From c476a4d36295b5ea870be37cde2b48a3bb8e525c Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Nov 08 2022 06:58:38 +0000
Subject: import shadow-utils-4.6-17.el8


---

diff --git a/SOURCES/shadow-4.9-subordinateio-compare-owner-ID.patch b/SOURCES/shadow-4.9-subordinateio-compare-owner-ID.patch
new file mode 100644
index 0000000..19ab7ec
--- /dev/null
+++ b/SOURCES/shadow-4.9-subordinateio-compare-owner-ID.patch
@@ -0,0 +1,108 @@
+From 3ec32f9975f262073f8fbdecd2bfaee4a1d3db48 Mon Sep 17 00:00:00 2001
+From: Iker Pedrosa <ipedrosa@redhat.com>
+Date: Wed, 13 Jul 2022 09:55:14 +0200
+Subject: [PATCH] subordinateio: also compare the owner ID
+
+IDs already populate /etc/subuid and /etc/subgid files so it's necessary
+not only to check for the owner name but also for the owner ID of a
+given range.
+
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2093311
+
+Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
+---
+ lib/subordinateio.c | 50 +++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 50 insertions(+)
+
+diff --git a/lib/subordinateio.c b/lib/subordinateio.c
+index 9ca70b8b..6bc45283 100644
+--- a/lib/subordinateio.c
++++ b/lib/subordinateio.c
+@@ -17,6 +17,8 @@
+ #include <ctype.h>
+ #include <fcntl.h>
+ 
++#define ID_SIZE 31
++
+ /*
+  * subordinate_dup: create a duplicate range
+  *
+@@ -745,6 +747,40 @@ gid_t sub_gid_find_free_range(gid_t min, gid_t max, unsigned long count)
+ 	return start == ULONG_MAX ? (gid_t) -1 : start;
+ }
+ 
++static bool get_owner_id(const char *owner, enum subid_type id_type, char *id)
++{
++	struct passwd *pw;
++	struct group *gr;
++	int ret = 0;
++
++	switch (id_type) {
++	case ID_TYPE_UID:
++		pw = getpwnam(owner);
++		if (pw == NULL) {
++			return false;
++		}
++		ret = snprintf(id, ID_SIZE, "%u", pw->pw_uid);
++		if (ret < 0 || ret >= ID_SIZE) {
++			return false;
++		}
++		break;
++	case ID_TYPE_GID:
++		gr = getgrnam(owner);
++		if (gr == NULL) {
++			return false;
++		}
++		ret = snprintf(id, ID_SIZE, "%u", gr->gr_gid);
++		if (ret < 0 || ret >= ID_SIZE) {
++			return false;
++		}
++		break;
++	default:
++		return false;
++	}
++
++	return true;
++}
++
+ /*
+  * int list_owner_ranges(const char *owner, enum subid_type id_type, struct subordinate_range ***ranges)
+  *
+@@ -770,6 +806,8 @@ int list_owner_ranges(const char *owner, enum subid_type id_type, struct subid_r
+ 	enum subid_status status;
+ 	int count = 0;
+ 	struct subid_nss_ops *h;
++	char id[ID_SIZE];
++	bool have_owner_id;
+ 
+ 	*in_ranges = NULL;
+ 
+@@ -798,6 +836,8 @@ int list_owner_ranges(const char *owner, enum subid_type id_type, struct subid_r
+ 		return -1;
+ 	}
+ 
++	have_owner_id = get_owner_id(owner, id_type, id);
++
+ 	commonio_rewind(db);
+ 	while ((range = commonio_next(db)) != NULL) {
+ 		if (0 == strcmp(range->owner, owner)) {
+@@ -808,6 +848,16 @@ int list_owner_ranges(const char *owner, enum subid_type id_type, struct subid_r
+ 				goto out;
+ 			}
+ 		}
++
++		// Let's also compare with the ID
++		if (have_owner_id == true && 0 == strcmp(range->owner, id)) {
++			if (!append_range(&ranges, range, count++)) {
++				free(ranges);
++				ranges = NULL;
++				count = -1;
++				goto out;
++			}
++		}
+ 	}
+ 
+ out:
+-- 
+2.36.1
+
diff --git a/SPECS/shadow-utils.spec b/SPECS/shadow-utils.spec
index 8426b53..566ab17 100644
--- a/SPECS/shadow-utils.spec
+++ b/SPECS/shadow-utils.spec
@@ -1,11 +1,11 @@
 Summary: Utilities for managing accounts and shadow password files
 Name: shadow-utils
 Version: 4.6
-Release: 16%{?dist}
+Release: 17%{?dist}
 Epoch: 2
 URL: http://pkg-shadow.alioth.debian.org/
-Source0: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz
-Source1: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz.asc
+Source0: https://github.com/shadow-maint/shadow/releases/download/v%{version}/shadow-%{version}.tar.xz
+Source1: https://github.com/shadow-maint/shadow/releases/download/v%{version}/shadow-%{version}.tar.xz.asc
 Source2: shadow-utils.useradd
 Source3: shadow-utils.login.defs
 Source4: shadow-bsd.txt
@@ -92,6 +92,8 @@ Patch61: shadow-4.6-respect_enable_static_no.patch
 Patch62: shadow-4.6-getsubids.patch
 # https://github.com/shadow-maint/shadow/commit/a757b458ffb4fb9a40bcbb4f7869449431c67f83
 Patch63: shadow-4.6-groupdel-fix-sigsegv-when-passwd-does-not-exist.patch
+# https://github.com/shadow-maint/shadow/commit/3ec32f9975f262073f8fbdecd2bfaee4a1d3db48
+Patch64: shadow-4.9-subordinateio-compare-owner-ID.patch
 
 License: BSD and GPLv2+
 Group: System Environment/Base
@@ -135,6 +137,7 @@ Utility library that provides a way to manage subid ranges.
 %package subid-devel
 Summary: Development package for shadow-utils-subid
 License: BSD and GPLv2+
+Requires: shadow-utils-subid = %{epoch}:%{version}-%{release}
 
 %description subid-devel
 Development files for shadow-utils-subid.
@@ -190,6 +193,7 @@ Development files for shadow-utils-subid.
 %patch61 -p1 -b .respect_enable_static_no
 %patch62 -p1 -b .getsubids
 %patch63 -p1 -b .groupdel-fix-sigsegv-when-passwd-does-not-exist
+%patch64 -p1 -b .subordinateio-compare-owner-ID
 
 iconv -f ISO88591 -t utf-8  doc/HOWTO > doc/HOWTO.utf8
 cp -f doc/HOWTO.utf8 doc/HOWTO
@@ -360,6 +364,11 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.la
 %{_libdir}/libsubid.so
 
 %changelog
+* Thu Jul 21 2022 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.6-17
+- subordinateio: also compare the owner ID. Resolves: #2093311
+- Fix release sources
+- Add subid requirement for subid-devel
+
 * Thu Dec  9 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.6-16
 - getsubids: provide system binary and man page. Resolves: #2013016
 - groupdel: fix SIGSEGV when passwd does not exist. Resolves: #1986782