forked from pool/util-linux
Accepting request 700496 from home:sbrabec:branches:util-linux-2.33.1
Depends on https://build.opensuse.org/request/show/700494! - Fix problems in reading of login.defs values (bsc#1121197, util-linux-login_defs-priority1.patch, util-linux-login_defs-priority2.patch, util-linux-login_defs-SYS_UID.patch). - Perform one-time reset of /etc/default/su (bsc#1121197). - Add virtual symbols for login.defs compatibility (bsc#1121197). - Add login.defs safety check util-linux-login_defs-check.sh (bsc#1121197). - Drop bc BuildRequires: not needed. OBS-URL: https://build.opensuse.org/request/show/700496 OBS-URL: https://build.opensuse.org/package/show/Base:System/util-linux?expand=0&rev=398
This commit is contained in:
parent
686870baf8
commit
fed1a56686
@ -1,9 +1,26 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu May 2 23:51:45 CEST 2019 - sbrabec@suse.com
|
||||
|
||||
- Fix problems in reading of login.defs values (bsc#1121197,
|
||||
util-linux-login_defs-priority1.patch,
|
||||
util-linux-login_defs-priority2.patch,
|
||||
util-linux-login_defs-SYS_UID.patch).
|
||||
- Perform one-time reset of /etc/default/su (bsc#1121197).
|
||||
- Add virtual symbols for login.defs compatibility (bsc#1121197).
|
||||
- Add login.defs safety check util-linux-login_defs-check.sh
|
||||
(bsc#1121197).
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Mar 4 15:23:27 CET 2019 - sbrabec@suse.com
|
||||
|
||||
- Integrate pam_keyinit pam module to login
|
||||
(boo#1081947, login.pamd, remote.pamd).
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Mar 4 13:00:08 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>
|
||||
|
||||
- Drop bc BuildRequires: not needed.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Feb 21 10:36:48 UTC 2019 - Martin Wilck <mwilck@suse.com>
|
||||
|
||||
|
@ -75,7 +75,6 @@ Summary: %main_summary
|
||||
License: GPL-2.0-or-later
|
||||
Group: %main_group
|
||||
BuildRequires: audit-devel
|
||||
BuildRequires: bc
|
||||
BuildRequires: binutils-devel
|
||||
BuildRequires: fdupes
|
||||
BuildRequires: gettext-devel
|
||||
@ -127,6 +126,7 @@ Release: 0
|
||||
Url: https://www.kernel.org/pub/linux/utils/util-linux/
|
||||
Source: https://www.kernel.org/pub/linux/utils/util-linux/v2.33/util-linux-%{version}.tar.xz
|
||||
Source1: util-linux-rpmlintrc
|
||||
Source2: util-linux-login_defs-check.sh
|
||||
Source4: raw.service
|
||||
Source5: etc.raw
|
||||
Source6: etc_filesystems
|
||||
@ -145,6 +145,12 @@ Source51: blkid.conf
|
||||
Patch0: make-sure-sbin-resp-usr-sbin-are-in-PATH.diff
|
||||
Patch1: libmount-print-a-blacklist-hint-for-unknown-filesyst.patch
|
||||
Patch2: Add-documentation-on-blacklisted-modules-to-mount-8-.patch
|
||||
# PATCH-FIX-UPSTREAM util-linux-login_defs-priority1.patch bsc1121197 sbrabec@suse.com -- Fix priorities of login.defs values.
|
||||
Patch3: util-linux-login_defs-priority1.patch
|
||||
# PATCH-FIX-UPSTREAM util-linux-login_defs-priority2.patch bsc1121197 sbrabec@suse.com -- Fix priorities of login.defs values.
|
||||
Patch4: util-linux-login_defs-priority2.patch
|
||||
# PATCH-FIX-UPSTREAM util-linux-login_defs-SYS_UID.patch bsc1121197 sbrabec@suse.com -- Fix discrepancies in SYS_UID* fallback.
|
||||
Patch5: util-linux-login_defs-SYS_UID.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
#
|
||||
%if %build_util_linux
|
||||
@ -174,6 +180,10 @@ Provides: s390-32
|
||||
# uuid-runtime appeared in SLE11 SP1 to SLE11 SP3
|
||||
Provides: uuid-runtime = %{version}-%{release}
|
||||
Obsoletes: uuid-runtime <= 2.19.1
|
||||
# All login.defs variables require support from shadow side.
|
||||
# Upgrade this symbol version only if new variables appear!
|
||||
# Verify by shadow-login_defs-check.sh from shadow source package.
|
||||
Requires: login_defs-support-for-util-linux >= 2.33.1
|
||||
#
|
||||
# Using "Requires" here would lend itself to help upgrading, but since
|
||||
# util-linux is in the initial bootstrap, that is not a good thing to do:
|
||||
@ -380,11 +390,16 @@ library.
|
||||
%endif
|
||||
%prep
|
||||
%setup -q -n %{_name}-%{version}
|
||||
cp -a %{S:2} .
