From cd964eccb5adcb4ad7c622b6cf06842bccac9f3c Mon Sep 17 00:00:00 2001
From: nekral-guest <nekral-guest@5a98b0ae-9ef6-0310-add3-de5d479b70d7>
Date: Tue, 18 Oct 2011 21:58:33 +0000
Subject: [PATCH]     - debian/patches/402_cppw_selinux: Avoid implicit
 conversion between       integer and boolean.     -
 debian/patches/401_cppw_src.dpatch: Replace progname by Prog. Rename      
 create_backup_file to create_copy. The lock functions do not ser errno.      
 Do not report the error string on cppwexit.

---
 debian/changelog                   |  9 +++++--
 debian/patches/401_cppw_src.dpatch | 42 ++++++++++++++++--------------
 debian/patches/402_cppw_selinux    | 10 +++----
 3 files changed, 34 insertions(+), 27 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index bc0759e2..6d7535b1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-shadow (1:4.1.5-1) UNRELEASED; urgency=low
+shadow (1:4.1.5-1) unstable; urgency=low
 
   * The "Charolais" release.
 
@@ -45,6 +45,11 @@ shadow (1:4.1.5-1) UNRELEASED; urgency=low
     - debian/patches/008_su_get_PAM_username: Removed, feature supported
       upstream.
     - debian/patches/300_CVE-2011-0721: Removed, applied upstream.
+    - debian/patches/402_cppw_selinux: Avoid implicit conversion between
+      integer and boolean.
+    - debian/patches/401_cppw_src.dpatch: Replace progname by Prog. Rename
+      create_backup_file to create_copy. The lock functions do not ser errno.
+      Do not report the error string on cppwexit.
     - Upstream translation updates from Debian BTS:
       + Brazilian Portuguese. Closes: #622834
       + Catalan. Closes: #627526
@@ -74,7 +79,7 @@ shadow (1:4.1.5-1) UNRELEASED; urgency=low
   * Use "linux-any" instead of a negated list of architectures in
     Build-Depends. Closes: #634465
 
- -- Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net>  Fri, 29 Jul 2011 15:29:02 +0200
+ -- Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net>  Tue, 18 Oct 2011 22:43:04 +0200
 
