Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package shadow for openSUSE:Factory checked in at 2022-08-26 09:08:03 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/shadow (Old) and /work/SRC/openSUSE:Factory/.shadow.new.2083 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "shadow" Fri Aug 26 09:08:03 2022 rev:48 rq:999092 version:4.12.3 Changes: -------- --- /work/SRC/openSUSE:Factory/shadow/shadow.changes 2022-01-16 23:18:03.778335176 +0100 +++ /work/SRC/openSUSE:Factory/.shadow.new.2083/shadow.changes 2022-08-26 09:08:04.957371783 +0200 @@ -1,0 +2,95 @@ +Mon Aug 22 13:59:35 UTC 2022 - Michael Vetter <[email protected]> + +- Update to 4.12.3: + Revert removal of subid_init, which should have bumped soname. + So note that 4.12 through 4.12.2 were broken for subid users. + +------------------------------------------------------------------- +Fri Aug 19 06:32:28 UTC 2022 - Michael Vetter <[email protected]> + +- Update to 4.12.2: + * Address CVE-2013-4235 (TOCTTOU when copying directories) [bsc#916845] +- Refresh useradd-userkeleton.patch: + LSTAT() was removed with https://github.com/shadow-maint/shadow/pull/545 + Let's use fstatat() now. + +------------------------------------------------------------------- +Mon Aug 15 17:42:01 UTC 2022 - Michael Vetter <[email protected]> + +- Update to 4.12.1: + * Fix uk manpages +- Remove shadow-4.12-remove-uk.patch: fixed upstream + +------------------------------------------------------------------- +Fri Aug 12 06:05:35 UTC 2022 - Michael Vetter <[email protected]> + +- Update to 4.12: + * Add absolute path hint to --root + * Various cleanups + * Fix Ubuntu release used in CI tests + * add -F options to userad + * useradd manpage updates + * Check for ownerid (not just username) in subid ranges + * Declare file local functions static + * Use strict prototypes + * Do not drop const qualifier for Basename + * Constify various pointers + * Don't return uninitialized memory + * Don't let compiler optimize away memory cleaning + * Remove many obsolete compatibility checks and defines + * Modify ID range check in useradd + * Use "extern "C"" to make libsubid easier to use from C++ + * French translation updates + * Fix s/with-pam/with-libpam/ + * Spanish translation updates + * French translation fixes + * Default max group name length to 32 + * Fix PAM service files without-selinux + * Improve manpages + - groupadd, useradd, usermod + - groups and id + - pwck + * Add fedora to CI builds + * Fix condition under which pw_dir check happens + * logoutd: switch to strncat + * AUTHORS: improve markdown output + * Handle ERANGE errors correctly + * Check for fopen NULL return + * Split get_salt() into its own fn juyin) + * Get salt before chroot to ensure /dev/urandom. + * Chpasswd code cleanup + * Work around git safe.directory enforcement + * Alphabetize order in usermod help + * Erase password copy on error branches + * Suggest using --badname if needed + * Update translation files + * Correct badnames option to badname + * configure: replace obsolete autoconf macros + * tests: replace egrep with grep -E + * Update Ukrainian translations + * Cleanups + - Remove redeclared variable + - Remove commented out code and FIXMEs + - Add header guards + - Initialize local variables + * CI updates + - Create github workflow to install dependencies + - Enable CodeQL + - Update actions version + * libmisc: use /dev/urandom as fallback if other methods fail +- Add shadow-4.12-remove-uk.patch: + Disable non working Ukranian translation for now + https://github.com/shadow-maint/shadow/issues/547 + +------------------------------------------------------------------- +Tue Aug 9 06:29:07 UTC 2022 - Thorsten Kukuk <[email protected]> + +- Remove duplicate pam.d/useradd entry +- Provide /etc/login.defs.d on SLE15 since we support and use it + +------------------------------------------------------------------- +Mon Aug 8 13:00:46 UTC 2022 - Thorsten Kukuk <[email protected]> + +- Use %_pam_vendordir macro + +------------------------------------------------------------------- Old: ---- shadow-4.11.1.tar.xz shadow-4.11.1.tar.xz.asc New: ---- shadow-4.12.3.tar.xz shadow-4.12.3.