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
|
||||
%build
|
||||
bash ./util-linux-login_defs-check.sh
|
||||
%if %build_util_linux
|
||||
#
|
||||
#BEGIN SYSTEMD SAFETY CHECK
|
||||
@ -720,12 +735,6 @@ ln -sf /sbin/service %{buildroot}/usr/sbin/rcfstrim
|
||||
%if %build_util_linux
|
||||
%pre
|
||||
%service_add_pre raw.service
|
||||
# Check whether we are upgrading from < Leap 15 or SLE 15
|
||||
# Check for /sbin/su and not /usr/sbin/su, as it exists in all old versions.
|
||||
# (bsc#353876#c7)
|
||||
if test -e /bin/su && ! ( LANG=C su --help 2>/dev/null) | grep -q -- --pty ; then
|
||||
touch %{_sysconfdir}/default/su.needs_ALWAYS_SET_ROOT 2>/dev/null || :
|
||||
fi
|
||||
|
||||
%post
|
||||
%service_add_post raw.service
|
||||
@ -749,19 +758,19 @@ for PAM_FILE in default/su pam.d/su pam.d/su-l ; do
|
||||
fi
|
||||
done
|
||||
# %{_sysconfdir}/default/su is tagged as noreplace.
|
||||
# But we want to upgrade to a more secure default on upgrade.
|
||||
# Perform one-time change of ALWAYS_SET_ROOT. (bsc#353876#c7)
|
||||
if test -f %{_sysconfdir}/default/su.needs_ALWAYS_SET_ROOT -a -f %{_sysconfdir}/default/su &&
|
||||
grep -q ^ALWAYS_SET_PATH=no %{_sysconfdir}/default/su ; then
|
||||
if ! test -f %{_sysconfdir}/default/su.rpmorig ; then
|
||||
cp -a %{_sysconfdir}/default/su %{_sysconfdir}/default/su.rpmorig
|
||||
# But we want to migrate variables to /etc/login.defs (bsc#1121197).
|
||||
# Perform one-time config replace.
|
||||
if ! grep -q "^# /etc/default/su is an override" %{_sysconfdir}/default/su ; then
|
||||
if test -f %{_sysconfdir}/default/su.rpmnew ; then
|
||||
if ! test -f %{_sysconfdir}/default/su.rpmorig ; then
|
||||
cp -a %{_sysconfdir}/default/su %{_sysconfdir}/default/su.rpmorig
|
||||
fi
|
||||
mv %{_sysconfdir}/default/su.rpmnew %{_sysconfdir}/default/su
|
||||
echo "One time clean-up of %{_sysconfdir}/default/su was performed." >&2
|
||||
echo "Original contents was saved to %{_sysconfdir}/default/su.rpmorig." >&2
|
||||
echo "Please edit %{_sysconfdir}/login.defs or %{_sysconfdir}/default/su to restore your customization." >&2
|
||||
fi
|
||||
sed -i s/^ALWAYS_SET_PATH=no/ALWAYS_SET_PATH=yes/ %{_sysconfdir}/default/su
|
||||
echo "One time change of %{_sysconfdir}/default/su was performed." >&2
|
||||
echo "ALWAYS_SET_PATH was set to more secure value \"yes\"." >&2
|
||||
echo "If it is not intended, you can safely change it back. It will not be changed again." >&2
