Your message dated Thu, 02 Apr 2026 18:23:34 +0000
with message-id <[email protected]>
and subject line Bug#1132509: fixed in shadow 1:4.19.3-2
has caused the Debian Bug report #1132509,
regarding uidmap: getsubids look up /etc/subgid by gid instead of uid when
using numerical values
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1132509: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132509
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: uidmap
Version: 1:4.18.0-2
Severity: important
Tags: patch
X-Debbugs-Cc: [email protected], [email protected],
[email protected]
Control: affects -1 sbuild
Hi,
Since version 0.91.6, sbuild started to use getsubids to parse
/etc/subgid [1]. The format of this file is supposed to be [2]:
login name or UID : numerical subordinate group ID : numerical subordinate
group ID count
Unfortunately getsubids parses it as login name or *GID*. This breaks
when this file contains UID and when UID != GID:
$ id buildd
uid=2952(buildd) gid=1009(buildd) groupes=1009(buildd),115(sbuild)
$ grep 2952 /etc/subgid
2952:193462272:65536
$ getsubids -g buildd
Error fetching ranges
Fortunately it seems that newgidmap parses the file correctly, so this
is not a security issue.
The following untested patch should fix the issue (which means that
get_owner_id() can be simplified as this is the only caller:
--- shadow-4.19.3.orig/lib/subordinateio.c
+++ shadow-4.19.3/lib/subordinateio.c
@@ -908,7 +908,7 @@ int list_owner_ranges(const char *owner,
return -1;
}
- have_owner_id = get_owner_id(owner, id_type, id);
+ have_owner_id = get_owner_id(owner, ID_TYPE_UID, id);
commonio_rewind(db);
while (NULL != (range = commonio_next(db))) {
Regards
Aurelien
[1]
https://salsa.debian.org/debian/sbuild/-/commit/590c06cd5a76b6758606cc30fea075816edda468
[2] https://manpages.debian.org/unstable/passwd/subgid.5.en.html
--- End Message ---
--- Begin Message ---
Source: shadow
Source-Version: 1:4.19.3-2
Done: Chris Hofstaedtler <[email protected]>
We believe that the bug you reported is fixed in the latest version of
shadow, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Chris Hofstaedtler <[email protected]> (supplier of updated shadow package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 02 Apr 2026 19:44:38 +0200
Source: shadow
Architecture: source
Version: 1:4.19.3-2
Distribution: unstable
Urgency: medium
Maintainer: Shadow package maintainers
<[email protected]>
Changed-By: Chris Hofstaedtler <[email protected]>
Closes: 1132509
Changes:
shadow (1:4.19.3-2) unstable; urgency=medium
.
* Fix getsubids parsing of /etc/subgid.
Thanks to Aurelien Jarno (Closes: #1132509)
Checksums-Sha1:
bda409e9faaf229d0cb281e5eeeb137cdb25accf 2871 shadow_4.19.3-2.dsc
17118fd0adbf2c582efb14ba75fae6f402f9f291 174200 shadow_4.19.3-2.debian.tar.xz
40c9232ba743a12ab1d62998ae943f6e3da8ac4b 9362 shadow_4.19.3-2_arm64.buildinfo
Checksums-Sha256:
bd435c4c270c2392a5cacc44b090aa300f8d66ef426d079b4950367bbc6681dc 2871
shadow_4.19.3-2.dsc
1168455eea66aafb572bb0356c3bf547670ebb2ed411fd1c02eaabc3979ff399 174200
shadow_4.19.3-2.debian.tar.xz
78db1605e43d146f8b0839dc11c7be4da1974d0d69c4fd20895625f377683160 9362
shadow_4.19.3-2_arm64.buildinfo
Files:
2ff6c6f5533df0a9e412fcdef81768b8 2871 admin required shadow_4.19.3-2.dsc
91c031ce7a17e73a6ca37cfc533a6438 174200 admin required
shadow_4.19.3-2.debian.tar.xz
9e2112648246d5879e350c4bc52f87ca 9362 admin required
shadow_4.19.3-2_arm64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfRrP+tnggGycTNOSXBPW25MFLgMFAmnOrRYACgkQXBPW25MF
LgNXIQ/+MF/k6wNJNYGICxQ8aK7P2YRzpgXdkpVQb3UduGSqcjTaNqbjKKJcwzBj
MDfORgwA62TgE8rEhw39VKdJjD9Dze8Tw/AWVzuGoLonrT11nxzIiwmaKGXPs+PB
keIZSze5VcIMbmI04etr7tXQrr2aK+TB/3c94gEBQkbFa6BNIxoaGjJwXnFvhajz
awZq08mf7Q4ucsILXJSYVtOrpGbbzIvXPRUn+lnRbc81Xmg737P/rqdeoUBg+Ury
9BESPgLQMfhlm/eJ5NRzo6ybGiWjHXzlCQe8LtXp8SEEND0aaCNyNI1yDVP0zV5n
XYhTmZhjfDQPH/+GtxiELy/JfPKZZAYVZBwdxb8xn09os9k1jdlJK+Q20ivRmUsj
cke5tX5eNtfpBOfKqW1hrm5rBuWyjVtlctlFX8VsYwwmscv5Cs/LvZMeITNciv4w
SibKbbSTXCt7PJPBtehYGonLte1Xl2+gkshqIBBwQiXLkfZUf1zRG0Dqa8Ym+3sB
zVGoYQ79zkzWVioSovjdA8MRdHHds1G8xdc/RQXFaO0I+xvxBjC6pnAlWUGVbaSG
axg+CwgWhN7TGIfIAgGBjT5rWt5Xz8qzOoPb8Li1UZ72+IX45W7uNfGLqNmbj+BY
658A+gpoej2qgxPmjjzVxNeGgXkZPAViubCze+J/r9zG75aj5bo=
=fhe1
-----END PGP SIGNATURE-----
pgpUW06rbT4qC.pgp
Description: PGP signature
--- End Message ---
_______________________________________________
Pkg-shadow-devel mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel
