util-linux-login_defs-check.sh +++ b/util-linux-login_defs-check.sh @@ -15,7 +15,7 @@ echo -n "Checking login.defs variables in util-linux... " >&2 sed -n 's/^.*logindefs_setenv*("[A-Z0-9_]*", "\([A-Z0-9_]*\)".*$/\1/p' ) | LC_ALL=C sort -u >util-linux-login_defs-vars.lst -if test $(sha1sum util-linux-login_defs-vars.lst | sed 's/ .*$//') != a9c56a10a4b5a0afb63c9208b8ca0cb1b46a8429 ; then +if test $(sha1sum util-linux-login_defs-vars.lst | sed 's/ .*$//') != ca9ea2bf3ee8c8c0c623ace938cdf0f04869f8cf ; then echo "does not match!" >&2 echo "Checksum is: $(sha1sum util-linux-login_defs-vars.lst | sed 's/ .*$//')" >&2 diff --git a/util-linux-login_defs-priority1.patch b/util-linux-login_defs-priority1.patch deleted file mode 100644 index ce6ce19..0000000 --- a/util-linux-login_defs-priority1.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 15a191f6d30dfe202a080a3d90968b63d695a29f Mon Sep 17 00:00:00 2001 -From: Stanislav Brabec -Date: Thu, 10 Jan 2019 01:28:53 +0100 -Subject: [PATCH 1/2] su-common.c: prefer /etc/default/su over login.defs - -su(1) documentation says: - /etc/default/su command specific logindef config file - /etc/login.defs global logindef config file - -It indirectly indicates that /etc/default/su should take precedence -over /etc/login.defs. - -But the reverse is true. It is not possible to define ENV_PATH in -/etc/login.defs and then make su specific customization in -/etc/default/su. We need to change read order to match the documented -behavior. - -Signed-off-by: Stanislav Brabec ---- - login-utils/su-common.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/login-utils/su-common.c b/login-utils/su-common.c -index e0604e246..19074247c 100644 ---- a/login-utils/su-common.c -+++ b/login-utils/su-common.c -@@ -1229,8 +1229,8 @@ static void load_config(void *data) - struct su_context *su = (struct su_context *) data; - - DBG(MISC, ul_debug("loading logindefs")); -- logindefs_load_file(su->runuser ? _PATH_LOGINDEFS_RUNUSER : _PATH_LOGINDEFS_SU); - logindefs_load_file(_PATH_LOGINDEFS); -+ logindefs_load_file(su->runuser ? _PATH_LOGINDEFS_RUNUSER : _PATH_LOGINDEFS_SU); - } - - /* --- -2.20.1 - diff --git a/util-linux-login_defs-priority2.patch b/util-linux-login_defs-priority2.patch deleted file mode 100644 index 7d7013d..0000000 --- a/util-linux-login_defs-priority2.patch +++ /dev/null @@ -1,74 +0,0 @@ -From 86f42e5a2a9d8a483ad0ca85fdf090172fb4d385 Mon Sep 17 00:00:00 2001 -From: Stanislav Brabec -Date: Thu, 10 Jan 2019 01:28:54 +0100 -Subject: [PATCH 2/2] su-common.c: prefer ENV_SUPATH over ENV_ROOTPATH - -ENV_SUPATH and ENV_ROOTPATH are equivalent and ENV_ROOTPATH takes -precedence in both login and su. It makes no sense. More logical would be -precedence of ENV_SUPATH in su and ENV_ROOTPATH in login. - -Signed-off-by: Stanislav Brabec ---- - login-utils/login.1 | 2 +- - login-utils/runuser.1 | 2 +- - login-utils/su-common.c | 4 ++-- - login-utils/su.1 | 2 +- - 4 files changed, 5 insertions(+), 5 deletions(-) - -diff --git a/login-utils/login.1 b/login-utils/login.1 -index cb8addec3..b73eae147 100644 ---- a/login-utils/login.1 -+++ b/login-utils/login.1 -@@ -282,7 +282,7 @@ a regular user logs in. The default value is - (string) - .RS 4 - If set, it will be used to define the PATH environment variable when --the superuser logs in. The default value is -+the superuser logs in. ENV_ROOTPATH takes precedence. The default value is - .I /usr\:/local\:/sbin:\:/usr\:/local\:/bin:\:/sbin:\:/bin:\:/usr\:/sbin:\:/usr\:/bin - .RE - .SH FILES -diff --git a/login-utils/runuser.1 b/login-utils/runuser.1 -index bf0d02471..221672200 100644 ---- a/login-utils/runuser.1 -+++ b/login-utils/runuser.1 -@@ -183,7 +183,7 @@ default value is - .B ENV_SUPATH - (string) - .RS 4 --Defines the PATH environment variable for root. The default value is -+Defines the PATH environment variable for root. ENV_SUPATH takes precedence. The default value is - .IR /usr/local/sbin:\:/usr/local/bin:\:/sbin:\:/bin:\:/usr/sbin:\:/usr/bin . - .RE - .PP -diff --git a/login-utils/su-common.c b/login-utils/su-common.c -index 19074247c..0e44eb87c 100644 ---- a/login-utils/su-common.c -+++ b/login-utils/su-common.c -@@ -989,8 +989,8 @@ static void setenv_path(const struct passwd *pw) - if (pw->pw_uid) - rc = logindefs_setenv("PATH", "ENV_PATH", _PATH_DEFPATH); - -- else if ((rc = logindefs_setenv("PATH", "ENV_ROOTPATH", NULL)) != 0) -- rc = logindefs_setenv("PATH", "ENV_SUPATH", _PATH_DEFPATH_ROOT); -+ else if ((rc = logindefs_setenv("PATH", "ENV_SUPATH", NULL)) != 0) -+ rc = logindefs_setenv("PATH", "ENV_ROOTPATH", _PATH_DEFPATH_ROOT); - - if (rc) - err(EXIT_FAILURE, _("failed to set the PATH environment variable")); -diff --git a/login-utils/su.1 b/login-utils/su.1 -index d6a064fd2..5ae6d6b2d 100644 ---- a/login-utils/su.1 -+++ b/login-utils/su.1 -@@ -209,7 +209,7 @@ default value is - .B ENV_SUPATH - (string) - .RS 4 --Defines the PATH environment variable for root. The default value is -+Defines the PATH environment variable for root. ENV_SUPATH takes precedence. The default value is - .IR /usr/local/sbin:\:/usr/local/bin:\:/sbin:\:/bin:\:/usr/sbin:\:/usr/bin . - .RE - .PP --- -2.20.1 - diff --git a/util-linux-systemd.changes b/util-linux-systemd.changes index 9f4a426..d36b692 100644 --- a/util-linux-systemd.changes +++ b/util-linux-systemd.changes @@ -1,3 +1,49 @@ +------------------------------------------------------------------- +Tue Aug 6 03:39:25 UTC 2019 - Stanislav Brabec + +- Issue a warning for outdated pam files + (bsc#1082293, boo#1081947#c68). +- Fix comments and unify look of PAM files (login.pamd, + remote.pamd, runuser-l.pamd, runuser.pamd, su-l.pamd, su.pamd). + +------------------------------------------------------------------- +Wed Jul 31 18:08:29 CEST 2019 - sbrabec@suse.com + +- Update to version 2.34: + * new command hardlink + * rewrite of lsblk, now supports --dedup + * support for FUSE in umount + * support for "--all -o remount" in mount + * su: prefer /etc/default/su over /etc/login.defs and ENV_SUPATH + over ENV_ROOTPATH (bsc#1121197), improved --pty + * unshare: add -S/--setuid, -G/--setgid, -R/--root and -w/--wd + * fstrim: do not suppress warnings unless --quiet is used + * lscpu: print 'Frequency boost' and 'Vulnerability' fields, add + --caches + * logger: merge multiple MESSAGE= lines + * libblkid: do not depend on libuuid, supports DRBD9 detection + * libsmartcols: support N:M relationships in tree-like output + * fstrim and uuidd systemd services: hardening settings to + improve security and service isolation + * fstrim: trim root filesystem on --fstab, check for read-only + filesystems on --all and --fstab (boo#1106214). + * fstrim -A: properly de-duplicate sub-volumes (boo#1127701). + * Obsoletes util-linux-login_defs-priority1.patch, + util-linux-login_defs-priority2.patch and + util-linux-login_defs-SYS_UID.patch. + * Many Other fixes, see + https://www.kernel.org/pub/linux/utils/util-linux/v2.34/v2.34-ReleaseNotes +- Provide and obsolete hardlink package. +- util-linux-login_defs-check.sh: Update checksum, login now + supports LASTLOG_UID_MAX. + +------------------------------------------------------------------- +Mon Jul 22 17:19:22 CEST 2019 - sbrabec@suse.com + +- Fix /etc/default/su comments and create /etc/default/runuser + (bsc#1121197#31). +- Remove /etc/default/su migration from coreutils. + ------------------------------------------------------------------- Mon Jul 1 23:45:55 CEST 2019 - sbrabec@suse.com diff --git a/util-linux-systemd.spec b/util-linux-systemd.spec index efe914d..ed2341d 100644 --- a/util-linux-systemd.spec +++ b/util-linux-systemd.spec @@ -115,7 +115,7 @@ BuildRequires: libmount-devel %endif %endif #END SECOND STAGE DEPENDENCIES -Version: 2.33.2 +Version: 2.34 Release: 0 # util-linux is a base package and uuidd pre-requiring pwdutils pulls # that into the core build cycle. pwdutils also pulls in the whole @@ -124,7 +124,7 @@ Release: 0 # these tools as well #!BuildIgnore: pwdutils Url: https://www.kernel.org/pub/linux/utils/util-linux/ -Source: https://www.kernel.org/pub/linux/utils/util-linux/v2.33/util-linux-%{version}.tar.xz +Source: https://www.kernel.org/pub/linux/utils/util-linux/v2.34/util-linux-%{version}.tar.xz Source1: util-linux-rpmlintrc Source2: util-linux-login_defs-check.sh Source4: raw.service @@ -135,7 +135,7 @@ Source8: login.pamd Source9: remote.pamd Source10: su.pamd Source11: su.default -Source12: https://www.kernel.org/pub/linux/utils/util-linux/v2.33/util-linux-%{version}.tar.sign +Source12: https://www.kernel.org/pub/linux/utils/util-linux/v2.34/util-linux-%{version}.tar.sign Source13: %{_name}.keyring Source14: runuser.pamd Source15: runuser-l.pamd @@ -145,12 +145,6 @@ Source51: blkid.conf Patch0: make-sure-sbin-resp-usr-sbin-are-in-PATH.diff Patch1: libmount-print-a-blacklist-hint-for-unknown-filesyst.patch Patch2: Add-documentation-on-blacklisted-modules-to-mount-8-.patch -# PATCH-FIX-UPSTREAM util-linux-login_defs-priority1.patch bsc1121197 sbrabec@suse.com -- Fix priorities of login.defs values. -Patch3: util-linux-login_defs-priority1.patch -# PATCH-FIX-UPSTREAM util-linux-login_defs-priority2.patch bsc1121197 sbrabec@suse.com -- Fix priorities of login.defs values. -Patch4: util-linux-login_defs-priority2.patch -# PATCH-FIX-UPSTREAM util-linux-login_defs-SYS_UID.patch bsc1121197 sbrabec@suse.com -- Fix discrepancies in SYS_UID* fallback. -Patch5: util-linux-login_defs-SYS_UID.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build # %if %build_util_linux @@ -170,8 +164,12 @@ Provides: rfkill = 0.5 Obsoletes: eject <= 2.1.0 # File conflict of login (up to 12.1 and SLE11). Obsoletes: login <= 4.0 -# File confluct (man page) of rfkill (up to Leap 15 and SLE 15). +# File conflict (man page) of rfkill (up to Leap 15 and SLE 15). Obsoletes: rfkill <= 0.5 +# util-linux-2.34 integrates hardlink (up to Leap 15.1 and SLE 15.1). +# The last version was 1.0+git.e66999f. +Provides: hardlink = 1.1 +Obsoletes: hardlink < 1.1 # bnc#805684: %ifarch s390x Obsoletes: s390-32 @@ -216,16 +214,16 @@ mount program, the fdisk configuration tool, and more. %package -n libblkid1 Summary: Filesystem detection library -Group: System/Libraries License: LGPL-2.1-or-later +Group: System/Libraries %description -n libblkid1 Library for filesystem detection. %package -n libblkid-devel Summary: Development files for the filesystem detection library -Group: Development/Libraries/C and C++ License: LGPL-2.1-or-later +Group: Development/Libraries/C and C++ Requires: libblkid1 = %{version} %description -n libblkid-devel @@ -234,8 +232,8 @@ detection. %package -n libblkid-devel-static Summary: Development files for the filesystem detection library -Group: Development/Libraries/C and C++ License: LGPL-2.1-or-later +Group: Development/Libraries/C and C++ Requires: libblkid-devel = %{version} %description -n libblkid-devel-static @@ -244,16 +242,16 @@ detection. %package -n libuuid1 Summary: Library to generate UUIDs -Group: System/Libraries License: BSD-3-Clause +Group: System/Libraries %description -n libuuid1 A library to generate universally unique IDs (UUIDs). %package -n libuuid-devel Summary: Development files for libuuid -Group: Development/Libraries/C and C++ License: BSD-3-Clause +Group: Development/Libraries/C and C++ Requires: libuuid1 = %{version} %description -n libuuid-devel @@ -262,8 +260,8 @@ unique IDs (UUIDs). %package -n libuuid-devel-static Summary: Development files for libuuid -Group: Development/Libraries/C and C++ License: BSD-3-Clause +Group: Development/Libraries/C and C++ Requires: libuuid-devel = %{version} %description -n libuuid-devel-static @@ -272,8 +270,8 @@ unique IDs (UUIDs). %package -n libmount1 Summary: Device mount library -Group: System/Libraries License: LGPL-2.1-or-later +Group: System/Libraries %description -n libmount1 Library designed to be used in low-level utils like @@ -281,8 +279,8 @@ mount(8) and /usr/sbin/mount. helpers. %package -n libmount-devel Summary: Development files for libmount -Group: Development/Libraries/C and C++ License: LGPL-2.1-or-later +Group: Development/Libraries/C and C++ Requires: libmount1 = %{version} %description -n libmount-devel @@ -290,8 +288,8 @@ Files to develop applications using the libmount library. %package -n libmount-devel-static Summary: Development files for libmount -Group: Development/Libraries/C and C++ License: LGPL-2.1-or-later +Group: Development/Libraries/C and C++ Requires: libmount-devel = %{version} %description -n libmount-devel-static @@ -299,16 +297,16 @@ Files to develop applications using the libmount library. %package -n libsmartcols1 Summary: Column-based text sort engine -Group: System/Libraries License: LGPL-2.1-or-later +Group: System/Libraries %description -n libsmartcols1 Library to sort human readable column-based text output. %package -n libsmartcols-devel Summary: Development files for libsmartcols -Group: Development/Libraries/C and C++ License: LGPL-2.1-or-later +Group: Development/Libraries/C and C++ Requires: libsmartcols1 = %{version} %description -n libsmartcols-devel @@ -316,8 +314,8 @@ Files to develop applications using the libsmartcols library. %package -n libsmartcols-devel-static Summary: Development files for libsmartcols -Group: Development/Libraries/C and C++ License: LGPL-2.1-or-later +Group: Development/Libraries/C and C++ Requires: libsmartcols-devel = %{version} %description -n libsmartcols-devel-static @@ -325,16 +323,16 @@ Files to develop applications using the libsmartcols library. %package -n libfdisk1 Summary: Filesystem detection library -Group: System/Libraries License: LGPL-2.1-or-later +Group: System/Libraries %description -n libfdisk1 Library for filesystem detection. %package -n libfdisk-devel Summary: Development files for the filesystem detection library -Group: Development/Libraries/C and C++ License: LGPL-2.1-or-later +Group: Development/Libraries/C and C++ Requires: libfdisk1 = %{version} %description -n libfdisk-devel @@ -343,8 +341,8 @@ detection. %package -n libfdisk-devel-static Summary: Development files for the filesystem detection library -Group: Development/Libraries/C and C++ License: LGPL-2.1-or-later +Group: Development/Libraries/C and C++ Requires: libfdisk-devel = %{version} %description -n libfdisk-devel-static @@ -357,6 +355,7 @@ detection. %if %build_util_linux %package systemd Summary: %summary_uls +License: GPL-2.0-or-later Group: %group_uls Supplements: packageand(util-linux:systemd) # Split-provides for upgrade from SLE < 12 and openSUSE <= 13.1 @@ -372,6 +371,7 @@ This package contains low-level util-linux utilities that use systemd. %package -n uuidd Summary: Helper daemon to guarantee uniqueness of time-based UUIDs +License: GPL-2.0-or-later Group: System/Filesystems %if 0%{?suse_version} >= 1330 Requires(pre): group(uuidd) @@ -393,6 +393,7 @@ SMP systems. %if %build_util_linux %package -n python3-libmount Summary: %summary_pl +License: GPL-2.0-or-later Group: %group_pl %description -n python3-libmount @@ -409,15 +410,11 @@ cp -a %{S:2} . %patch0 -p1 %patch1 -p1 %patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 %build %global _lto_cflags %{_lto_cflags} -ffat-lto-objects bash ./util-linux-login_defs-check.sh %if %build_util_linux -# #BEGIN SYSTEMD SAFETY CHECK # With systemd, some utilities are built differently. Keep track of these # sources to prevent building of systemd-less versions. @@ -627,6 +624,8 @@ install -m 644 %{SOURCE15} %{buildroot}%{_sysconfdir}/pam.d/runuser-l install -m 644 %{SOURCE10} %{buildroot}%{_sysconfdir}/pam.d/su install -m 644 %{SOURCE16} %{buildroot}%{_sysconfdir}/pam.d/su-l install -m 644 %{SOURCE11} %{buildroot}%{_sysconfdir}/default/su +sed 's/\bsu\b/runuser/g' <%{SOURCE11} >runuser.default +install -m 644 runuser.default %{buildroot}%{_sysconfdir}/default/runuser %endif # # util-linux install @@ -756,6 +755,7 @@ ln -sf /sbin/service %{buildroot}/usr/sbin/rcfstrim %service_add_post raw.service %set_permissions %{_bindir}/wall %{_bindir}/write %{_bindir}/mount %{_bindir}/umount %set_permissions %{_bindir}/su +# # Safely migrate PAM files from coreutils to util-linux # (openSUSE 12.3->13.1, SLE11->SLE12) # @@ -767,15 +767,25 @@ ln -sf /sbin/service %{buildroot}/usr/sbin/rcfstrim # no changes, we should restore admin modification, and rename the # clean file to .rpmnew, as it would happen if the file was not moved # from one package to another. -for PAM_FILE in default/su pam.d/su pam.d/su-l ; do - if test -f %{_sysconfdir}/$PAM_FILE.rpmsave ; then - mv %{_sysconfdir}/$PAM_FILE %{_sysconfdir}/$PAM_FILE.rpmnew - mv %{_sysconfdir}/$PAM_FILE.rpmsave %{_sysconfdir}/$PAM_FILE +for PAM_FILE in su su-l ; do + if test -f %{_sysconfdir}/pam.d/$PAM_FILE.rpmsave ; then + mv %{_sysconfdir}/pam.d/$PAM_FILE %{_sysconfdir}/pam.d/$PAM_FILE.rpmnew + mv %{_sysconfdir}/pam.d/$PAM_FILE.rpmsave %{_sysconfdir}/pam.d/$PAM_FILE fi done -# %{_sysconfdir}/default/su is tagged as noreplace. +# +# If outdated PAM file is detected, issue a warning. +for PAM_FILE in login remote runuser runuser-l su su-l ; do + if test -f %{_sysconfdir}/pam.d/$PAM_FILE.rpmnew ; then + echo "Your %{_sysconfdir}/pam.d/$PAM_FILE is outdated. Please check %{_sysconfdir}/pam.d/$PAM_FILE.rpmnew!" >&2 + fi +done +# +# /etc/default/su is tagged as noreplace. # But we want to migrate variables to /etc/login.defs (bsc#1121197). # Perform one-time config replace. +# Applies for: Update from SLE11, online update for SLE15 SP1, Leap15.1. +# Not needed for /etc/default/runuser. It was first packaged after the change. if ! grep -q "^# /etc/default/su is an override" %{_sysconfdir}/default/su ; then if test -f %{_sysconfdir}/default/su.rpmnew ; then if ! test -f %{_sysconfdir}/default/su.rpmorig ; then @@ -891,6 +901,7 @@ rmdir --ignore-fail-on-non-empty /run/run >/dev/null 2>&1 || : %config(noreplace) %{_sysconfdir}/pam.d/runuser-l %config(noreplace) %{_sysconfdir}/pam.d/su %config(noreplace) %{_sysconfdir}/pam.d/su-l +%config(noreplace) %{_sysconfdir}/default/runuser %config(noreplace) %{_sysconfdir}/default/su %config %dir %{_sysconfdir}/issue.d #UsrMerge @@ -946,6 +957,7 @@ rmdir --ignore-fail-on-non-empty /run/run >/dev/null 2>&1 || : %{_bindir}/findmnt %{_bindir}/flock %{_bindir}/getopt +%{_bindir}/hardlink %{_bindir}/hexdump %{_bindir}/ionice %{_bindir}/ipcmk @@ -1048,6 +1060,7 @@ rmdir --ignore-fail-on-non-empty /run/run >/dev/null 2>&1 || : %{_mandir}/man1/fincore.1.gz %{_mandir}/man1/flock.1.gz %{_mandir}/man1/getopt.1.gz +%{_mandir}/man1/hardlink.1.gz %{_mandir}/man1/hexdump.1.gz %{_mandir}/man1/ipcrm.1.gz %{_mandir}/man1/ipcs.1.gz diff --git a/util-linux.changes b/util-linux.changes index 9f4a426..d36b692 100644 --- a/util-linux.changes +++ b/util-linux.changes @@ -1,3 +1,49 @@ +------------------------------------------------------------------- +Tue Aug 6 03:39:25 UTC 2019 - Stanislav Brabec + +- Issue a warning for outdated pam files + (bsc#1082293, boo#1081947#c68). +- Fix comments and unify look of PAM files (login.pamd, + remote.pamd, runuser-l.pamd, runuser.pamd, su-l.pamd, su.pamd). + +------------------------------------------------------------------- +Wed Jul 31 18:08:29 CEST 2019 - sbrabec@suse.com + +- Update to version 2.34: + * new command hardlink + * rewrite of lsblk, now supports --dedup + * support for FUSE in umount + * support for "--all -o remount" in mount + * su: prefer /etc/default/su over /etc/login.defs and ENV_SUPATH + over ENV_ROOTPATH (bsc#1121197), improved --pty + * unshare: add -S/--setuid, -G/--setgid, -R/--root and -w/--wd + * fstrim: do not suppress warnings unless --quiet is used + * lscpu: print 'Frequency boost' and 'Vulnerability' fields, add + --caches + * logger: merge multiple MESSAGE= lines + * libblkid: do not depend on libuuid, supports DRBD9 detection + * libsmartcols: support N:M relationships in tree-like output + * fstrim and uuidd systemd services: hardening settings to + improve security and service isolation + * fstrim: trim root