Hello community, here is the log from the commit of package shadow for openSUSE:Factory checked in at 2018-05-22 16:57:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/shadow (Old) and /work/SRC/openSUSE:Factory/.shadow.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "shadow" Tue May 22 16:57:52 2018 rev:27 rq:609804 version:4.6 Changes: -------- --- /work/SRC/openSUSE:Factory/shadow/shadow.changes 2018-02-28 19:55:38.839344797 +0100 +++ /work/SRC/openSUSE:Factory/.shadow.new/shadow.changes 2018-05-22 16:57:55.489039806 +0200 @@ -1,0 +2,27 @@ +Mon May 14 12:45:42 UTC 2018 - mvet...@suse.com + +- Update to 4.6: + * Newgrp: avoid unnecessary lookups + * Make language less binary + * Add error when turning off man switch + * Spelling fixes + * Make userdel work with -R + * newgidmap: enforce setgroups=deny if self-mapping a group + * Norwegian bokmål translation + * pwck: prevent crash by not passing O_CREAT + * WITH_TCB fixes from Mandriva + * Fix pwconv and grpconv entry skips + * Fix -- slurping in su + * add --prefix option +- Remove CVE-2018-7169.patch: upstreamed +- Remove shadow-4.1.5.1-pam_group.patch: upstreamed +- Update userdel-script.patch: change due to prefix +- Update useradd-mkdirs.patch: change due to prefix + Additionally changed in that patch: + * Test for strdup() failure + * Directory to 0755 instead 0777 +- Add shadow-4.6.0-fix-usermod-prefix-crash.patch: + Fixes crash in usermod when called with --prefix. + See https://github.com/shadow-maint/shadow/issues/110 + +------------------------------------------------------------------- Old: ---- CVE-2018-7169.patch shadow-4.1.5.1-pam_group.patch shadow-4.5.tar.xz shadow-4.5.tar.xz.asc New: ---- shadow-4.6.0-fix-usermod-prefix-crash.patch shadow-4.6.tar.xz shadow-4.6.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ shadow.spec ++++++ --- /var/tmp/diff_new_pack.Z9j8NU/_old 2018-05-22 16:57:56.289010701 +0200 +++ /var/tmp/diff_new_pack.Z9j8NU/_new 2018-05-22 16:57:56.289010701 +0200 @@ -17,7 +17,7 @@ Name: shadow -Version: 4.5 +Version: 4.6 Release: 0 Summary: Utilities to Manage User and Group Accounts License: BSD-3-Clause AND GPL-2.0+ @@ -43,9 +43,8 @@ Patch7: shadow-4.1.5.1-logmsg.patch Patch10: encryption_method_nis.patch Patch11: useradd-mkdirs.patch -Patch18: shadow-4.1.5.1-pam_group.patch +Patch12: shadow-4.6.0-fix-usermod-prefix-crash.patch Patch20: disable_new_audit_function.patch -Patch21: CVE-2018-7169.patch BuildRequires: audit-devel > 2.3 BuildRequires: libacl-devel BuildRequires: libattr-devel @@ -68,7 +67,7 @@ %prep %setup -q -a 1 %patch0 -%patch1 +%patch1 -p1 %patch2 %patch3 %patch4 @@ -76,11 +75,10 @@ %patch6 %patch7 %patch10 -%patch11 -%patch18 -p1 +%patch11 -p1 +%patch12 -p1 %if 0%{?suse_version} < 1330 %patch20 -p1 -%patch21 -p1 %endif iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 ++++++ shadow-4.6.0-fix-usermod-prefix-crash.patch ++++++ Bug: https://github.com/shadow-maint/shadow/issues/110 Containing following two fixes. >From 73a876a05612c278da747faeaeea40c3b8d34a53 Mon Sep 17 00:00:00 2001 From: fariouche <fariou...@yahoo.fr> Date: Tue, 8 May 2018 21:17:46 -0500 Subject: [PATCH 1/2] Fix usermod crash Return newly allocated pointers when the caller will free them. Closes #110 --- libmisc/prefix_flag.c | 2 +- src/usermod.c | 10 ++++++---- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/libmisc/prefix_flag.c b/libmisc/prefix_flag.c index 6581235e..8ceffd26 100644 --- a/libmisc/prefix_flag.c +++ b/libmisc/prefix_flag.c @@ -333,7 +333,7 @@ extern struct group *prefix_getgr_nam_gid(const char *grname) && (gid == (gid_t)gid)) { return prefix_getgrgid ((gid_t) gid); } - return prefix_getgrnam (grname); + return __gr_dup(prefix_getgrnam (grname)); } else return getgr_nam_gid(grname); diff --git a/src/usermod.c b/src/usermod.c index e571426f..7355ad31 100644 --- a/src/usermod.c +++ b/src/usermod.c @@ -1251,11 +1251,13 @@ static void process_flags (int argc, char **argv) prefix_user_home = xmalloc(len); wlen = snprintf(prefix_user_home, len, "%s/%s", prefix, user_home); assert (wlen == (int) len -1); + if (user_newhome) { + len = strlen(prefix) + strlen(user_newhome) + 2; + prefix_user_newhome = xmalloc(len); + wlen = snprintf(prefix_user_newhome, len, "%s/%s", prefix, user_newhome); + assert (wlen == (int) len -1); + } - len = strlen(prefix) + strlen(user_newhome) + 2; - prefix_user_newhome = xmalloc(len); - wlen = snprintf(prefix_user_newhome, len, "%s/%s", prefix, user_newhome); - assert (wlen == (int) len -1); } else { prefix_user_home = user_home; >From 48dcf7852e51b9d8e7926737cc7f7823978b7d7d Mon Sep 17 00:00:00 2001 From: Serge Hallyn <shal...@cisco.com> Date: Tue, 8 May 2018 21:37:55 -0500 Subject: [PATCH 2/2] usermod: prevent a segv in the case where prefix does not exist. Signed-off-by: Serge Hallyn <shal...@cisco.com> --- libmisc/prefix_flag.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libmisc/prefix_flag.c b/libmisc/prefix_flag.c index 8ceffd26..96b11faa 100644 --- a/libmisc/prefix_flag.c +++ b/libmisc/prefix_flag.c @@ -319,6 +319,7 @@ extern struct group *prefix_getgr_nam_gid(const char *grname) { long long int gid; char *endptr; + struct group *g; if (NULL == grname) { return NULL; @@ -333,7 +334,8 @@ extern struct group *prefix_getgr_nam_gid(const char *grname) && (gid == (gid_t)gid)) { return prefix_getgrgid ((gid_t) gid); } - return __gr_dup(prefix_getgrnam (grname)); + g = prefix_getgrnam (grname); + return g ? __gr_dup(g) : NULL; } else return getgr_nam_gid(grname); ++++++ shadow-4.5.tar.xz -> shadow-4.6.tar.xz ++++++ ++++ 39122 lines of diff (skipped) ++++++ useradd-mkdirs.patch ++++++ --- /var/tmp/diff_new_pack.Z9j8NU/_old 2018-05-22 16:57:57.320973155 +0200 +++ /var/tmp/diff_new_pack.Z9j8NU/_new 2018-05-22 16:57:57.324973010 +0200 @@ -1,30 +1,37 @@ -Index: src/useradd.c -=================================================================== ---- src/useradd.c.orig -+++ src/useradd.c -@@ -1943,6 +1943,13 @@ static void usr_update (void) +https://github.com/shadow-maint/shadow/pull/112 + +useradd-mkdirs.patch adapted to two comments in https://github.com/shadow-maint/shadow/pull/2 +* check for stdup failure +* create dirs with 0755 instead of 0777 +diff -urEbwB shadow-4.6/src/useradd.c shadow-4.6.new-useradd-mkdirs/src/useradd.c +--- shadow-4.6/src/useradd.c 2018-04-29 18:42:37.000000000 +0200 ++++ shadow-4.6.new-useradd-mkdirs/src/useradd.c 2018-05-15 17:11:03.706371270 +0200 +@@ -2018,6 +2018,19 @@ static void create_home (void) { - if (access (user_home, F_OK) != 0) { -+ char path[strlen (user_home) + 2]; + if (access (prefix_user_home, F_OK) != 0) { ++ char path[strlen (prefix_user_home) + 2]; + char *bhome, *cp; + + path[0] = '\0'; -+ bhome = strdup (user_home); ++ bhome = strdup (prefix_user_home); ++ if (!bhome) { ++ fprintf (stderr, ++ _("%s: error while duplicating string %s\n"), ++ Prog, user_home); ++ fail_exit (E_HOMEDIR); ++ } + ++bhome; + #ifdef WITH_SELINUX - if (set_selinux_file_context (user_home) != 0) { + if (set_selinux_file_context (prefix_user_home) != 0) { fprintf (stderr, -@@ -1951,19 +1958,42 @@ static void create_home (void) +@@ -2026,11 +2039,20 @@ fail_exit (E_HOMEDIR); } #endif - /* XXX - create missing parent directories. --marekm */ -- if (mkdir (user_home, 0) != 0) { -- fprintf (stderr, -- _("%s: cannot create directory %s\n"), -- Prog, user_home); +- if (mkdir (prefix_user_home, 0) != 0) { + + /* Check for every part of the path, if the directory + exists. If not, create it with permissions 755 and @@ -36,36 +43,31 @@ + strcat (path, cp); + if (access (path, F_OK) != 0) { + if (mkdir (path, 0) != 0) { -+ fprintf (stderr, -+ _("%s: cannot create directory %s\n"), + fprintf (stderr, + _("%s: cannot create directory %s\n"), +- Prog, prefix_user_home); + Prog, path); #ifdef WITH_AUDIT -- audit_logger (AUDIT_ADD_USER, Prog, -- "adding home directory", -- user_name, (unsigned int) user_id, -- SHADOW_AUDIT_FAILURE); -+ audit_logger (AUDIT_ADD_USER, Prog, -+ "adding home directory", -+ user_name, (unsigned int) user_id, -+ SHADOW_AUDIT_FAILURE); + audit_logger (AUDIT_ADD_USER, Prog, + "adding home directory", +@@ -2039,6 +2061,20 @@ #endif -- fail_exit (E_HOMEDIR); -+ fail_exit (E_HOMEDIR); -+ } + fail_exit (E_HOMEDIR); + } + if (chown (path, 0, 0) < 0) { + fprintf (stderr, + _("%s: warning: chown on `%s' failed: %m\n"), + Prog, path); + } -+ if (chmod (path, 0777) < 0) { ++ if (chmod (path, 0755) < 0) { + fprintf (stderr, + _("%s: warning: chmod on `%s' failed: %m\n"), + Prog, path); + } + } + cp = strtok (NULL, "/"); - } ++ } + - chown (user_home, user_id, user_gid); - chmod (user_home, + (void) chown (prefix_user_home, user_id, user_gid); + chmod (prefix_user_home, 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK)); ++++++ userdel-script.patch ++++++ --- /var/tmp/diff_new_pack.Z9j8NU/_old 2018-05-22 16:57:57.356971846 +0200 +++ /var/tmp/diff_new_pack.Z9j8NU/_new 2018-05-22 16:57:57.356971846 +0200 @@ -1,6 +1,16 @@ ---- src/userdel.c -+++ src/userdel.c -@@ -762,13 +762,13 @@ static void update_user (void) +diff -urEbwB shadow-4.6/src/userdel.c shadow-4.6.new/src/userdel.c +--- shadow-4.6/src/userdel.c 2018-04-29 18:42:37.000000000 +0200 ++++ shadow-4.6.new/src/userdel.c 2018-05-14 16:13:43.996280216 +0200 +@@ -125,7 +125,7 @@ + static void fail_exit (int); + static void open_files (void); + static void update_user (void); +-static void user_cancel (const char *); ++static void call_script (const char *, const char *); + + #ifdef EXTRA_CHECK_HOME_DIR + static bool path_prefix (const char *, const char *); +@@ -767,13 +767,13 @@ * cron, at, or print jobs. */ @@ -16,7 +26,7 @@ if (NULL == cmd) { return; } -@@ -1163,9 +1163,10 @@ int main (int argc, char **argv) +@@ -1213,9 +1213,10 @@ } /* @@ -25,20 +35,20 @@ + * Do the hard stuff - open the files, remove the user entries, + * remove the home directory, then close and update the files. */ -+ call_script ("USERDEL_PRECMD", user_name); ++ call_script ("USERDEL_PRECMD", user_name); open_files (); update_user (); update_groups (); -@@ -1268,7 +1269,7 @@ int main (int argc, char **argv) - * Cancel any crontabs or at jobs. Have to do this before we remove +@@ -1319,7 +1320,7 @@ * the entry from /etc/passwd. */ -- user_cancel (user_name); -+ call_script ("USERDEL_CMD", user_name); + if(prefix[0] == '\0') +- user_cancel (user_name); ++ call_script ("USERDEL_CMD", user_name); close_files (); #ifdef WITH_TCB -@@ -1278,6 +1279,8 @@ int main (int argc, char **argv) +@@ -1329,6 +1330,9 @@ nscd_flush_cache ("passwd"); nscd_flush_cache ("group"); @@ -47,4 +57,4 @@ + return ((0 != errors) ? E_HOMEDIR : E_SUCCESS); } -- +