|
||||
fi
|
||||
rm -f %{_sysconfdir}/default/su.needs_ALWAYS_SET_ROOT
|
||||
|
||||
%preun
|
||||
%service_del_preun raw.service
|
||||
|
20
su.default
20
su.default
@ -1,14 +1,8 @@
|
||||
# Per default, only "su -" will set a new PATH.
|
||||
# If this variable is set to "yes" (default is "no"),
|
||||
# every su call will overwrite the PATH variable.
|
||||
# /etc/default/su is an override for /etc/login.defs for su and runuser
|
||||
# (It is also read as a fallback for login.)
|
||||
#
|
||||
# See /etc/login.defs, su(1) or runuser(1) for more.
|
||||
#
|
||||
# List of su/runuser variables:
|
||||
# ALWAYS_SET_PATH, ENV_PATH, ENV_ROOTPATH, ENV_SUPATH, FAIL_DELAY
|
||||
#
|
||||
# The recommended default is "yes". The default "no" behavior could have
|
||||
# a security implication in applications that use commands without path.
|
||||
ALWAYS_SET_PATH=yes
|
||||
|
||||
# Default path.
|
||||
PATH=/usr/local/bin:/bin:/usr/bin
|
||||
|
||||
# Default path for a user invoking su to root.
|
||||
SUPATH=/usr/sbin:/bin:/usr/bin:/sbin
|
||||
|
||||
|
60
util-linux-login_defs-SYS_UID.patch
Normal file
60
util-linux-login_defs-SYS_UID.patch
Normal file
@ -0,0 +1,60 @@
|
||||
From 0d37969cbe2cb85d9c01f78071528a8a7c789f96 Mon Sep 17 00:00:00 2001
|
||||
From: Stanislav Brabec <sbrabec@suse.cz>
|
||||
Date: Wed, 24 Apr 2019 11:16:53 +0200
|
||||
Subject: [PATCH] lslogins: Fix discrepancies of SYS_UID_MIN
|
||||
|
||||
util-linux does not contain useradd. Its most popular implementation
|
||||
comes from shadow. SYS_UID_MIN is one of common parameters. Its
|
||||
hardcoded fallback value is equal to 101 in shadow useradd (see
|
||||
shadow-4.6/libmisc/find_new_uid.c: get_ranges()), but 201 in
|
||||
login-utils/lslogins.c.
|
||||
|
||||
Let lslogins use the same fallback as useradd from shadow.
|
||||
|
||||
Hopefully most distros define its custom value of SYS_UID_MIN in
|
||||
/etc/login.defs, so this problem is not visible.
|
||||
|
||||
login-utils/lslogins.1 does not mention its default at all. Add a
|
||||
reference and improve text of lslogins(1) to prevent off-by-one
|
||||
interpretation.
|
||||
|
||||
Signed-off-by: Stanislav Brabec <sbrabec@suse.cz>
|
||||
Signed-off-by: Karel Zak <kzak@redhat.com>
|
||||
---
|
||||
login-utils/lslogins.1 | 6 +++---
|
||||
login-utils/lslogins.c | 2 +-
|
||||
2 files changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/login-utils/lslogins.1 b/login-utils/lslogins.1
|
||||
index 5aa14c706..f003ef264 100644
|
||||
--- a/login-utils/lslogins.1
|
||||
+++ b/login-utils/lslogins.1
|
||||
@@ -92,9 +92,9 @@ Display information related to login by password (see also \fB\-afL).
|
||||
Raw output (no columnation).
|
||||
.TP
|
||||
\fB\-s\fR, \fB\-\-system\-accs\fR
|
||||
-Show system accounts. These are by default all accounts with a UID below 1000
|
||||
-(non-inclusive), with the exception of either nobody or nfsnobody (UID 65534).
|
||||
-This hardcoded default maybe overwritten by parameters SYS_UID_MIN and SYS_UID_MAX in
|
||||
+Show system accounts. These are by default all accounts with a UID between 101 and 999
|
||||
+(inclusive), with the exception of either nobody or nfsnobody (UID 65534).
|
||||
+This hardcoded default may be overwritten by parameters SYS_UID_MIN and SYS_UID_MAX in
|
||||
the file /etc/login.defs.
|
||||
.TP
|
||||
\fB\-\-time\-format\fR \fItype\fP
|
||||
diff --git a/login-utils/lslogins.c b/login-utils/lslogins.c
|
||||
index efb20a4f7..3d9c9b97a 100644
|
||||
--- a/login-utils/lslogins.c
|
||||
+++ b/login-utils/lslogins.c
|
||||
@@ -74,7 +74,7 @@ static int lslogins_flag;
|
||||
|
||||
#define UL_UID_MIN 1000
|
||||
#define UL_UID_MAX 60000
|
||||
-#define UL_SYS_UID_MIN 201
|
||||
+#define UL_SYS_UID_MIN 101
|
||||
#define UL_SYS_UID_MAX 999
|
||||
|
||||
/* we use the value of outmode to determine
|
||||
--
|
||||
2.21.0
|
||||
|
58
util-linux-login_defs-check.sh
Normal file
58
util-linux-login_defs-check.sh
Normal file
@ -0,0 +1,58 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Extract list of variables supported by su/runuser.
|
||||
#
|
||||
# If you edit this file, you will probably need to edit
|
||||
# shadow-login_defs-check.sh from shadow sources in a similar way.
|
||||
|
||||
set -o errexit
|
||||
|
||||
echo -n "Checking login.defs variables in util-linux... " >&2
|
||||
(
|
||||
grep -rh getlogindefs . |
|
||||
sed -n 's/^.*getlogindefs[a-z_]*("\([A-Z0-9_]*\)".*$/\1/p'
|
||||
grep -rh logindefs_setenv . |
|
||||
sed -n 's/^.*logindefs_setenv*("[A-Z0-9_]*", "\([A-Z0-9_]*\)".*$/\1/p'
|
||||
) | LC_ALL=C sort -u >util-linux-login_defs-vars.lst
|
||||
|
||||
if test $(sha1sum util-linux-login_defs-vars.lst | sed 's/ .*$//') != a9c56a10a4b5a0afb63c9208b8ca0cb1b46a8429 ; then
|
||||
|
||||
echo "does not match!" >&2
|
||||
echo "Checksum is: $(sha1sum util-linux-login_defs-vars.lst | sed 's/ .*$//')" >&2
|
||||
|
||||
cat >&2 <<EOF
|
||||
|
||||
You have to perform following steps:
|
||||
|
||||
Check whether the error is false positive (script failed to extract
|
||||
variables) or true positive (variable list changed).
