From 32b05a621cb20af1bd4b7cd6f5609b7512bb20f1 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 29 Feb 2012 03:34:34 +0000 Subject: Wed Feb 29 03:34:34 UTC 2012 --- core/shadow/PKGBUILD | 21 ++++++++-- core/shadow/userdel-avoid-bad-mem-access.patch | 57 ++++++++++++++++++++++++++ core/shadow/write-utmp-wtmp-entries.patch | 47 +++++++++++++++++++++ 3 files changed, 121 insertions(+), 4 deletions(-) create mode 100644 core/shadow/userdel-avoid-bad-mem-access.patch create mode 100644 core/shadow/write-utmp-wtmp-entries.patch (limited to 'core/shadow') diff --git a/core/shadow/PKGBUILD b/core/shadow/PKGBUILD index ed42c0916..1c833bd06 100644 --- a/core/shadow/PKGBUILD +++ b/core/shadow/PKGBUILD @@ -1,10 +1,10 @@ -# $Id: PKGBUILD 150333 2012-02-16 23:20:09Z dreisner $ +# $Id: PKGBUILD 151546 2012-02-27 16:22:05Z dreisner $ # Maintainer: Dave Reisner # Maintainer: Aaron Griffin pkgname=shadow pkgver=4.1.5 -pkgrel=3 +pkgrel=4 pkgdesc="Password and account management tool suite with support for shadow files and PAM" arch=('i686' 'x86_64') url='http://pkg-shadow.alioth.debian.org/' @@ -33,7 +33,9 @@ source=("http://pkg-shadow.alioth.debian.org/releases/$pkgname-$pkgver.tar.bz2"{ nscd-error-reporting.patch xstrdup.patch shadow-strncpy-usage.patch - shadow-add-missing-include.patch) + shadow-add-missing-include.patch + userdel-avoid-bad-mem-access.patch + write-utmp-wtmp-entries.patch) sha1sums=('3ab1ae0e30af36d04445314fcb5a079bdf05de41' '0a31aafceb948a91fe7370a6378cafd6fd883145' '33a6cf1e44a1410e5c9726c89e5de68b78f5f922' @@ -50,7 +52,9 @@ sha1sums=('3ab1ae0e30af36d04445314fcb5a079bdf05de41' 'ae6eebb842c433ac4022c493294a13ed68e06acc' '6010fffeed1fc6673ad9875492e1193b1a847b53' '21e12966a6befb25ec123b403cd9b5c492fe5b16' - '0697a21f7519de30821da7772677035652df4ad2') + '0697a21f7519de30821da7772677035652df4ad2' + 'e1dd93d82c6eba76b5f17a9fefad4bbc513cff5b' + 'bcef8558c9123b396d2d4df26c815a951f97a91a') build() { cd "$pkgname-$pkgver" @@ -61,11 +65,20 @@ build() { # link to glibc's crypt(3) LDFLAGS+=" -lcrypt" + # need to offer these upstream patch -Np1 <"$srcdir/xstrdup.patch" patch -Np1 <"$srcdir/shadow-strncpy-usage.patch" + + # backports queued for 4.1.5.1 patch -Np1 <"$srcdir/shadow-add-missing-include.patch" patch -Np1 <"$srcdir/nscd-error-reporting.patch" + # sent to ML + patch -Np0 <"$srcdir/userdel-avoid-bad-mem-access.patch" + + # revert to fix FS#28543 + patch -RNp1 <"$srcdir/write-utmp-wtmp-entries.patch" + # supress etc/pam.d/*, we provide our own sed -i '/^SUBDIRS/s/pam.d//' etc/Makefile.in diff --git a/core/shadow/userdel-avoid-bad-mem-access.patch b/core/shadow/userdel-avoid-bad-mem-access.patch new file mode 100644 index 000000000..1d36562b2 --- /dev/null +++ b/core/shadow/userdel-avoid-bad-mem-access.patch @@ -0,0 +1,57 @@ +Index: src/userdel.c +=================================================================== +--- src/userdel.c (revision 3713) ++++ src/userdel.c (working copy) +@@ -329,26 +329,33 @@ + } + + if (NULL == pwd) { ++ char gr_name[GROUP_NAME_MAX_LENGTH + 1]; ++ ++ /* make a copy of the group name before we delete it. ++ * we can't use ->gr_name after the group is deleted ++ * for logging purposes */ ++ snprintf(gr_name, GROUP_NAME_MAX_LENGTH, "%s", grp->gr_name); ++ + /* + * We can remove this group, it is not the primary + * group of any remaining user. + */ +- if (gr_remove (grp->gr_name) == 0) { ++ if (gr_remove (gr_name) == 0) { + fprintf (stderr, + _("%s: cannot remove entry '%s' from %s\n"), +- Prog, grp->gr_name, gr_dbname ()); ++ Prog, gr_name, gr_dbname ()); + fail_exit (E_GRP_UPDATE); + } + + #ifdef WITH_AUDIT + audit_logger (AUDIT_DEL_GROUP, Prog, + "deleting group", +- grp->gr_name, AUDIT_NO_ID, ++ gr_name, AUDIT_NO_ID, + SHADOW_AUDIT_SUCCESS); + #endif /* WITH_AUDIT */ + SYSLOG ((LOG_INFO, + "removed group '%s' owned by '%s'\n", +- grp->gr_name, user_name)); ++ gr_name, user_name)); + + #ifdef SHADOWGRP + if (sgr_locate (user_name) != NULL) { +@@ -361,12 +368,12 @@ + #ifdef WITH_AUDIT + audit_logger (AUDIT_DEL_GROUP, Prog, + "deleting shadow group", +- grp->gr_name, AUDIT_NO_ID, ++ gr_name, AUDIT_NO_ID, + SHADOW_AUDIT_SUCCESS); + #endif /* WITH_AUDIT */ + SYSLOG ((LOG_INFO, + "removed shadow group '%s' owned by '%s'\n", +- grp->gr_name, user_name)); ++ gr_name, user_name)); + + } + #endif /* SHADOWGRP */ diff --git a/core/shadow/write-utmp-wtmp-entries.patch b/core/shadow/write-utmp-wtmp-entries.patch new file mode 100644 index 000000000..b4272ca61 --- /dev/null +++ b/core/shadow/write-utmp-wtmp-entries.patch @@ -0,0 +1,47 @@ +Index: upstream/trunk/src/login.c +=================================================================== +--- a/src/login.c (revision 3437) ++++ b/src/login.c (revision 3438) +@@ -126,10 +126,12 @@ + static void setup_tty (void); + static void process_flags (int argc, char *const *argv); + static /*@observer@*/const char *get_failent_user (/*@returned@*/const char *user); ++#ifndef USE_PAM + static void update_utmp (const char *user, + const char *tty, + const char *host, + /*@null@*/const struct utmp *utent); ++#endif /* ! USE_PAM */ + + #ifndef USE_PAM + static struct faillog faillog; +@@ -471,6 +473,7 @@ + return failent_user; + } + ++#ifndef USE_PAM + /* + * update_utmp - Update or create an utmp entry in utmp, wtmp, utmpw, and + * wtmpx +@@ -496,6 +499,7 @@ + free (utx); + #endif /* USE_UTMPX */ + } ++#endif /* ! USE_PAM */ + + /* + * login - create a new login session for a user +@@ -1208,11 +1212,13 @@ + } + } + ++#ifndef USE_PAM + /* + * The utmp entry needs to be updated to indicate the new status + * of the session, the new PID and SID. + */ + update_utmp (username, tty, hostname, utent); ++#endif /* ! USE_PAM */ + + /* The pwd and spwd entries for the user have been copied. + * -- cgit v1.2.3-54-g00ecf