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ shadow.spec ++++++ --- /var/tmp/diff_new_pack.nF137i/_old 2022-08-26 09:08:05.769372613 +0200 +++ /var/tmp/diff_new_pack.nF137i/_new 2022-08-26 09:08:05.773372617 +0200 @@ -22,20 +22,20 @@ %define no_config 1 %endif Name: shadow -Version: 4.11.1 +Version: 4.12.3 Release: 0 Summary: Utilities to Manage User and Group Accounts License: BSD-3-Clause AND GPL-2.0-or-later Group: System/Base URL: https://github.com/shadow-maint/shadow -Source: https://github.com/shadow-maint/shadow/releases/download/v%{version}/shadow-%{version}.tar.xz +Source: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz Source1: pamd.tar.bz2 Source3: useradd.local Source4: userdel-pre.local Source5: userdel-post.local Source6: shadow.service Source7: shadow.timer -Source42: https://github.com/shadow-maint/shadow/releases/download/v%{version}/shadow-%{version}.tar.xz.asc +Source42: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz.asc Source43: %{name}.keyring # SOURCE-FEATURE-SUSE shadow-login_defs-check.sh [email protected] -- Supplementary script that verifies coverage of variables in shadow-login_defs-unused-by-pam.patch and other patches. Source44: shadow-login_defs-check.sh @@ -231,9 +231,11 @@ # Move /etc to /usr/etc if [ ! -d %{buildroot}%{_distconfdir} ]; then mkdir -p %{buildroot}%{_distconfdir} - mv %{buildroot}%{_sysconfdir}/{login.defs,pam.d} %{buildroot}%{_distconfdir} - mkdir -p %{buildroot}%{_sysconfdir}/login.defs.d + mkdir -p %{buildroot}%{_pam_vendordir} + mv %{buildroot}%{_sysconfdir}/login.defs %{buildroot}%{_distconfdir} + mv %{buildroot}%{_sysconfdir}/pam.d/* %{buildroot}%{_pam_vendordir}/ fi +mkdir -p %{buildroot}%{_sysconfdir}/login.defs.d %find_lang shadow @@ -299,19 +301,18 @@ %verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/subuid %verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/subgid %if %{defined no_config} -%{_distconfdir}/pam.d/chage -%{_distconfdir}/pam.d/chfn -%{_distconfdir}/pam.d/chsh -%{_distconfdir}/pam.d/passwd -%{_distconfdir}/pam.d/useradd -%{_distconfdir}/pam.d/chpasswd -%{_distconfdir}/pam.d/groupadd -%{_distconfdir}/pam.d/groupdel -%{_distconfdir}/pam.d/groupmod -%{_distconfdir}/pam.d/newusers -%{_distconfdir}/pam.d/useradd -%{_distconfdir}/pam.d/userdel -%{_distconfdir}/pam.d/usermod +%{_pam_vendordir}/chage +%{_pam_vendordir}/chfn +%{_pam_vendordir}/chsh +%{_pam_vendordir}/passwd +%{_pam_vendordir}/chpasswd +%{_pam_vendordir}/groupadd +%{_pam_vendordir}/groupdel +%{_pam_vendordir}/groupmod +%{_pam_vendordir}/newusers +%{_pam_vendordir}/useradd +%{_pam_vendordir}/userdel +%{_pam_vendordir}/usermod %else %config %{_sysconfdir}/pam.d/chage %config %{_sysconfdir}/pam.d/chfn @@ -389,8 +390,8 @@ %{_unitdir}/* %files -n login_defs -%if %{defined no_config} %dir %{_sysconfdir}/login.defs.d +%if %{defined no_config} %attr(0644,root,root) %{_distconfdir}/login.defs %else %attr(0644,root,root) %config %{_sysconfdir}/login.defs ++++++ shadow-4.11.1.tar.xz -> shadow-4.12.3.tar.xz ++++++ ++++ 186528 lines of diff (skipped) ++++++ useradd-userkeleton.patch ++++++ --- /var/tmp/diff_new_pack.nF137i/_old 2022-08-26 09:08:06.697373562 +0200 +++ /var/tmp/diff_new_pack.nF137i/_new 2022-08-26 09:08:06.701373565 +0200 @@ -27,7 +27,7 @@ static const char *def_create_mail_spool = "yes"; static const char *def_log_init = "yes"; -@@ -185,6 +189,7 @@ static bool home_added = false; +@@ -188,6 +192,7 @@ static bool home_added = false; #define DINACT "INACTIVE=" #define DEXPIRE "EXPIRE=" #define DSKEL "SKEL=" @@ -35,7 +35,7 @@ #define DCREATE_MAIL_SPOOL "CREATE_MAIL_SPOOL=" #define DLOG_INIT "LOG_INIT=" -@@ -458,6 +463,29 @@ static void get_defaults (void) +@@ -461,6 +466,29 @@ static void get_defaults (void) } /* @@ -45,7 +45,7 @@ + if ('\0' == *cp) { + cp = USRSKELDIR; /* XXX warning: const */ + } -+ ++ + if(prefix[0]) { + size_t len; + int wlen; @@ -65,7 +65,7 @@ * Create by default user mail spool or not ? */ else if (MATCH (buf, DCREATE_MAIL_SPOOL)) { -@@ -499,6 +527,7 @@ static void show_defaults (void) +@@ -502,6 +530,7 @@ static void show_defaults (void) printf ("EXPIRE=%s\n", def_expire); printf ("SHELL=%s\n", def_shell); printf ("SKEL=%s\n", def_template); @@ -73,7 +73,7 @@ printf ("CREATE_MAIL_SPOOL=%s\n", def_create_mail_spool); printf ("LOG_INIT=%s\n", def_log_init); } -@@ -527,6 +556,7 @@ static int set_defaults (void) +@@ -530,6 +559,7 @@ static int set_defaults (void) bool out_expire = false; bool out_shell = false; bool out_skel = false; @@ -81,7 +81,7 @@ bool out_create_mail_spool = false; bool out_log_init = false; size_t len; -@@ -640,6 +670,9 @@ static int set_defaults (void) +@@ -643,6 +673,9 @@ static int set_defaults (void) } else if (!out_skel && MATCH (buf, DSKEL)) { fprintf (ofp, DSKEL "%s\n", def_template); out_skel = true; @@ -91,7 +91,7 @@ } else if (!out_create_mail_spool && MATCH (buf, DCREATE_MAIL_SPOOL)) { fprintf (ofp, -@@ -675,6 +708,8 @@ static int set_defaults (void) +@@ -678,6 +711,8 @@ static int set_defaults (void) fprintf (ofp, DSHELL "%s\n", def_shell); if (!out_skel) fprintf (ofp, DSKEL "%s\n", def_template); @@ -100,7 +100,7 @@ if (!out_create_mail_spool) fprintf (ofp, DCREATE_MAIL_SPOOL "%s\n", def_create_mail_spool); -@@ -2739,6 +2774,8 @@ int main (int argc, char **argv) +@@ -2756,6 +2791,8 @@ int main (int argc, char **argv) if (home_added) { copy_tree (def_template, prefix_user_home, false, true, (uid_t)-1, user_id, (gid_t)-1, user_gid); @@ -113,22 +113,22 @@ =================================================================== --- libmisc/copydir.c.orig +++ libmisc/copydir.c -@@ -395,6 +395,14 @@ static int copy_entry (const char *src, - old_uid, new_uid, old_gid, new_gid); +@@ -453,6 +453,14 @@ static int copy_entry (const struct path } -+ /* + /* + * If the destination already exists do nothing. + * This is after the copy_dir above to still iterate into subdirectories. + */ -+ if (LSTAT (dst, &sb) != -1) { ++ if (fstatat(dst->dirfd, dst->name, &sb, AT_SYMLINK_NOFOLLOW) != -1) { + return 0; + } + - #ifdef S_IFLNK - /* ++ /* * Copy any symbolic links -@@ -456,6 +464,7 @@ static int copy_dir (const char *src, co + */ + +@@ -511,6 +519,7 @@ static int copy_dir (const struct path_i gid_t old_gid, gid_t new_gid) { int err = 0; @@ -136,21 +136,21 @@ /* * Create a new target directory, make it owned by -@@ -467,6 +476,16 @@ static int copy_dir (const char *src, co +@@ -522,6 +531,16 @@ static int copy_dir (const struct path_i return -1; } #endif /* WITH_SELINUX */ + -+ /* -+ * If the destination is already a directory, don't change it -+ * but copy into it (recursively). -+ */ -+ if (LSTAT (dst, &dst_sb) == 0 && S_ISDIR(dst_sb.st_mode)) { -+ return (copy_tree (src, dst, false, reset_selinux, -+ old_uid, new_uid, old_gid, new_gid) != 0); -+ } ++ /* ++ * If the destination is already a directory, don't change it ++ * but copy into it (recursively). ++ */ ++ if (fstatat(dst->dirfd, dst->name, &dst_sb, AT_SYMLINK_NOFOLLOW) == 0 && S_ISDIR(dst_sb.st_mode)) { ++ return (copy_tree (src, dst, false, reset_selinux, ++ old_uid, new_uid, old_gid, new_gid) != 0); ++ } + - if ( (mkdir (dst, statp->st_mode) != 0) - || (chown_if_needed (dst, statp, + if ( (mkdirat (dst->dirfd, dst->name, statp->st_mode) != 0) + || (chownat_if_needed (dst, statp, old_uid, new_uid, old_gid, new_gid) != 0)