|
||||
|
||||
If it is false positive:
|
||||
- Fix this script.
|
||||
- The same fix is needed in shadow package in shadow-login_defs-check.sh.
|
||||
|
||||
If it is true positive:
|
||||
- Check-out shadow package and call shadow-login_defs-check.sh.
|
||||
- Compare its output shadow-login_defs-check-util-linux.lst with
|
||||
util-linux-login_defs-vars.lst in the util-linux build directory.
|
||||
- Update shadow shadow-login_defs-util-linux.patch, if needed.
|
||||
- If shadow-login_defs-util-linux.patch was updated, update
|
||||
login_defs-support-for-util-linux symbol version in both shadow and
|
||||
util-linux spec files accordingly.
|
||||
- Update checksum in this script.
|
||||
- Possibly update su.default with these new list of su/runuser specific
|
||||
variables:
|
||||
EOF
|
||||
echo -n " " >&2
|
||||
(
|
||||
grep -rh getlogindefs login-utils/su-common.c |
|
||||
sed -n 's/^.*getlogindefs[a-z_]*("\([A-Z0-9_]*\)".*$/\1/p'
|
||||
grep -rh logindefs_setenv login-utils/su-common.c |
|
||||
sed -n 's/^.*logindefs_setenv*("[A-Z0-9_]*", "\([A-Z0-9_]*\)".*$/\1/p'
|
||||
) | LC_ALL=C sort -u | tr '\n' ' ' | sed 's/ /, /g;s/, $//' >&2
|
||||
echo -e '\n' >&2
|
||||
|
||||
exit 1
|
||||
else
|
||||
echo "OK" >&2
|
||||
fi
|
39
util-linux-login_defs-priority1.patch
Normal file
39
util-linux-login_defs-priority1.patch
Normal file
@ -0,0 +1,39 @@
|
||||
From 15a191f6d30dfe202a080a3d90968b63d695a29f Mon Sep 17 00:00:00 2001
|
||||
From: Stanislav Brabec <sbrabec@suse.cz>
|
||||
Date: Thu, 10 Jan 2019 01:28:53 +0100
|
||||
Subject: [PATCH 1/2] su-common.c: prefer /etc/default/su over login.defs
|
||||
|
||||
su(1) documentation says:
|
||||
/etc/default/su command specific logindef config file
|
||||
/etc/login.defs global logindef config file
|
||||
|
||||
It indirectly indicates that /etc/default/su should take precedence
|
||||
over /etc/login.defs.
|
||||
|
||||
But the reverse is true. It is not possible to define ENV_PATH in
|
||||
/etc/login.defs and then make su specific customization in
|
||||
/etc/default/su. We need to change read order to match the documented
|
||||
behavior.
|
||||
|
||||
Signed-off-by: Stanislav Brabec <sbrabec@suse.cz>
|
||||
---
|
||||
login-utils/su-common.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/login-utils/su-common.c b/login-utils/su-common.c
|
||||
index e0604e246..19074247c 100644
|
||||
--- a/login-utils/su-common.c
|
||||
+++ b/login-utils/su-common.c
|
||||
@@ -1229,8 +1229,8 @@ static void load_config(void *data)
|
||||
struct su_context *su = (struct su_context *) data;
|
||||
|
||||
DBG(MISC, ul_debug("loading logindefs"));
|
||||
- logindefs_load_file(su->runuser ? _PATH_LOGINDEFS_RUNUSER : _PATH_LOGINDEFS_SU);
|
||||
logindefs_load_file(_PATH_LOGINDEFS);
|
||||
+ logindefs_load_file(su->runuser ? _PATH_LOGINDEFS_RUNUSER : _PATH_LOGINDEFS_SU);
|
||||
}
|
||||
|
||||
/*
|
||||
--
|
||||
2.20.1
|
||||
|
74
util-linux-login_defs-priority2.patch
Normal file
74
util-linux-login_defs-priority2.patch
Normal file
@ -0,0 +1,74 @@
|
||||
From 86f42e5a2a9d8a483ad0ca85fdf090172fb4d385 Mon Sep 17 00:00:00 2001
|
||||
From: Stanislav Brabec <sbrabec@suse.cz>
|
||||
Date: Thu, 10 Jan 2019 01:28:54 +0100
|
||||
Subject: [PATCH 2/2] su-common.c: prefer ENV_SUPATH over ENV_ROOTPATH
|
||||
|
||||
ENV_SUPATH and ENV_ROOTPATH are equivalent and ENV_ROOTPATH takes
|
||||
precedence in both login and su. It makes no sense. More logical would be
|
||||
precedence of ENV_SUPATH in su and ENV_ROOTPATH in login.
