diff --git a/SOURCES/shadow-4.1.5.1-date-parsing.patch b/SOURCES/shadow-4.1.5.1-date-parsing.patch new file mode 100644 index 0000000..38ec091 --- /dev/null +++ b/SOURCES/shadow-4.1.5.1-date-parsing.patch @@ -0,0 +1,138 @@ +diff -up shadow-4.1.5.1/libmisc/getdate.c.date-parsing shadow-4.1.5.1/libmisc/getdate.c +--- shadow-4.1.5.1/libmisc/getdate.c.date-parsing 2008-06-14 00:07:51.000000000 +0200 ++++ shadow-4.1.5.1/libmisc/getdate.c 2014-08-29 13:41:22.553267506 +0200 +@@ -261,6 +261,7 @@ static int yyHaveDay; + static int yyHaveRel; + static int yyHaveTime; + static int yyHaveZone; ++static int yyHaveYear; + static int yyTimezone; + static int yyDay; + static int yyHour; +@@ -1730,6 +1731,7 @@ yyreduce: + yyDay = (yyvsp[(3) - (5)].Number); + yyYear = (yyvsp[(5) - (5)].Number); + } ++ yyHaveYear++; + } + break; + +@@ -1740,6 +1742,7 @@ yyreduce: + yyYear = (yyvsp[(1) - (3)].Number); + yyMonth = -(yyvsp[(2) - (3)].Number); + yyDay = -(yyvsp[(3) - (3)].Number); ++ yyHaveYear++; + } + break; + +@@ -1750,6 +1753,7 @@ yyreduce: + yyDay = (yyvsp[(1) - (3)].Number); + yyMonth = (yyvsp[(2) - (3)].Number); + yyYear = -(yyvsp[(3) - (3)].Number); ++ yyHaveYear++; + } + break; + +@@ -1767,6 +1771,7 @@ yyreduce: + yyMonth = (yyvsp[(1) - (4)].Number); + yyDay = (yyvsp[(2) - (4)].Number); + yyYear = (yyvsp[(4) - (4)].Number); ++ yyHaveYear++; + } + break; + +@@ -1784,6 +1789,7 @@ yyreduce: + yyMonth = (yyvsp[(2) - (3)].Number); + yyDay = (yyvsp[(1) - (3)].Number); + yyYear = (yyvsp[(3) - (3)].Number); ++ yyHaveYear++; + } + break; + +@@ -1928,7 +1934,8 @@ yyreduce: + case 49: + #line 397 "getdate.y" + { +- if ((yyHaveTime != 0) && (yyHaveDate != 0) && (yyHaveRel == 0)) ++ if ((yyHaveTime != 0 || (yyvsp[(1) - (1)].Number) >= 100) && !yyHaveYear ++ && (yyHaveDate != 0) && (yyHaveRel == 0)) + yyYear = (yyvsp[(1) - (1)].Number); + else + { +@@ -2556,7 +2563,7 @@ yylex (void) + return LookupWord (buff); + } + if (c != '(') +- return *yyInput++; ++ return (unsigned char)*yyInput++; + Count = 0; + do + { +diff -up shadow-4.1.5.1/libmisc/getdate.y.date-parsing shadow-4.1.5.1/libmisc/getdate.y +--- shadow-4.1.5.1/libmisc/getdate.y.date-parsing 2008-05-26 10:57:51.000000000 +0200 ++++ shadow-4.1.5.1/libmisc/getdate.y 2014-08-29 13:40:37.502229879 +0200 +@@ -152,6 +152,7 @@ static int yyHaveDay; + static int yyHaveRel; + static int yyHaveTime; + static int yyHaveZone; ++static int yyHaveYear; + static int yyTimezone; + static int yyDay; + static int yyHour; +@@ -293,18 +294,21 @@ date : tUNUMBER '/' tUNUMBER { + yyDay = $3; + yyYear = $5; + } ++ yyHaveYear++; + } + | tUNUMBER tSNUMBER tSNUMBER { + /* ISO 8601 format. yyyy-mm-dd. */ + yyYear = $1; + yyMonth = -$2; + yyDay = -$3; ++ yyHaveYear++; + } + | tUNUMBER tMONTH tSNUMBER { + /* e.g. 17-JUN-1992. */ + yyDay = $1; + yyMonth = $2; + yyYear = -$3; ++ yyHaveYear++; + } + | tMONTH tUNUMBER { + yyMonth = $1; +@@ -314,6 +318,7 @@ date : tUNUMBER '/' tUNUMBER { + yyMonth = $1; + yyDay = $2; + yyYear = $4; ++ yyHaveYear++; + } + | tUNUMBER tMONTH { + yyMonth = $2; +@@ -323,6 +328,7 @@ date : tUNUMBER '/' tUNUMBER { + yyMonth = $2; + yyDay = $1; + yyYear = $3; ++ yyHaveYear++; + } + ; + +@@ -395,7 +401,8 @@ relunit : tUNUMBER tYEAR_UNIT { + + number : tUNUMBER + { +- if ((yyHaveTime != 0) && (yyHaveDate != 0) && (yyHaveRel == 0)) ++ if ((yyHaveTime != 0 || $1 >= 100) && !yyHaveYear ++ && (yyHaveDate != 0) && (yyHaveRel == 0)) + yyYear = $1; + else + { +@@ -802,7 +809,7 @@ yylex (void) + return LookupWord (buff); + } + if (c != '(') +- return *yyInput++; ++ return (unsigned char)*yyInput++; + Count = 0; + do + { diff --git a/SOURCES/shadow-4.1.5.1-ingroup.patch b/SOURCES/shadow-4.1.5.1-ingroup.patch new file mode 100644 index 0000000..e440431 --- /dev/null +++ b/SOURCES/shadow-4.1.5.1-ingroup.patch @@ -0,0 +1,63 @@ +diff -up shadow-4.1.5.1/src/newgrp.c.ingroup shadow-4.1.5.1/src/newgrp.c +--- shadow-4.1.5.1/src/newgrp.c.ingroup 2014-08-29 13:31:38.000000000 +0200 ++++ shadow-4.1.5.1/src/newgrp.c 2014-08-29 14:04:57.183849650 +0200 +@@ -83,15 +83,29 @@ static void usage (void) + } + } + ++static bool ingroup(const char *name, struct group *gr) ++{ ++ char **look; ++ bool notfound = true; ++ ++ look = gr->gr_mem; ++ while (*look && notfound) ++ notfound = strcmp (*look++, name); ++ ++ return !notfound; ++} ++ + /* +- * find_matching_group - search all groups of a given group id for ++ * find_matching_group - search all groups of a gr's group id for + * membership of a given username ++ * but check gr itself first + */ +-static /*@null@*/struct group *find_matching_group (const char *name, gid_t gid) ++static /*@null@*/struct group *find_matching_group (const char *name, struct group *gr) + { +- struct group *gr; +- char **look; +- bool notfound = true; ++ gid_t gid = gr->gr_gid; ++ ++ if (ingroup(name, gr)) ++ return gr; + + setgrent (); + while ((gr = getgrent ()) != NULL) { +@@ -103,14 +117,8 @@ static /*@null@*/struct group *find_matc + * A group with matching GID was found. + * Test for membership of 'name'. + */ +- look = gr->gr_mem; +- while ((NULL != *look) && notfound) { +- notfound = (strcmp (*look, name) != 0); +- look++; +- } +- if (!notfound) { ++ if (ingroup(name, gr)) + break; +- } + } + endgrent (); + return gr; +@@ -616,7 +624,7 @@ int main (int argc, char **argv) + * groups of the same GID like the requested group for + * membership of the current user. + */ +- grp = find_matching_group (name, grp->gr_gid); ++ grp = find_matching_group (name, grp); + if (NULL == grp) { + /* + * No matching group found. As we already know that diff --git a/SOURCES/shadow-4.1.5.1-manfix.patch b/SOURCES/shadow-4.1.5.1-manfix.patch index 00b792f..2963c98 100644 --- a/SOURCES/shadow-4.1.5.1-manfix.patch +++ b/SOURCES/shadow-4.1.5.1-manfix.patch @@ -1,6 +1,19 @@ +diff -up shadow-4.1.5.1/man/chage.1.xml.manfix shadow-4.1.5.1/man/chage.1.xml +--- shadow-4.1.5.1/man/chage.1.xml.manfix 2012-05-25 13:45:27.000000000 +0200 ++++ shadow-4.1.5.1/man/chage.1.xml 2014-08-29 13:36:57.713167654 +0200 +@@ -102,6 +102,9 @@ + Set the number of days since January 1st, 1970 when the password + was last changed. The date may also be expressed in the format + YYYY-MM-DD (or the format more commonly used in your area). ++ If the LAST_DAY is set to ++ 0 the user is forced to change his password ++ on the next log on. + + + diff -up shadow-4.1.5.1/man/login.defs.5.xml.manfix shadow-4.1.5.1/man/login.defs.5.xml --- shadow-4.1.5.1/man/login.defs.5.xml.manfix 2012-05-25 13:45:28.000000000 +0200 -+++ shadow-4.1.5.1/man/login.defs.5.xml 2014-02-12 11:18:36.126334872 +0100 ++++ shadow-4.1.5.1/man/login.defs.5.xml 2014-08-29 13:31:38.364812323 +0200 @@ -160,6 +160,17 @@ long numeric parameters is machine-dependent. @@ -19,9 +32,25 @@ diff -up shadow-4.1.5.1/man/login.defs.5.xml.manfix shadow-4.1.5.1/man/login.def The following configuration items are provided: +diff -up shadow-4.1.5.1/man/man1/chage.1.manfix shadow-4.1.5.1/man/man1/chage.1 +--- shadow-4.1.5.1/man/man1/chage.1.manfix 2012-05-25 13:58:18.000000000 +0200 ++++ shadow-4.1.5.1/man/man1/chage.1 2014-08-29 13:36:31.303559366 +0200 +@@ -45,7 +45,11 @@ command are: + .PP + \fB\-d\fR, \fB\-\-lastday\fR \fILAST_DAY\fR + .RS 4 +-Set the number of days since January 1st, 1970 when the password was last changed\&. The date may also be expressed in the format YYYY\-MM\-DD (or the format more commonly used in your area)\&. ++Set the number of days since January 1st, 1970 when the password was last changed\&. The date may also be expressed in the format YYYY\-MM\-DD (or the format more commonly used in your area)\&. If the ++\fILAST_DAY\fR ++is set to ++\fB0\fR ++the user is forced to change his password on the next log on\&. + .RE + .PP + \fB\-E\fR, \fB\-\-expiredate\fR \fIEXPIRE_DATE\fR diff -up shadow-4.1.5.1/man/man5/login.defs.5.manfix shadow-4.1.5.1/man/man5/login.defs.5 --- shadow-4.1.5.1/man/man5/login.defs.5.manfix 2012-05-25 13:59:03.000000000 +0200 -+++ shadow-4.1.5.1/man/man5/login.defs.5 2014-02-12 11:26:27.159851843 +0100 ++++ shadow-4.1.5.1/man/man5/login.defs.5 2014-08-29 13:31:38.364812323 +0200 @@ -46,6 +46,14 @@ value\&. Numbers (both regular and long) \fI0\fR) or hexadecimal values (precede the value with \fI0x\fR)\&. The maximum value of the regular and long numeric parameters is machine\-dependent\&. @@ -141,8 +170,8 @@ diff -up shadow-4.1.5.1/man/man5/login.defs.5.manfix shadow-4.1.5.1/man/man5/log .RS 4 CREATE_HOME GID_MAX GID_MIN MAIL_DIR MAX_MEMBERS_PER_GROUP PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN UMASK diff -up shadow-4.1.5.1/man/man8/useradd.8.manfix shadow-4.1.5.1/man/man8/useradd.8 ---- shadow-4.1.5.1/man/man8/useradd.8.manfix 2013-11-27 10:25:34.740049650 +0100 -+++ shadow-4.1.5.1/man/man8/useradd.8 2013-11-27 10:25:34.758050045 +0100 +--- shadow-4.1.5.1/man/man8/useradd.8.manfix 2014-08-29 13:31:38.347811932 +0200 ++++ shadow-4.1.5.1/man/man8/useradd.8 2014-08-29 13:31:38.364812323 +0200 @@ -85,7 +85,7 @@ by default\&. Any text string\&. It is generally a short description of the login, and is currently used as the field for the user\*(Aqs full name\&. .RE @@ -167,9 +196,30 @@ diff -up shadow-4.1.5.1/man/man8/useradd.8.manfix shadow-4.1.5.1/man/man8/userad .RS 4 Do not create the user\*(Aqs home directory, even if the system wide setting from /etc/login\&.defs +diff -up shadow-4.1.5.1/man/man8/usermod.8.manfix shadow-4.1.5.1/man/man8/usermod.8 +--- shadow-4.1.5.1/man/man8/usermod.8.manfix 2012-05-25 13:59:33.000000000 +0200 ++++ shadow-4.1.5.1/man/man8/usermod.8 2014-08-29 13:35:27.343086211 +0200 +@@ -63,7 +63,7 @@ The user\*(Aqs new login directory\&. + .sp + If the + \fB\-m\fR +-option is given, the contents of the current home directory will be moved to the new home directory, which is created if it does not already exist\&. ++option is given, the contents of the current home directory will be moved to the new home directory, which is created if it does not already exist\&. If the current home directory does not exist the new home directory will not be created\&. + .RE + .PP + \fB\-e\fR, \fB\-\-expiredate\fR \fIEXPIRE_DATE\fR +@@ -143,7 +143,7 @@ Move the content of the user\*(Aqs home + This option is only valid in combination with the + \fB\-d\fR + (or +-\fB\-\-home\fR) option\&. ++\fB\-\-home\fR) option\&. If the current home directory does not exist the new home directory will not be created\&. + .sp + + \fBusermod\fR diff -up shadow-4.1.5.1/man/useradd.8.xml.manfix shadow-4.1.5.1/man/useradd.8.xml ---- shadow-4.1.5.1/man/useradd.8.xml.manfix 2013-11-27 10:25:34.740049650 +0100 -+++ shadow-4.1.5.1/man/useradd.8.xml 2013-11-27 10:25:34.759050067 +0100 +--- shadow-4.1.5.1/man/useradd.8.xml.manfix 2014-08-29 13:31:38.347811932 +0200 ++++ shadow-4.1.5.1/man/useradd.8.xml 2014-08-29 13:31:38.364812323 +0200 @@ -161,7 +161,7 @@ @@ -197,3 +247,26 @@ diff -up shadow-4.1.5.1/man/useradd.8.xml.manfix shadow-4.1.5.1/man/useradd.8.xm +diff -up shadow-4.1.5.1/man/usermod.8.xml.manfix shadow-4.1.5.1/man/usermod.8.xml +--- shadow-4.1.5.1/man/usermod.8.xml.manfix 2012-05-25 13:45:29.000000000 +0200 ++++ shadow-4.1.5.1/man/usermod.8.xml 2014-08-29 13:33:40.814632618 +0200 +@@ -132,7 +132,8 @@ + If the + option is given, the contents of the current home directory will + be moved to the new home directory, which is created if it does +- not already exist. ++ not already exist. If the current home directory does not exist ++ the new home directory will not be created. + + + +@@ -261,7 +262,8 @@ + + + Move the content of the user's home directory to the new +- location. ++ location. If the current home directory does not exist ++ the new home directory will not be created. + + + This option is only valid in combination with the diff --git a/SOURCES/shadow-4.1.5.1-move-home.patch b/SOURCES/shadow-4.1.5.1-move-home.patch new file mode 100644 index 0000000..c87e232 --- /dev/null +++ b/SOURCES/shadow-4.1.5.1-move-home.patch @@ -0,0 +1,15 @@ +diff -up shadow-4.1.5.1/src/usermod.c.move-home shadow-4.1.5.1/src/usermod.c +--- shadow-4.1.5.1/src/usermod.c.move-home 2014-08-29 13:31:38.000000000 +0200 ++++ shadow-4.1.5.1/src/usermod.c 2014-08-29 14:14:13.860671177 +0200 +@@ -1571,6 +1571,11 @@ static void move_home (void) + Prog, user_home, user_newhome); + fail_exit (E_HOMEDIR); + } ++ } else { ++ fprintf (stderr, ++ _("%s: The previous home directory (%s) does " ++ "not exist or is inaccessible. Move cannot be completed.\n"), ++ Prog, user_home); + } + } + diff --git a/SOURCES/shadow-4.1.5.1-selinux.patch b/SOURCES/shadow-4.1.5.1-selinux.patch index 773fd60..4ac32d2 100644 --- a/SOURCES/shadow-4.1.5.1-selinux.patch +++ b/SOURCES/shadow-4.1.5.1-selinux.patch @@ -1,7 +1,65 @@ +diff -up shadow-4.1.5.1/lib/semanage.c.selinux shadow-4.1.5.1/lib/semanage.c +--- shadow-4.1.5.1/lib/semanage.c.selinux 2012-01-08 17:35:44.000000000 +0100 ++++ shadow-4.1.5.1/lib/semanage.c 2014-09-10 10:11:55.417506128 +0200 +@@ -294,6 +294,9 @@ int set_seuser (const char *login_name, + + ret = 0; + ++ /* drop obsolete matchpathcon cache */ ++ matchpathcon_fini(); ++ + done: + semanage_seuser_key_free (key); + semanage_handle_destroy (handle); +@@ -369,6 +372,10 @@ int del_seuser (const char *login_name) + } + + ret = 0; ++ ++ /* drop obsolete matchpathcon cache */ ++ matchpathcon_fini(); ++ + done: + semanage_handle_destroy (handle); + return ret; diff -up shadow-4.1.5.1/src/useradd.c.selinux shadow-4.1.5.1/src/useradd.c ---- shadow-4.1.5.1/src/useradd.c.selinux 2012-09-19 18:28:37.662060468 +0200 -+++ shadow-4.1.5.1/src/useradd.c 2012-09-19 18:28:37.672060688 +0200 -@@ -2040,7 +2040,7 @@ int main (int argc, char **argv) +--- shadow-4.1.5.1/src/useradd.c.selinux 2014-09-10 10:10:18.791280619 +0200 ++++ shadow-4.1.5.1/src/useradd.c 2014-09-10 10:10:18.798280781 +0200 +@@ -1850,6 +1850,7 @@ static void create_mail (void) + */ + int main (int argc, char **argv) + { ++ int rv = E_SUCCESS; + #ifdef ACCT_TOOLS_SETUID + #ifdef USE_PAM + pam_handle_t *pamh = NULL; +@@ -2037,10 +2038,33 @@ int main (int argc, char **argv) + + usr_update (); + ++ close_files (); ++ ++ nscd_flush_cache ("passwd"); ++ nscd_flush_cache ("group"); ++ ++#ifdef WITH_SELINUX ++ if (Zflg && *user_selinux) { ++ if (is_selinux_enabled () > 0) { ++ if (set_seuser (user_name, user_selinux) != 0) { ++ fprintf (stderr, ++ _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"), ++ Prog, user_name, user_selinux); ++#ifdef WITH_AUDIT ++ audit_logger (AUDIT_ADD_USER, Prog, ++ "adding SELinux user mapping", ++ user_name, (unsigned int) user_id, 0); ++#endif /* WITH_AUDIT */ ++ rv = E_SE_UPDATE; ++ } ++ } ++ } ++#endif ++ if (mflg) { create_home (); if (home_added) { @@ -10,3 +68,32 @@ diff -up shadow-4.1.5.1/src/useradd.c.selinux shadow-4.1.5.1/src/useradd.c (uid_t)-1, user_id, (gid_t)-1, user_gid); } else { fprintf (stderr, +@@ -2056,27 +2080,6 @@ int main (int argc, char **argv) + create_mail (); + } + +- close_files (); +- +-#ifdef WITH_SELINUX +- if (Zflg) { +- if (set_seuser (user_name, user_selinux) != 0) { +- fprintf (stderr, +- _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"), +- Prog, user_name, user_selinux); +-#ifdef WITH_AUDIT +- audit_logger (AUDIT_ADD_USER, Prog, +- "adding SELinux user mapping", +- user_name, (unsigned int) user_id, 0); +-#endif /* WITH_AUDIT */ +- fail_exit (E_SE_UPDATE); +- } +- } +-#endif /* WITH_SELINUX */ +- +- nscd_flush_cache ("passwd"); +- nscd_flush_cache ("group"); +- +- return E_SUCCESS; ++ return rv; + } + diff --git a/SPECS/shadow-utils.spec b/SPECS/shadow-utils.spec index bafe53c..7975829 100644 --- a/SPECS/shadow-utils.spec +++ b/SPECS/shadow-utils.spec @@ -1,7 +1,7 @@ Summary: Utilities for managing accounts and shadow password files Name: shadow-utils Version: 4.1.5.1 -Release: 13%{?dist} +Release: 15%{?dist} Epoch: 2 URL: http://pkg-shadow.alioth.debian.org/ Source0: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.bz2 @@ -24,6 +24,9 @@ Patch14: shadow-4.1.5.1-default-range.patch Patch15: shadow-4.1.5.1-manfix.patch Patch16: shadow-4.1.5.1-crypt-null.patch Patch17: shadow-4.1.5.1-userdel-helpfix.patch +Patch18: shadow-4.1.5.1-date-parsing.patch +Patch19: shadow-4.1.5.1-ingroup.patch +Patch20: shadow-4.1.5.1-move-home.patch License: BSD and GPLv2+ Group: System Environment/Base @@ -69,6 +72,9 @@ are used for managing group accounts. %patch15 -p1 -b .manfix %patch16 -p1 -b .crypt-null %patch17 -p1 -b .userdel +%patch18 -p1 -b .date-parsing +%patch19 -p1 -b .ingroup +%patch20 -p1 -b .move-home iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 cp -f doc/HOWTO.utf8 doc/HOWTO @@ -222,6 +228,16 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man8/vigr.8* %changelog +* Wed Sep 10 2014 Tomas Mraz - 2:4.1.5.1-15 +- discard obsolete matchpathcon cache after semanage_commit() + +* Fri Aug 29 2014 Tomas Mraz - 2:4.1.5.1-14 +- label the newly created home dir correctly (#1077809) +- mention that chage -d 0 forces password change (#1135010) +- improve date parsing and error detecting in chage +- avoid full group database scanning in newgrp in most common case +- report error if usermod asked for moving homedir and it does not exist + * Wed Feb 12 2014 Tomas Mraz - 2:4.1.5.1-13 - clean up login.defs manpage - properly document userdel -f behavior