filesystem on --fstab, check for read-only + filesystems on --all and --fstab (boo#1106214). + * fstrim -A: properly de-duplicate sub-volumes (boo#1127701). + * Obsoletes util-linux-login_defs-priority1.patch, + util-linux-login_defs-priority2.patch and + util-linux-login_defs-SYS_UID.patch. + * Many Other fixes, see + https://www.kernel.org/pub/linux/utils/util-linux/v2.34/v2.34-ReleaseNotes +- Provide and obsolete hardlink package. +- util-linux-login_defs-check.sh: Update checksum, login now + supports LASTLOG_UID_MAX. + +------------------------------------------------------------------- +Mon Jul 22 17:19:22 CEST 2019 - sbrabec@suse.com + +- Fix /etc/default/su comments and create /etc/default/runuser + (bsc#1121197#31). +- Remove /etc/default/su migration from coreutils. + ------------------------------------------------------------------- Mon Jul 1 23:45:55 CEST 2019 - sbrabec@suse.com diff --git a/util-linux.spec b/util-linux.spec index e257654..91b0dda 100644 --- a/util-linux.spec +++ b/util-linux.spec @@ -115,7 +115,7 @@ BuildRequires: libmount-devel %endif %endif #END SECOND STAGE DEPENDENCIES -Version: 2.33.2 +Version: 2.34 Release: 0 # util-linux is a base package and uuidd pre-requiring pwdutils pulls # that into the core build cycle. pwdutils also pulls in the whole @@ -124,7 +124,7 @@ Release: 0 # these tools as well #!BuildIgnore: pwdutils Url: https://www.kernel.org/pub/linux/utils/util-linux/ -Source: https://www.kernel.org/pub/linux/utils/util-linux/v2.33/util-linux-%{version}.tar.xz +Source: https://www.kernel.org/pub/linux/utils/util-linux/v2.34/util-linux-%{version}.tar.xz Source1: util-linux-rpmlintrc Source2: util-linux-login_defs-check.sh Source4: raw.service @@ -135,7 +135,7 @@ Source8: login.pamd Source9: remote.pamd Source10: su.pamd Source11: su.default -Source12: https://www.kernel.org/pub/linux/utils/util-linux/v2.33/util-linux-%{version}.tar.sign +Source12: https://www.kernel.org/pub/linux/utils/util-linux/v2.34/util-linux-%{version}.tar.sign Source13: %{_name}.keyring Source14: runuser.pamd Source15: runuser-l.pamd @@ -145,12 +145,6 @@ Source51: blkid.conf Patch0: make-sure-sbin-resp-usr-sbin-are-in-PATH.diff Patch1: libmount-print-a-blacklist-hint-for-unknown-filesyst.patch Patch2: Add-documentation-on-blacklisted-modules-to-mount-8-.patch -# PATCH-FIX-UPSTREAM util-linux-login_defs-priority1.patch bsc1121197 sbrabec@suse.com -- Fix priorities of login.defs values. -Patch3: util-linux-login_defs-priority1.patch -# PATCH-FIX-UPSTREAM util-linux-login_defs-priority2.patch bsc1121197 sbrabec@suse.com -- Fix priorities of login.defs values. -Patch4: util-linux-login_defs-priority2.patch -# PATCH-FIX-UPSTREAM util-linux-login_defs-SYS_UID.patch bsc1121197 sbrabec@suse.com -- Fix discrepancies in SYS_UID* fallback. -Patch5: util-linux-login_defs-SYS_UID.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build # %if %build_util_linux @@ -170,8 +164,12 @@ Provides: rfkill = 0.5 Obsoletes: eject <= 2.1.0 # File conflict of login (up to 12.1 and SLE11). Obsoletes: login <= 4.0 -# File confluct (man page) of rfkill (up to Leap 15 and SLE 15). +# File conflict (man page) of rfkill (up to Leap 15 and SLE 15). Obsoletes: rfkill <= 0.5 +# util-linux-2.34 integrates hardlink (up to Leap 15.1 and SLE 15.1). +# The last version was 1.0+git.e66999f. +Provides: hardlink = 1.1 +Obsoletes: hardlink < 1.1 # bnc#805684: %ifarch s390x Obsoletes: s390-32 @@ -216,16 +214,16 @@ mount program, the fdisk configuration tool, and more. %package -n libblkid1 Summary: Filesystem detection library -Group: System/Libraries License: LGPL-2.1-or-later +Group: System/Libraries %description -n libblkid1 Library for filesystem detection. %package -n libblkid-devel Summary: Development files for the filesystem detection library -Group: Development/Libraries/C and C++ License: LGPL-2.1-or-later +Group: Development/Libraries/C and C++ Requires: libblkid1 = %{version} %description -n libblkid-devel @@ -234,8 +232,8 @@ detection. %package -n libblkid-devel-static Summary: Development files for the filesystem detection library -Group: Development/Libraries/C and C++ License: LGPL-2.1-or-later +Group: Development/Libraries/C and C++ Requires: libblkid-devel = %{version} %description -n libblkid-devel-static @@ -244,16 +242,16 @@ detection. %package -n libuuid1 Summary: Library to generate UUIDs -Group: System/Libraries License: BSD-3-Clause +Group: System/Libraries %description -n libuuid1 A library to generate universally unique IDs (UUIDs). %package -n libuuid-devel Summary: Development files for libuuid -Group: Development/Libraries/C and C++ License: BSD-3-Clause +Group: Development/Libraries/C and C++ Requires: libuuid1 = %{version} %description -n libuuid-devel @@ -262,8 +260,8 @@ unique IDs (UUIDs). %package -n libuuid-devel-static Summary: Development files for libuuid -Group: Development/Libraries/C and C++ License: BSD-3-Clause +Group: Development/Libraries/C and C++ Requires: libuuid-devel = %{version} %description -n libuuid-devel-static @@ -272,8 +270,8 @@ unique IDs (UUIDs). %package -n libmount1 Summary: Device mount library -Group: System/Libraries License: LGPL-2.1-or-later +Group: System/Libraries %description -n libmount1 Library designed to be used in low-level utils like @@ -281,8 +279,8 @@ mount(8) and /usr/sbin/mount. helpers. %package -n libmount-devel Summary: Development files for libmount -Group: Development/Libraries/C and C++ License: LGPL-2.1-or-later +Group: Development/Libraries/C and C++ Requires: libmount1 = %{version} %description -n libmount-devel @@ -290,8 +288,8 @@ Files to develop applications using the libmount library. %package -n libmount-devel-static Summary: Development files for libmount -Group: Development/Libraries/C and C++ License: LGPL-2.1-or-later +Group: Development/Libraries/C and C++ Requires: libmount-devel = %{version} %description -n libmount-devel-static @@ -299,16 +297,16 @@ Files to develop applications using the libmount library. %package -n libsmartcols1 Summary: Column-based text sort engine -Group: System/Libraries License: LGPL-2.1-or-later +Group: System/Libraries %description -n libsmartcols1 Library to sort human readable column-based text output. %package -n libsmartcols-devel Summary: Development files for libsmartcols -Group: Development/Libraries/C and C++ License: LGPL-2.1-or-later +Group: Development/Libraries/C and C++ Requires: libsmartcols1 = %{version} %description -n libsmartcols-devel @@ -316,8 +314,8 @@ Files to develop applications using the libsmartcols library. %package -n libsmartcols-devel-static Summary: Development files for libsmartcols -Group: Development/Libraries/C and C++ License: LGPL-2.1-or-later +Group: Development/Libraries/C and C++ Requires: libsmartcols-devel = %{version} %description -n libsmartcols-devel-static @@ -325,16 +323,16 @@ Files to develop applications using the libsmartcols library. %package -n libfdisk1 Summary: Filesystem detection library -Group: System/Libraries License: LGPL-2.1-or-later +Group: System/Libraries %description -n libfdisk1 Library for filesystem detection. %package -n libfdisk-devel Summary: Development files for the filesystem detection library -Group: Development/Libraries/C and C++ License: LGPL-2.1-or-later +Group: Development/Libraries/C and C++ Requires: libfdisk1 = %{version} %description -n libfdisk-devel @@ -343,8 +341,8 @@ detection. %package -n libfdisk-devel-static Summary: Development files for the filesystem detection library -Group: Development/Libraries/C and C++ License: LGPL-2.1-or-later +Group: Development/Libraries/C and C++ Requires: libfdisk-devel = %{version} %description -n libfdisk-devel-static @@ -357,6 +355,7 @@ detection. %if %build_util_linux %package systemd Summary: %summary_uls +License: GPL-2.0-or-later Group: %group_uls Supplements: packageand(util-linux:systemd) # Split-provides for upgrade from SLE < 12 and openSUSE <= 13.1 @@ -372,6 +371,7 @@ This package contains low-level util-linux