|
||||
|
||||
Signed-off-by: Stanislav Brabec <sbrabec@suse.cz>
|
||||
---
|
||||
login-utils/login.1 | 2 +-
|
||||
login-utils/runuser.1 | 2 +-
|
||||
login-utils/su-common.c | 4 ++--
|
||||
login-utils/su.1 | 2 +-
|
||||
4 files changed, 5 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/login-utils/login.1 b/login-utils/login.1
|
||||
index cb8addec3..b73eae147 100644
|
||||
--- a/login-utils/login.1
|
||||
+++ b/login-utils/login.1
|
||||
@@ -282,7 +282,7 @@ a regular user logs in. The default value is
|
||||
(string)
|
||||
.RS 4
|
||||
If set, it will be used to define the PATH environment variable when
|
||||
-the superuser logs in. The default value is
|
||||
+the superuser logs in. ENV_ROOTPATH takes precedence. The default value is
|
||||
.I /usr\:/local\:/sbin:\:/usr\:/local\:/bin:\:/sbin:\:/bin:\:/usr\:/sbin:\:/usr\:/bin
|
||||
.RE
|
||||
.SH FILES
|
||||
diff --git a/login-utils/runuser.1 b/login-utils/runuser.1
|
||||
index bf0d02471..221672200 100644
|
||||
--- a/login-utils/runuser.1
|
||||
+++ b/login-utils/runuser.1
|
||||
@@ -183,7 +183,7 @@ default value is
|
||||
.B ENV_SUPATH
|
||||
(string)
|
||||
.RS 4
|
||||
-Defines the PATH environment variable for root. The default value is
|
||||
+Defines the PATH environment variable for root. ENV_SUPATH takes precedence. The default value is
|
||||
.IR /usr/local/sbin:\:/usr/local/bin:\:/sbin:\:/bin:\:/usr/sbin:\:/usr/bin .
|
||||
.RE
|
||||
.PP
|
||||
diff --git a/login-utils/su-common.c b/login-utils/su-common.c
|
||||
index 19074247c..0e44eb87c 100644
|
||||
--- a/login-utils/su-common.c
|
||||
+++ b/login-utils/su-common.c
|
||||
@@ -989,8 +989,8 @@ static void setenv_path(const struct passwd *pw)
|
||||
if (pw->pw_uid)
|
||||
rc = logindefs_setenv("PATH", "ENV_PATH", _PATH_DEFPATH);
|
||||
|
||||
- else if ((rc = logindefs_setenv("PATH", "ENV_ROOTPATH", NULL)) != 0)
|
||||
- rc = logindefs_setenv("PATH", "ENV_SUPATH", _PATH_DEFPATH_ROOT);
|
||||
+ else if ((rc = logindefs_setenv("PATH", "ENV_SUPATH", NULL)) != 0)
|
||||
+ rc = logindefs_setenv("PATH", "ENV_ROOTPATH", _PATH_DEFPATH_ROOT);
|
||||
|
||||
if (rc)
|
||||
err(EXIT_FAILURE, _("failed to set the PATH environment variable"));
|
||||
diff --git a/login-utils/su.1 b/login-utils/su.1
|
||||
index d6a064fd2..5ae6d6b2d 100644
|
||||
--- a/login-utils/su.1
|
||||
+++ b/login-utils/su.1
|
||||
@@ -209,7 +209,7 @@ default value is
|
||||
.B ENV_SUPATH
|
||||
(string)
|
||||
.RS 4
|
||||
-Defines the PATH environment variable for root. The default value is
|
||||
+Defines the PATH environment variable for root. ENV_SUPATH takes precedence. The default value is
|
||||
.IR /usr/local/sbin:\:/usr/local/bin:\:/sbin:\:/bin:\:/usr/sbin:\:/usr/bin .
|
||||
.RE
|
||||
.PP
|
||||
--
|
||||
2.20.1
|
||||
|
@ -1,9 +1,26 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu May 2 23:51:45 CEST 2019 - sbrabec@suse.com
|
||||
|
||||
- Fix problems in reading of login.defs values (bsc#1121197,
|
||||
util-linux-login_defs-priority1.patch,
|
||||
util-linux-login_defs-priority2.patch,
|
||||
util-linux-login_defs-SYS_UID.patch).
|
||||
- Perform one-time reset of /etc/default/su (bsc#1121197).
|
||||
- Add virtual symbols for login.defs compatibility (bsc#1121197).
|
||||
- Add login.defs safety check util-linux-login_defs-check.sh
|
||||
(bsc#1121197).
