up to 4.5

https://github.com/shadow-maint/shadow/releases/tag/4.5

Changelog since 4.4:

    * Patch from Tobias Stoeckmann fixing regression in previous CVE fix
      preventing SIGTERM to su from being propagated to the job.
    * Patch from Chris Lamb making sp_lstchg shadow field reproducible.
    * Merge Russian translation updates from Yuri Kozlov
    * Fix missing close of subuid file on error
    * Merge patch by Tobias Stoeckmann <tobias@stoeckmann.org> to fix
      the equivalent of util-linux CVE-2017-2616.
    * Update Kazakh translations
    * Consult configuration before calculating subuids
    * Remove misplaced semicolon
    * Patch from Fedora to improve performance with SSSD, Winbind,
      or nss_ldap. (Tomas Mraz)
    * Make sure knowndef_table is NULL-terminated.  (Bernhard Rosenkränzer)
    * Drop leading underscore from _COMMONIO_H and _SHADOWIO_H
    * Fix readability in usermod error messages.
    * Reset user in tallylog
    * Add audit support to su
    * Use sizeof rather than hardcoding snprintf args
    * Fix useradd improper default loading
    * Update Vietnamese translations
    * Update Polish translations
    * Remove non-POSIX chmod option in Makefile
    * Fix suidubins assignments
    * Fix --add-subuids etc spelling in manpages
    * Audit homedir ownership change.
    * Print error on selinux file context update failure
    * Keep original file perms when creating a backup

diff --git a/shadow-pld.patch b/shadow-pld.patch
index 0f0837b783280f28c3cbded81b623efd859600da..69836c2f6a29faacbee26300b16257d34f19d911 100644 (file)
--- a/shadow-pld.patch
+++ b/shadow-pld.patch
@@ -23,25 +23,29 @@
  static uid_t user_id;
  static gid_t user_gid;
  static const char *user_comment = "";
---- shadow-4.1.5.1/libmisc/find_new_gid.c~     2011-07-29 17:38:23.000000000 +0200
-+++ shadow-4.1.5.1/libmisc/find_new_gid.c      2012-12-14 14:03:45.355638812 +0100
-@@ -68,7 +68,7 @@
-                       return -1;
-               }
-       } else {
--              gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 101UL);
-+              gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 10UL);
-               gid_max = (gid_t) getdef_ulong ("GID_MIN", 1000UL) - 1;
-               gid_max = (gid_t) getdef_ulong ("SYS_GID_MAX", (unsigned long) gid_max);
-               if (gid_max < gid_min) {
---- shadow-4.1.5.1/libmisc/find_new_uid.c~     2011-07-29 17:39:16.000000000 +0200
-+++ shadow-4.1.5.1/libmisc/find_new_uid.c      2012-12-14 14:03:29.645639367 +0100
-@@ -68,7 +68,7 @@
-                       return -1;
-               }
-       } else {
--              uid_min = (uid_t) getdef_ulong ("SYS_UID_MIN", 101UL);
-+              uid_min = (uid_t) getdef_ulong ("SYS_UID_MIN", 1UL);
-               uid_max = (uid_t) getdef_ulong ("UID_MIN", 1000UL) - 1;
-               uid_max = (uid_t) getdef_ulong ("SYS_UID_MAX", (unsigned long) uid_max);
-               if (uid_max < uid_min) {
+--- shadow-4.5/libmisc/find_new_gid.c~ 2017-01-29 22:37:22.000000000 +0200
++++ shadow-4.5/libmisc/find_new_gid.c  2017-05-17 23:13:32.785253060 +0300
+@@ -61,8 +61,8 @@
+               /* A requested ID is allowed to be below the autoselect range */
+               *preferred_min = (gid_t) 1;
+ 
+-              /* Get the minimum ID range from login.defs or default to 101 */
+-              *min_id = (gid_t) getdef_ulong ("SYS_GID_MIN", 101UL);
++              /* Get the minimum ID range from login.defs or default to 10 */
++              *min_id = (gid_t) getdef_ulong ("SYS_GID_MIN", 10UL);
+ 
+               /*
+                * If SYS_GID_MAX is unspecified, we should assume it to be one
+--- shadow-4.5/libmisc/find_new_uid.c~ 2017-01-29 22:37:22.000000000 +0200
++++ shadow-4.5/libmisc/find_new_uid.c  2017-05-17 23:10:38.366687971 +0300
+@@ -61,8 +61,8 @@
+               /* A requested ID is allowed to be below the autoselect range */
+               *preferred_min = (uid_t) 1;
+ 
+-              /* Get the minimum ID range from login.defs or default to 101 */
+-              *min_id = (uid_t) getdef_ulong ("SYS_UID_MIN", 101UL);
++              /* Get the minimum ID range from login.defs or default to 1 */
++              *min_id = (uid_t) getdef_ulong ("SYS_UID_MIN", 1UL);
+ 
+               /*
+                * If SYS_UID_MAX is unspecified, we should assume it to be one

