Refresh patches

2022-11-10 16:28:31 +01:00
parent e4bc4e00d3
commit f960334281
10 changed files with 29 additions and 193 deletions
@@ -1,32 +0,0 @@
-From e503fd574b7dbf6b21b1168e20938f0922807916 Mon Sep 17 00:00:00 2001
-From: Xiami <1927254+Xiami2012@users.noreply.github.com>
-Date: Wed, 5 Oct 2022 18:11:28 +0800
-Subject: [PATCH] chage: Fix regression in print_date
-
-Introduced by c6c8130db4319613a91dd07bbb845f6c33c5f79f
-
-After removing snprintf, the format string should get unescaped once.
-
-Fixes #564
-
-Reporter and patch author: DerMouse (github.com/DerMouse)
---
- src/chage.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/chage.c b/src/chage.c
-index 8cf67794..01570d72 100644
--- a/src/chage.c
-+++ b/src/chage.c
-@@ -228,7 +228,7 @@ static void print_date (time_t date)
- 	if (NULL == tp) {
- 		(void) printf ("time_t: %lu\n", (unsigned long)date);
- 	} else {
-		(void) strftime (buf, sizeof buf, iflg ? "%%Y-%%m-%%d" : "%%b %%d, %%Y", tp);
-+		(void) strftime (buf, sizeof buf, iflg ? "%Y-%m-%d" : "%b %d, %Y", tp);
- 		(void) puts (buf);
- 	}
- }
-- 
-2.34.1
-
@@ -1,27 +0,0 @@
-From f3bdb28e57e5e38c1e89347976c7d61a181eec32 Mon Sep 17 00:00:00 2001
-From: Samanta Navarro <ferivoz@riseup.net>
-Date: Sun, 4 Sep 2022 11:54:19 +0000
-Subject: [PATCH 1/2] copy_tree: use fchmodat instead of chmod
-
-Fixes regression introduced in faeab50e710131816b261de66141524898c2c487
-for setups configured without acl support.
---
- libmisc/copydir.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/libmisc/copydir.c b/libmisc/copydir.c
-index 5605f6fe..b6025f4c 100644
--- a/libmisc/copydir.c
-+++ b/libmisc/copydir.c
-@@ -529,7 +529,7 @@ static int copy_dir (const struct path_info *src, const struct path_info *dst,
- 	    || (   (perm_copy_path (src, dst, &ctx) != 0)
- 	        && (errno != 0))
- #else				/* !WITH_ACL */
-	    || (chmod (dst, statp->st_mode) != 0)
-+	    || (fchmodat (dst->dirfd, dst->name, statp->st_mode & 07777, AT_SYMLINK_NOFOLLOW) != 0)
- #endif				/* !WITH_ACL */
- #ifdef WITH_ATTR
- 	/*
-- 
-2.34.1
-
@@ -1,53 +0,0 @@
-From 10cd68e0f04b48363eb32d2c6e168b358fb27810 Mon Sep 17 00:00:00 2001
-From: Samanta Navarro <ferivoz@riseup.net>
-Date: Sun, 4 Sep 2022 11:58:03 +0000
-Subject: [PATCH 2/2] copy_tree: do not block on fifos
-
-Fixes regression introduced in faeab50e710131816b261de66141524898c2c487.
-
-If a directory contains fifos, then openat blocks until the other side
-of the fifo is connected as well.
-
-This means that users can prevent "usermod -m" from completing if their
-home directories contain at least one fifo.
---
- libmisc/copydir.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/libmisc/copydir.c b/libmisc/copydir.c
-index b6025f4c..5fb47da0 100644
--- a/libmisc/copydir.c
-+++ b/libmisc/copydir.c
-@@ -126,12 +126,12 @@ static int perm_copy_path(const struct path_info *src,
- {
- 	int src_fd, dst_fd, ret;
- 
-	src_fd = openat(src->dirfd, src->name, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
-+	src_fd = openat(src->dirfd, src->name, O_RDONLY | O_NOFOLLOW | O_NONBLOCK | O_CLOEXEC);
- 	if (src_fd < 0) {
- 		return -1;
- 	}
- 
-	dst_fd = openat(dst->dirfd, dst->name, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
-+	dst_fd = openat(dst->dirfd, dst->name, O_RDONLY | O_NOFOLLOW | O_NONBLOCK | O_CLOEXEC);
- 	if (dst_fd < 0) {
- 		(void) close (src_fd);
- 		return -1;
-@@ -152,12 +152,12 @@ static int attr_copy_path(const struct path_info *src,
- {
- 	int src_fd, dst_fd, ret;
- 
-	src_fd = openat(src->dirfd, src->name, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
-+	src_fd = openat(src->dirfd, src->name, O_RDONLY | O_NOFOLLOW | O_NONBLOCK | O_CLOEXEC);
- 	if (src_fd < 0) {
- 		return -1;
- 	}
- 
-	dst_fd = openat(dst->dirfd, dst->name, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
-+	dst_fd = openat(dst->dirfd, dst->name, O_RDONLY | O_NOFOLLOW | O_NONBLOCK | O_CLOEXEC);
- 	if (dst_fd < 0) {
- 		(void) close (src_fd);
- 		return -1;
-- 
-2.34.1
-
@@ -6,7 +6,7 @@ Notes:

 --- a/src/login.c
 +++ b/src/login.c
-@@ -829,6 +829,24 @@
+@@ -827,6 +827,24 @@
 			(void) puts ("");
 			(void) puts (_("Login incorrect"));
 
@@ -1,37 +0,0 @@
-From ebf9b232b012725d2be5e750876c7336cf1c37fd Mon Sep 17 00:00:00 2001
-From: David Kalnischkies <david@kalnischkies.de>
-Date: Wed, 24 Aug 2022 13:21:01 +0200
-Subject: [PATCH] useradd: Do not reset non-existent data in {last,fail}log
-
-useradd does not create the files if they don't exist, but if they exist
-it will reset user data even if the data did not exist before creating
-a hole and an explicitly zero'd data point resulting (especially for
-high UIDs) in a lot of zeros ending up in containers and tarballs.
---
- src/useradd.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
--- a/src/useradd.c
-+++ b/src/useradd.c
-@@ -1996,8 +1996,9 @@ static void faillog_reset (uid_t uid)
- 	struct faillog fl;
- 	int fd;
- 	off_t offset_uid = (off_t) (sizeof fl) * uid;
-+	struct stat st;
- 
-	if (access (FAILLOG_FILE, F_OK) != 0) {
-+	if (stat (FAILLOG_FILE, &st) != 0 || st.st_size <= offset_uid) {
- 		return;
- 	}
- 
-@@ -2033,8 +2034,9 @@ static void lastlog_reset (uid_t uid)
- 	int fd;
- 	off_t offset_uid = (off_t) (sizeof ll) * uid;
- 	uid_t max_uid;
-+	struct stat st;
- 
-	if (access (LASTLOG_FILE, F_OK) != 0) {
-+	if (stat (LASTLOG_FILE, &st) != 0 || st.st_size <= offset_uid) {
- 		return;
- 	}
- 
@@ -20,7 +20,7 @@ Note: It could be removed if pam_tally could report the number of failures
 static void bad_time_notify (void);
 static void check_nologin (bool login_to_root);
 #else
-@@ -789,6 +789,9 @@
+@@ -787,6 +787,9 @@
 				SYSLOG ((LOG_NOTICE,
 				         "TOO MANY LOGIN TRIES (%u)%s FOR '%s'",
 				         failcount, fromhost, failent_user));
@@ -30,7 +30,7 @@ Note: It could be removed if pam_tally could report the number of failures
 				fprintf (stderr,
 				         _("Maximum number of tries exceeded (%u)\n"),
 				         failcount);
-@@ -806,6 +809,14 @@
+@@ -804,6 +807,14 @@
 				         pam_strerror (pamh, retcode)));
 				failed = true;
 			}
@@ -45,7 +45,7 @@ Note: It could be removed if pam_tally could report the number of failures
 
 			if (!failed) {
 				break;
-@@ -829,6 +840,10 @@
+@@ -827,6 +838,10 @@
 			(void) puts ("");
 			(void) puts (_("Login incorrect"));
 
@@ -56,7 +56,7 @@ Note: It could be removed if pam_tally could report the number of failures
 			if (getdef_str("FTMP_FILE") != NULL) {
 #ifdef USE_UTMPX
 				struct utmpx *failent =
-@@ -1299,6 +1314,7 @@
+@@ -1295,6 +1310,7 @@
 		 */
 #ifndef USE_PAM
 		motd ();	/* print the message of the day */
@@ -64,7 +64,7 @@ Note: It could be removed if pam_tally could report the number of failures
 		if (   getdef_bool ("FAILLOG_ENAB")
 		    && (0 != faillog.fail_cnt)) {
 			failprint (&faillog);
-@@ -1311,6 +1327,7 @@
+@@ -1307,6 +1323,7 @@
 				         username, (int) faillog.fail_cnt));
 			}
 		}
@@ -9,7 +9,7 @@ Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs

 --- a/src/login.c
 +++ b/src/login.c
-@@ -514,7 +514,6 @@
+@@ -512,7 +512,6 @@
 #if !defined(USE_PAM)
 	char ptime[80];
 #endif
@@ -17,7 +17,7 @@ Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs
 	unsigned int retries;
 	bool subroot = false;
 #ifndef USE_PAM
-@@ -539,6 +538,7 @@
+@@ -537,6 +536,7 @@
 	pid_t child;
 	char *pam_user = NULL;
 #else
@@ -25,7 +25,7 @@ Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs
 	struct spwd *spwd = NULL;
 #endif
 	/*
-@@ -703,7 +703,6 @@
+@@ -701,7 +701,6 @@
 	}
 
 	environ = newenvp;	/* make new environment active */
@@ -33,7 +33,7 @@ Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs
 	retries = getdef_unum ("LOGIN_RETRIES", RETRIES);
 