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Mar 4 15:23:27 CET 2019 - sbrabec@suse.com
|
||||
|
||||
- Integrate pam_keyinit pam module to login
|
||||
(boo#1081947, login.pamd, remote.pamd).
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Mar 4 13:00:08 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>
|
||||
|
||||
- Drop bc BuildRequires: not needed.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Feb 21 10:36:48 UTC 2019 - Martin Wilck <mwilck@suse.com>
|
||||
|
||||
|
@ -75,7 +75,6 @@ Summary: %main_summary
|
||||
License: GPL-2.0-or-later
|
||||
Group: %main_group
|
||||
BuildRequires: audit-devel
|
||||
BuildRequires: bc
|
||||
BuildRequires: binutils-devel
|
||||
BuildRequires: fdupes
|
||||
BuildRequires: gettext-devel
|
||||
@ -127,6 +126,7 @@ Release: 0
|
||||
Url: https://www.kernel.org/pub/linux/utils/util-linux/
|
||||
Source: https://www.kernel.org/pub/linux/utils/util-linux/v2.33/util-linux-%{version}.tar.xz
|
||||
Source1: util-linux-rpmlintrc
|
||||
Source2: util-linux-login_defs-check.sh
|
||||
Source4: raw.service
|
||||
Source5: etc.raw
|
||||
Source6: etc_filesystems
|
||||
@ -145,6 +145,12 @@ Source51: blkid.conf
|
||||
Patch0: make-sure-sbin-resp-usr-sbin-are-in-PATH.diff
|
||||
Patch1: libmount-print-a-blacklist-hint-for-unknown-filesyst.patch
|
||||
Patch2: Add-documentation-on-blacklisted-modules-to-mount-8-.patch
|
||||
# PATCH-FIX-UPSTREAM util-linux-login_defs-priority1.patch bsc1121197 sbrabec@suse.com -- Fix priorities of login.defs values.
|
||||
Patch3: util-linux-login_defs-priority1.patch
|
||||
# PATCH-FIX-UPSTREAM util-linux-login_defs-priority2.patch bsc1121197 sbrabec@suse.com -- Fix priorities of login.defs values.
|
||||
Patch4: util-linux-login_defs-priority2.patch
|
||||
# PATCH-FIX-UPSTREAM util-linux-login_defs-SYS_UID.patch bsc1121197 sbrabec@suse.com -- Fix discrepancies in SYS_UID* fallback.
|
||||
Patch5: util-linux-login_defs-SYS_UID.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
#
|
||||
%if %build_util_linux
|
||||
@ -174,6 +180,10 @@ Provides: s390-32
|
||||
# uuid-runtime appeared in SLE11 SP1 to SLE11 SP3
|
||||
Provides: uuid-runtime = %{version}-%{release}
|
||||
Obsoletes: uuid-runtime <= 2.19.1
|
||||
# All login.defs variables require support from shadow side.
|
||||
# Upgrade this symbol version only if new variables appear!
|
||||
# Verify by shadow-login_defs-check.sh from shadow source package.
|
||||
Requires: login_defs-support-for-util-linux >= 2.33.1
|
||||
#
|
||||
# Using "Requires" here would lend itself to help upgrading, but since
|
||||
# util-linux is in the initial bootstrap, that is not a good thing to do:
|
||||
@ -380,11 +390,16 @@ library.
|
||||
%endif
|
||||
%prep
|
||||
%setup -q -n %{_name}-%{version}
|
||||
cp -a %{S:2} .
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
|
||||
%build
|
||||
bash ./util-linux-login_defs-check.sh
|
||||
%if %build_util_linux
|
||||
#
|
||||
#BEGIN SYSTEMD SAFETY CHECK
|
||||
@ -720,12 +735,6 @@ ln -sf /sbin/service %{buildroot}/usr/sbin/rcfstrim
|
||||
%if %build_util_linux
|
||||
%pre
|
||||
%service_add_pre raw.service
|
||||
# Check whether we are upgrading from < Leap 15 or SLE 15
|
||||
# Check for /sbin/su and not /usr/sbin/su, as it exists in all old versions.
|
||||
# (bsc#353876#c7)
|
||||
if test -e /bin/su && ! ( LANG=C su --help 2>/dev/null) | grep -q -- --pty ; then
|
||||
touch %{_sysconfdir}/default/su.needs_ALWAYS_SET_ROOT 2>/dev/null || :