diff --git a/shadow.spec b/shadow.spec
index 99201fef9627405f9ede481d429eece2b6b6780a..dc6b4c2ffb2f4fac7e1b445483dd5ff661af31c5 100644 (file)
--- a/shadow.spec
+++ b/shadow.spec
@@ -33,15 +33,15 @@ Summary(pl.UTF-8):  Narzędzia do obsługi mechanizmu ukrytych haseł
 Summary(pt_BR.UTF-8):  Utilitários para o arquivo de senhas Shadow
 Summary(tr.UTF-8):     Gölge parola dosyası araçları
 Name:          shadow
-Version:       4.4
+Version:       4.5
 #BuildRequires:        useradd -g is broken, use pwdutils, or fix it:
 # http://zie.pg.gda.pl/mailman/pipermail/shadow/2006-September/000395.html
 Release:       0.1
 Epoch:         1
 License:       BSD
 Group:         Applications/System
-Source0:       https://github.com/shadow-maint/shadow/releases/download/%{version}/%{name}-%{version}.tar.gz
-# Source0-md5: 014062a24c2ba450f85d7bd1147a8528
+Source0:       https://github.com/shadow-maint/shadow/releases/download/%{version}/%{name}-%{version}.tar.xz
+# Source0-md5: c350da50c2120de6bb29177699d89fe3
 Source2:       %{name}-login.defs
 Source3:       %{name}.useradd
 Source10:      chage.pamd
@@ -61,7 +61,6 @@ Source23:     usermod.pamd
 Patch0:                %{name}-pld.patch
 # allow names with upper case letters or containing dot in the middle
 Patch1:                %{name}-goodname.patch
-Patch2:                su.patch
 URL:           https://github.com/shadow-maint/shadow
 BuildRequires: acl-devel
 BuildRequires: attr-devel
@@ -146,10 +145,10 @@ utilitários e senhas shadow em geral.
 %setup -q
 %patch0 -p1
 %patch1 -p1
-%patch2 -p1
 
 %build
 %configure \
+       --disable-silent-rules \
        --bindir=/bin \
        --sbindir=/sbin \
        %{?with_shared:--enable-shared --disable-static} \

diff --git a/su.patch b/su.patch
deleted file mode 100644 (file)
index 832d411..0000000
--- a/su.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-
-https://github.com/shadow-maint/shadow/issues/32
-
-From 67d2bb6e0a5ac124ce1f026dd5723217b1493194 Mon Sep 17 00:00:00 2001
-From: Serge Hallyn <serge@hallyn.com>
-Date: Sun, 18 Sep 2016 21:31:18 -0500
-Subject: [PATCH] su.c: fix missing length argument to snprintf
-
----
- src/su.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/su.c b/src/su.c
-index 0c50a94..93ffd2f 100644
---- a/src/su.c
-+++ b/src/su.c
-@@ -373,8 +373,8 @@ static void prepare_pam_close_session (void)
-                             stderr);
-               (void) kill (-pid_child, caught);
- 
--              snprintf (kill_msg, _(" ...killed.\n"));
--              snprintf (wait_msg, _(" ...waiting for child to terminate.\n"));
-+              snprintf (kill_msg, 256, _(" ...killed.\n"));
-+              snprintf (wait_msg, 256, _(" ...waiting for child to terminate.\n"));
- 
-               (void) signal (SIGALRM, kill_child);
-               (void) alarm (2);
-From 924cc346475dea7dc394316cd7c3d5d0414e538e Mon Sep 17 00:00:00 2001
-From: Adam Sampson <ats@offog.org>
-Date: Thu, 15 Sep 2016 16:54:42 +0100
-Subject: [PATCH] Use sizeof rather than hardcoding snprintf's size argument.
-
----
- src/su.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/su.c b/src/su.c
-index 93ffd2f..d605af8 100644
---- a/src/su.c
-+++ b/src/su.c
-@@ -373,8 +373,8 @@ static void prepare_pam_close_session (void)
-                             stderr);
-               (void) kill (-pid_child, caught);
- 
--              snprintf (kill_msg, 256, _(" ...killed.\n"));
--              snprintf (wait_msg, 256, _(" ...waiting for child to terminate.\n"));
-+              snprintf (kill_msg, sizeof kill_msg, _(" ...killed.\n"));
-+              snprintf (wait_msg, sizeof wait_msg, _(" ...waiting for child to terminate.\n"));
- 
-               (void) signal (SIGALRM, kill_child);
-               (void) alarm (2);