 #ifdef USE_PAM
-@@ -719,8 +718,7 @@
+@@ -717,8 +716,7 @@
 
 	/*
 	 * hostname & tty are either set to NULL or their correct values,
@@ -43,7 +43,7 @@ Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs
 	 *
 	 * PAM_RHOST and PAM_TTY are used for authentication, only use
 	 * information coming from login or from the caller (e.g. no utmp)
-@@ -729,10 +727,6 @@
+@@ -727,10 +725,6 @@
 	PAM_FAIL_CHECK;
 	retcode = pam_set_item (pamh, PAM_TTY, tty);
 	PAM_FAIL_CHECK;
@@ -54,7 +54,7 @@ Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs
 	/* if fflg, then the user has already been authenticated */
 	if (!fflg) {
 		unsigned int failcount = 0;
-@@ -773,12 +767,6 @@
+@@ -771,12 +765,6 @@
 			bool failed = false;
 
 			failcount++;
@@ -67,7 +67,7 @@ Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs
 
 			retcode = pam_authenticate (pamh, 0);
 
-@@ -1114,14 +1102,17 @@
+@@ -1110,14 +1098,17 @@
 		free (username);
 		username = NULL;
 
@@ -12,7 +12,7 @@ Fixes: #166793
 #include "nscd.h"
 #include "sssd.h"
 #ifdef WITH_TCB
-@@ -976,12 +977,23 @@
+@@ -970,12 +971,23 @@
 			goto fail;
 		}
 	} else {
@@ -49,7 +49,7 @@ Fixes: #166793
 	NULL,			/* head */
 --- a/lib/shadowio.c
 +++ b/lib/shadowio.c
-@@ -82,7 +82,7 @@
+@@ -84,7 +84,7 @@
 #ifdef WITH_SELINUX
 	NULL,			/* scontext */
 #endif				/* WITH_SELINUX */
@@ -23,11 +23,11 @@ Details:
 
 +#if 0
 	/*
- 	 * User/group names must match [a-z_][a-z0-9_-]*[$]
- 	 */
-@@ -50,6 +51,26 @@
- 			return false;
- 		}
+          * User/group names must match gnu e-regex:
+          *    [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]?
+@@ -52,8 +53,28 @@
+ 	      *name == '.')) {
+ 		return false;
 	}
 +#endif
 +	/*
@@ -50,19 +50,15 @@ Details:
 +		name++;
 +	} while ('\0' != *name);
 
- 	return true;
- }
+-	numeric = isdigit(*name);
+	int numeric = isdigit(*name);
+ 
+ 	while ('\0' != *++name) {
+ 		if (!((*name >= 'a' && *name <= 'z') ||
 --- a/man/useradd.8.xml
 +++ b/man/useradd.8.xml
-@@ -698,12 +698,20 @@
-     </para>
- 
-     <para>
-      Usernames must start with a lower case letter or an underscore,
-+      It is usually recommended to only use usernames that begin with a lower case letter or an underscore,
-       followed by lower case letters, digits, underscores, or dashes.
-       They can end with a dollar sign.
-       In regular expression terms: [a-z_][a-z0-9_-]*[$]?
+@@ -708,6 +708,14 @@
+       the <command>ls</command> output.
     </para>
     <para>
 +      On Debian, the only constraints are that usernames must neither start
@@ -78,15 +74,8 @@ Details:
   </refsect1>
 --- a/man/groupadd.8.xml
 +++ b/man/groupadd.8.xml
-@@ -64,12 +64,18 @@
-       files as needed.
-     </para>
-      <para>
-       Groupnames must start with a lower case letter or an underscore,
-+       It is usually recommended to only use groupnames that begin with a lower case letter or an underscore,
-        followed by lower case letters, digits, underscores, or dashes.
-        They can end with a dollar sign.
-        In regular expression terms: [a-z_][a-z0-9_-]*[$]?
+@@ -72,6 +72,12 @@
+        also disallowed.
      </para>
      <para>
 +       On Debian, the only constraints are that groupnames must neither start
@@ -2,11 +2,7 @@
 #900_testsuite_groupmems
 #901_testsuite_gcov

-0001-chage-Fix-regression-in-print_date.patch
-0002-copy_tree-use-fchmodat-instead-of-chmod.patch
-0003-copy_tree-do-not-block-on-fifos.patch
 008_login_log_failure_in_FTMP
-301_lastlog_faillog_do_not_reset_non-existent_data
 401_cppw_src.dpatch
 # 402 should be merged in 401, but should be reviewed by SE Linux experts first
 402_cppw_selinux