|
||||
fi
|
||||
|
||||
%post
|
||||
%service_add_post raw.service
|
||||
@ -749,19 +758,19 @@ for PAM_FILE in default/su pam.d/su pam.d/su-l ; do
|
||||
fi
|
||||
done
|
||||
# %{_sysconfdir}/default/su is tagged as noreplace.
|
||||
# But we want to upgrade to a more secure default on upgrade.
|
||||
# Perform one-time change of ALWAYS_SET_ROOT. (bsc#353876#c7)
|
||||
if test -f %{_sysconfdir}/default/su.needs_ALWAYS_SET_ROOT -a -f %{_sysconfdir}/default/su &&
|
||||
grep -q ^ALWAYS_SET_PATH=no %{_sysconfdir}/default/su ; then
|
||||
if ! test -f %{_sysconfdir}/default/su.rpmorig ; then
|
||||
cp -a %{_sysconfdir}/default/su %{_sysconfdir}/default/su.rpmorig
|
||||
# But we want to migrate variables to /etc/login.defs (bsc#1121197).
|
||||
# Perform one-time config replace.
|
||||
if ! grep -q "^# /etc/default/su is an override" %{_sysconfdir}/default/su ; then
|
||||
if test -f %{_sysconfdir}/default/su.rpmnew ; then
|
||||
if ! test -f %{_sysconfdir}/default/su.rpmorig ; then
|
||||
cp -a %{_sysconfdir}/default/su %{_sysconfdir}/default/su.rpmorig
|
||||
fi
|
||||
mv %{_sysconfdir}/default/su.rpmnew %{_sysconfdir}/default/su
|
||||
echo "One time clean-up of %{_sysconfdir}/default/su was performed." >&2
|
||||
echo "Original contents was saved to %{_sysconfdir}/default/su.rpmorig." >&2
|
||||
echo "Please edit %{_sysconfdir}/login.defs or %{_sysconfdir}/default/su to restore your customization." >&2
|
||||
fi
|
||||
sed -i s/^ALWAYS_SET_PATH=no/ALWAYS_SET_PATH=yes/ %{_sysconfdir}/default/su
|
||||
echo "One time change of %{_sysconfdir}/default/su was performed." >&2
|
||||
echo "ALWAYS_SET_PATH was set to more secure value \"yes\"." >&2
|
||||
echo "If it is not intended, you can safely change it back. It will not be changed again." >&2
|
||||
fi
|
||||
rm -f %{_sysconfdir}/default/su.needs_ALWAYS_SET_ROOT
|
||||
|
||||
%preun
|
||||
%service_del_preun raw.service
|
||||
|
@ -1,3 +1,15 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu May 2 23:51:45 CEST 2019 - sbrabec@suse.com
|
||||
|
||||
- Fix problems in reading of login.defs values (bsc#1121197,
|
||||
util-linux-login_defs-priority1.patch,
|
||||
util-linux-login_defs-priority2.patch,
|
||||
util-linux-login_defs-SYS_UID.patch).
|
||||
- Perform one-time reset of /etc/default/su (bsc#1121197).
|
||||
- Add virtual symbols for login.defs compatibility (bsc#1121197).
|
||||
- Add login.defs safety check util-linux-login_defs-check.sh
|
||||
(bsc#1121197).
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Mar 4 15:23:27 CET 2019 - sbrabec@suse.com
|
||||
|
||||
|
@ -126,6 +126,7 @@ Release: 0
|
||||
Url: https://www.kernel.org/pub/linux/utils/util-linux/
|
||||
Source: https://www.kernel.org/pub/linux/utils/util-linux/v2.33/util-linux-%{version}.tar.xz
|
||||
Source1: util-linux-rpmlintrc
|
||||
Source2: util-linux-login_defs-check.sh
|
||||
Source4: raw.service
|
||||
Source5: etc.raw
|
||||
Source6: etc_filesystems
|
||||
@ -144,6 +145,12 @@ Source51: blkid.conf
|
||||
Patch0: make-sure-sbin-resp-usr-sbin-are-in-PATH.diff
|
||||
Patch1: libmount-print-a-blacklist-hint-for-unknown-filesyst.patch
|
||||
Patch2: Add-documentation-on-blacklisted-modules-to-mount-8-.patch
|
||||
# PATCH-FIX-UPSTREAM util-linux-login_defs-priority1.patch bsc1121197 sbrabec@suse.com -- Fix priorities of login.defs values.
|
||||
Patch3: util-linux-login_defs-priority1.patch
|
||||
# PATCH-FIX-UPSTREAM util-linux-login_defs-priority2.patch bsc1121197 sbrabec@suse.com -- Fix priorities of login.defs values.
|
||||
Patch4: util-linux-login_defs-priority2.patch
|
||||
# PATCH-FIX-UPSTREAM util-linux-login_defs-SYS_UID.patch bsc1121197 sbrabec@suse.com -- Fix discrepancies in SYS_UID* fallback.