utilities that use systemd. %package -n uuidd Summary: Helper daemon to guarantee uniqueness of time-based UUIDs +License: GPL-2.0-or-later Group: System/Filesystems %if 0%{?suse_version} >= 1330 Requires(pre): group(uuidd) @@ -393,6 +393,7 @@ SMP systems. %if %build_util_linux %package -n python3-libmount Summary: %summary_pl +License: GPL-2.0-or-later Group: %group_pl %description -n python3-libmount @@ -409,15 +410,11 @@ cp -a %{S:2} . %patch0 -p1 %patch1 -p1 %patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 %build %global _lto_cflags %{_lto_cflags} -ffat-lto-objects bash ./util-linux-login_defs-check.sh %if %build_util_linux -# #BEGIN SYSTEMD SAFETY CHECK # With systemd, some utilities are built differently. Keep track of these # sources to prevent building of systemd-less versions. @@ -627,6 +624,8 @@ install -m 644 %{SOURCE15} %{buildroot}%{_sysconfdir}/pam.d/runuser-l install -m 644 %{SOURCE10} %{buildroot}%{_sysconfdir}/pam.d/su install -m 644 %{SOURCE16} %{buildroot}%{_sysconfdir}/pam.d/su-l install -m 644 %{SOURCE11} %{buildroot}%{_sysconfdir}/default/su +sed 's/\bsu\b/runuser/g' <%{SOURCE11} >runuser.default +install -m 644 runuser.default %{buildroot}%{_sysconfdir}/default/runuser %endif # # util-linux install @@ -756,6 +755,7 @@ ln -sf /sbin/service %{buildroot}/usr/sbin/rcfstrim %service_add_post raw.service %set_permissions %{_bindir}/wall %{_bindir}/write %{_bindir}/mount %{_bindir}/umount %set_permissions %{_bindir}/su +# # Safely migrate PAM files from coreutils to util-linux # (openSUSE 12.3->13.1, SLE11->SLE12) # @@ -767,15 +767,25 @@ ln -sf /sbin/service %{buildroot}/usr/sbin/rcfstrim # no changes, we should restore admin modification, and rename the # clean file to .rpmnew, as it would happen if the file was not moved # from one package to another. -for PAM_FILE in default/su pam.d/su pam.d/su-l ; do - if test -f %{_sysconfdir}/$PAM_FILE.rpmsave ; then - mv %{_sysconfdir}/$PAM_FILE %{_sysconfdir}/$PAM_FILE.rpmnew - mv %{_sysconfdir}/$PAM_FILE.rpmsave %{_sysconfdir}/$PAM_FILE +for PAM_FILE in su su-l ; do + if test -f %{_sysconfdir}/pam.d/$PAM_FILE.rpmsave ; then + mv %{_sysconfdir}/pam.d/$PAM_FILE %{_sysconfdir}/pam.d/$PAM_FILE.rpmnew + mv %{_sysconfdir}/pam.d/$PAM_FILE.rpmsave %{_sysconfdir}/pam.d/$PAM_FILE fi done -# %{_sysconfdir}/default/su is tagged as noreplace. +# +# If outdated PAM file is detected, issue a warning. +for PAM_FILE in login remote runuser runuser-l su su-l ; do + if test -f %{_sysconfdir}/pam.d/$PAM_FILE.rpmnew ; then + echo "Your %{_sysconfdir}/pam.d/$PAM_FILE is outdated. Please check %{_sysconfdir}/pam.d/$PAM_FILE.rpmnew!" >&2 + fi +done +# +# /etc/default/su is tagged as noreplace. # But we want to migrate variables to /etc/login.defs (bsc#1121197). # Perform one-time config replace. +# Applies for: Update from SLE11, online update for SLE15 SP1, Leap15.1. +# Not needed for /etc/default/runuser. It was first packaged after the change. if ! grep -q "^# /etc/default/su is an override" %{_sysconfdir}/default/su ; then if test -f %{_sysconfdir}/default/su.rpmnew ; then if ! test -f %{_sysconfdir}/default/su.rpmorig ; then @@ -891,6 +901,7 @@ rmdir --ignore-fail-on-non-empty /run/run >/dev/null 2>&1 || : %config(noreplace) %{_sysconfdir}/pam.d/runuser-l %config(noreplace) %{_sysconfdir}/pam.d/su %config(noreplace) %{_sysconfdir}/pam.d/su-l +%config(noreplace) %{_sysconfdir}/default/runuser %config(noreplace) %{_sysconfdir}/default/su %config %dir %{_sysconfdir}/issue.d #UsrMerge @@ -946,6 +957,7 @@ rmdir --ignore-fail-on-non-empty /run/run >/dev/null 2>&1 || : %{_bindir}/findmnt %{_bindir}/flock %{_bindir}/getopt +%{_bindir}/hardlink %{_bindir}/hexdump %{_bindir}/ionice %{_bindir}/ipcmk @@ -1048,6 +1060,7 @@ rmdir --ignore-fail-on-non-empty /run/run >/dev/null 2>&1 || : %{_mandir}/man1/fincore.1.gz %{_mandir}/man1/flock.1.gz %{_mandir}/man1/getopt.1.gz +%{_mandir}/man1/hardlink.1.gz %{_mandir}/man1/hexdump.1.gz %{_mandir}/man1/ipcrm.1.gz %{_mandir}/man1/ipcs.1.gz