 shadow (1:4.1.4.2+svn3283-3) unstable; urgency=high
 
diff --git a/debian/patches/401_cppw_src.dpatch b/debian/patches/401_cppw_src.dpatch
index 5413472d..0816535c 100755
--- a/debian/patches/401_cppw_src.dpatch
+++ b/debian/patches/401_cppw_src.dpatch
@@ -7,7 +7,7 @@
 @DPATCH@
 --- /dev/null
 +++ b/src/cppw.c
-@@ -0,0 +1,199 @@
+@@ -0,0 +1,201 @@
 +/*
 +  cppw, cpgr  copy with locking given file over the password or group file
 +  with -s will copy with locking given file over shadow or gshadow file
@@ -51,18 +51,20 @@
 +#include "sgroupio.h"
 +
 +
-+static const char *progname, *filename, *filenewname;
++const char *Prog;
++
++const char *filename, *filenewname;
 +static int filelocked = 0;
 +static int (*unlock)();
 +
 +/* local function prototypes */
-+static int create_backup_file (FILE *, const char *, struct stat *);
++static int create_copy (FILE *, const char *, struct stat *);
 +static void cppwexit (const char *, int, int);
 +static void cppwcopy (const char *, const char *, int (*) (void), int (*) (void));
 +int main (int, char **);
 +
 +static int
-+create_backup_file(FILE *fp, const char *backup, struct stat *sb)
++create_copy (FILE *fp, const char *dest, struct stat *sb)
 +{
 +  struct utimbuf ub;
 +  FILE *bkfp;
@@ -70,7 +72,7 @@
 +  mode_t mask;
 +
 +  mask = umask(077);
-+  bkfp = fopen(backup, "w");
++  bkfp = fopen(dest, "w");
 +  umask(mask);
 +  if (!bkfp) return -1;
 +
@@ -81,21 +83,21 @@
 +
 +  if (c != EOF || fflush(bkfp)) {
 +    fclose(bkfp);
-+    unlink(backup);
++    unlink(dest);
 +    return -1;
 +  }
 +  if (   (fsync (fileno (bkfp)) != 0)
 +      || (fclose(bkfp) != 0)) {
-+    unlink(backup);
++    unlink(dest);
 +    return -1;
 +  }
 +
 +  ub.actime = sb->st_atime;
 +  ub.modtime = sb->st_mtime;
-+  if (utime(backup, &ub) ||
-+      chmod(backup, sb->st_mode) ||
-+      chown(backup, sb->st_uid, sb->st_gid)) {
-+    unlink(backup);
++  if (utime(dest, &ub) ||
++      chmod(dest, sb->st_mode) ||
++      chown(dest, sb->st_uid, sb->st_gid)) {
++    unlink(dest);
 +    return -1;
 +  }
 +  return 0;
@@ -106,9 +108,9 @@
 +{
 +  int err = errno;
 +  if (filelocked) (*unlock)();
-+  if (msg) fprintf(stderr, "%s: %s", progname, msg);
++  if (msg) fprintf(stderr, "%s: %s", Prog, msg);
 +  if (syserr) fprintf(stderr, ": %s", strerror(err));
-+  fprintf(stderr, "\n%s: %s is unchanged\n", progname, filename);
++  fprintf(stderr, "\n%s: %s is unchanged\n", Prog, filename);
 +  exit(ret);
 +}
 +
@@ -125,14 +127,14 @@
 +  filenewname = filenew;
 +  
 +  if (access(file, F_OK)) cppwexit(file, 1, 1);
-+  if (!file_lock()) cppwexit("Couldn't lock file", errno, 5);
++  if (!file_lock()) cppwexit("Couldn't lock file", 0, 5);
 +  filelocked = 1;
 +
 +  /* file to copy has same owners, perm */
 +  if (stat(file, &st1)) cppwexit(file, 1, 1);
-+  if (!(f = fopen(in_file, "r"))) cppwexit(file, 1, 1);
-+  if (create_backup_file(f, filenew, &st1))
-+    cppwexit("Couldn't make backup", errno, 1);
++  if (!(f = fopen(in_file, "r"))) cppwexit(in_file, 1, 1);
++  if (create_copy(f, filenew, &st1))
++    cppwexit("Couldn't make copy", errno, 1);
 +  
 +  /* XXX - here we should check filenew for errors; if there are any,
 +     fail w/ an appropriate error code and let the user manually fix
@@ -141,7 +143,7 @@
 +
 +  if (rename(filenew, file) == -1) {
 +    fprintf(stderr, "%s: can't copy %s: %s)\n",
-+	    progname, filenew, strerror(errno));
++	    Prog, filenew, strerror(errno));
 +    cppwexit(0,0,1);
 +  }
 +
@@ -159,8 +161,8 @@
 +  int e = 1;
 +  int do_cppw;
 +
-+  progname = ((c = strrchr(*argv, '/')) ? c+1 : *argv);
-+  do_cppw = (strcmp(progname, "cpgr") != 0);
++  Prog = ((c = strrchr(*argv, '/')) ? c+1 : *argv);
++  do_cppw = (strcmp(Prog, "cpgr") != 0);
 +
 +  while ((flag = getopt(argc, argv, "ghps")) != EOF) {
 +    switch (flag) {
diff --git a/debian/patches/402_cppw_selinux b/debian/patches/402_cppw_selinux
index 5beb3a9e..77d0096e 100644
--- a/debian/patches/402_cppw_selinux
+++ b/debian/patches/402_cppw_selinux
@@ -21,14 +21,14 @@ Depends on 401_cppw_src.dpatch
  #include "prototypes.h"
  #include "pwio.h"
  #include "shadowio.h"
-@@ -115,6 +118,22 @@
+@@ -117,6 +120,22 @@
    filenewname = filenew;
    
    if (access(file, F_OK)) cppwexit(file, 1, 1);
 +#ifdef WITH_SELINUX
 +  /* if SE Linux is enabled then set the context of all new files
 +     to be the context of the file we are editing */
-+  if (is_selinux_enabled ()) {
++  if (is_selinux_enabled () > 0) {
 +    security_context_t passwd_context=NULL;
 +    int ret = 0;
 +    if (getfilecon (file, &passwd_context) < 0) {
@@ -41,16 +41,16 @@ Depends on 401_cppw_src.dpatch
 +    }
 +  }
 +#endif
-   if (!file_lock()) cppwexit("Couldn't lock file", errno, 5);
+   if (!file_lock()) cppwexit("Couldn't lock file", 0, 5);
    filelocked = 1;
  
-@@ -135,6 +154,15 @@
+@@ -137,6 +156,15 @@
      cppwexit(0,0,1);
    }
  
 +#ifdef WITH_SELINUX
 +  /* unset the fscreatecon */
-+  if (is_selinux_enabled ()) {
++  if (is_selinux_enabled () > 0) {
 +    if (setfscreatecon (NULL)) {
 +      cppwexit (_("setfscreatecon() failed"), errno, 1);
 +    }