|
||||
Patch5: util-linux-login_defs-SYS_UID.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
#
|
||||
%if %build_util_linux
|
||||
@ -173,6 +180,10 @@ Provides: s390-32
|
||||
# uuid-runtime appeared in SLE11 SP1 to SLE11 SP3
|
||||
Provides: uuid-runtime = %{version}-%{release}
|
||||
Obsoletes: uuid-runtime <= 2.19.1
|
||||
# All login.defs variables require support from shadow side.
|
||||
# Upgrade this symbol version only if new variables appear!
|
||||
# Verify by shadow-login_defs-check.sh from shadow source package.
|
||||
Requires: login_defs-support-for-util-linux >= 2.33.1
|
||||
#
|
||||
# Using "Requires" here would lend itself to help upgrading, but since
|
||||
# util-linux is in the initial bootstrap, that is not a good thing to do:
|
||||
@ -379,11 +390,16 @@ library.
|
||||
%endif
|
||||
%prep
|
||||
%setup -q -n %{_name}-%{version}
|
||||
cp -a %{S:2} .
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
|
||||
%build
|
||||
bash ./util-linux-login_defs-check.sh
|
||||
%if %build_util_linux
|
||||
#
|
||||
#BEGIN SYSTEMD SAFETY CHECK
|
||||
@ -719,12 +735,6 @@ ln -sf /sbin/service %{buildroot}/usr/sbin/rcfstrim
|
||||
%if %build_util_linux
|
||||
%pre
|
||||
%service_add_pre raw.service
|
||||
# Check whether we are upgrading from < Leap 15 or SLE 15
|
||||
# Check for /sbin/su and not /usr/sbin/su, as it exists in all old versions.
|
||||
# (bsc#353876#c7)
|
||||
if test -e /bin/su && ! ( LANG=C su --help 2>/dev/null) | grep -q -- --pty ; then
|
||||
touch %{_sysconfdir}/default/su.needs_ALWAYS_SET_ROOT 2>/dev/null || :
|
||||
fi
|
||||
|
||||
%post
|
||||
%service_add_post raw.service
|
||||
@ -748,19 +758,19 @@ for PAM_FILE in default/su pam.d/su pam.d/su-l ; do
|
||||
fi
|
||||
done
|
||||
# %{_sysconfdir}/default/su is tagged as noreplace.
|
||||
# But we want to upgrade to a more secure default on upgrade.
|
||||
# Perform one-time change of ALWAYS_SET_ROOT. (bsc#353876#c7)
|
||||
if test -f %{_sysconfdir}/default/su.needs_ALWAYS_SET_ROOT -a -f %{_sysconfdir}/default/su &&
|
||||
grep -q ^ALWAYS_SET_PATH=no %{_sysconfdir}/default/su ; then
|
||||
if ! test -f %{_sysconfdir}/default/su.rpmorig ; then
|
||||
cp -a %{_sysconfdir}/default/su %{_sysconfdir}/default/su.rpmorig
|
||||
# But we want to migrate variables to /etc/login.defs (bsc#1121197).
|
||||
# Perform one-time config replace.
|
||||
if ! grep -q "^# /etc/default/su is an override" %{_sysconfdir}/default/su ; then
|
||||
if test -f %{_sysconfdir}/default/su.rpmnew ; then
|
||||
if ! test -f %{_sysconfdir}/default/su.rpmorig ; then
|
||||
cp -a %{_sysconfdir}/default/su %{_sysconfdir}/default/su.rpmorig
|
||||
fi
|
||||
mv %{_sysconfdir}/default/su.rpmnew %{_sysconfdir}/default/su
|
||||
echo "One time clean-up of %{_sysconfdir}/default/su was performed." >&2
|
||||
echo "Original contents was saved to %{_sysconfdir}/default/su.rpmorig." >&2
|
||||
echo "Please edit %{_sysconfdir}/login.defs or %{_sysconfdir}/default/su to restore your customization." >&2
|
||||
fi
|
||||
sed -i s/^ALWAYS_SET_PATH=no/ALWAYS_SET_PATH=yes/ %{_sysconfdir}/default/su
|
||||
echo "One time change of %{_sysconfdir}/default/su was performed." >&2
|
||||
echo "ALWAYS_SET_PATH was set to more secure value \"yes\"." >&2
|
||||
echo "If it is not intended, you can safely change it back. It will not be changed again." >&2
|
||||
fi
|
||||
rm -f %{_sysconfdir}/default/su.needs_ALWAYS_SET_ROOT
|
||||
|
||||
%preun
|
||||
%service_del_preun raw.service
|
||||
|
Loading…
Reference in New Issue
Block a user