Release 4.14.5

Signed-off-by: Alejandro Colomar <alx@kernel.org>
etc/pam.d/Makefile.am: Fix typo
2024-02-13 18:59:37 +01:00 · 2024-02-13 18:47:39 +01:00 · 2024-02-11 23:46:58 +01:00 · 2024-02-05 00:46:30 +01:00 · 2024-02-05 00:40:18 +01:00 · 2024-01-30 22:14:53 +01:00
14 changed files with 74 additions and 20 deletions
--- a/configure.ac
+++ b/configure.ac
@@ -4,7 +4,7 @@ m4_define([libsubid_abi_major], 4)
 m4_define([libsubid_abi_minor], 0)
 m4_define([libsubid_abi_micro], 0)
 m4_define([libsubid_abi], [libsubid_abi_major.libsubid_abi_minor.libsubid_abi_micro])
-AC_INIT([shadow], [4.14.1], [pkg-shadow-devel@lists.alioth.debian.org], [],
+AC_INIT([shadow], [4.14.5], [pkg-shadow-devel@lists.alioth.debian.org], [],
 	[https://github.com/shadow-maint/shadow])
 AM_INIT_AUTOMAKE([1.11 foreign dist-xz])
 AC_CONFIG_MACRO_DIRS([m4])
@@ -32,6 +32,7 @@ AC_PROG_CC
 AC_PROG_LN_S
 AC_PROG_YACC
 LT_INIT
+LT_LIB_DLLOAD

 dnl Checks for libraries.

--- a/etc/pam.d/Makefile.am
+++ b/etc/pam.d/Makefile.am
@@ -2,20 +2,20 @@
 # and also cooperate to make a distribution for `make dist'

 pamd_files = \
+	chpasswd \
 	chfn \
 	chsh \
 	groupmems \
 	login \
+	newusers \
 	passwd

 pamd_acct_tools_files = \
 	chage \
 	chgpasswd \
-	chpasswd \
 	groupadd \
 	groupdel \
 	groupmod \
-	newusers \
 	useradd \
 	userdel \
 	usermod
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -20,6 +20,7 @@ endif

 libshadow_la_CPPFLAGS += -I$(top_srcdir)
 libshadow_la_CFLAGS = $(LIBBSD_CFLAGS) $(LIBCRYPT_PAM) $(LIBSYSTEMD)
+libshadow_la_LIBADD = $(LIBADD_DLOPEN)

 libshadow_la_SOURCES = \
 	addgrps.c \
--- a/lib/btrfs.c
+++ b/lib/btrfs.c
@@ -39,7 +39,7 @@ static int run_btrfs_subvolume_cmd(const char *subcmd, const char *arg1, const c
 		NULL
 	};

-	if (access(cmd, X_OK)) {
+	if (!cmd || access(cmd, X_OK)) {
 		return 1;
 	}

--- a/lib/chkname.c
+++ b/lib/chkname.c
@@ -74,12 +74,14 @@ static bool is_valid_name (const char *name)

 bool is_valid_user_name (const char *name)
 {
+	size_t  maxlen;
+
 	/*
 	 * User names length are limited by the kernel
 	 */
-	if (strlen (name) > sysconf(_SC_LOGIN_NAME_MAX)) {
+	maxlen = sysconf(_SC_LOGIN_NAME_MAX);
+	if (strlen(name) >= maxlen)
 		return false;
-	}

 	return is_valid_name (name);
 }
--- a/lib/logind.c
+++ b/lib/logind.c
@@ -35,7 +35,7 @@ done:
    return ret;
 }

-unsigned long active_sessions_count(const char *name, unsigned long unused)
+unsigned long active_sessions_count(const char *name, unsigned long unused(limit))
 {
    struct passwd *pw;
    unsigned long count = 0;
--- a/lib/readpassphrase.h
+++ b/lib/readpassphrase.h
@@ -36,8 +36,12 @@
 #endif
 #include <sys/types.h>

-__BEGIN_DECLS
+#ifdef __cplusplus
+extern "C" {
+#endif
 char * readpassphrase(const char *, char *, size_t, int);
-__END_DECLS
+#ifdef __cplusplus
+}
+#endif

 #endif /* !LIBBSD_READPASSPHRASE_H */
--- a/lib/sgetgrent.c
+++ b/lib/sgetgrent.c
@@ -37,8 +37,8 @@
 static char **list (char *s)
 {
 	static char **members = NULL;
-	static int size = 0;	/* max members + 1 */
-	int i;
+	static size_t size = 0;	/* max members + 1 */
+	size_t i;

 	i = 0;
 	for (;;) {
@@ -47,8 +47,10 @@ static char **list (char *s)
 		if (i >= size) {
 			size = i + 100;	/* at least: i + 1 */
 			members = REALLOCF(members, size, char *);
-			if (!members)
+			if (!members) {
+				size = 0;
 				return NULL;
+			}
 		}
 		if (!s || s[0] == '\0')
 			break;
--- a/lib/utmp.c
+++ b/lib/utmp.c
@@ -368,17 +368,16 @@ int update_utmp (const char *user,
 	struct utmp *utent, *ut;

 	utent = get_current_utmp ();
-	if (utent == NULL) {
-		return -1;
-	}
-
 	ut = prepare_utmp  (user, tty, host, utent);

 	(void) setutmp  (ut);	/* make entry in the utmp & wtmp files */
-	free (utent);
+
+	if (utent != NULL) {
+		free (utent);
+	}
 	free (ut);

-	return 1;
+	return 0;
 }

 void record_failure(const char *failent_user,
--- a/man/chage.1.xml
+++ b/man/chage.1.xml
@@ -198,6 +198,21 @@
 	  </para>
 	</listitem>
      </varlistentry>
+      <varlistentry>
+	<term>
+	  <option>-P</option>, <option>--prefix</option>&nbsp;<replaceable>PREFIX_DIR</replaceable>
+	</term>
+	<listitem>
+	  <para>
+	    Apply changes to configuration files under the root filesystem
+	    found under the directory <replaceable>PREFIX_DIR</replaceable>.
+	    This option does not chroot and is intended for preparing a cross-compilation
+	    target.  Some limitations: NIS and LDAP users/groups are
+	    not verified.  PAM authentication is using the host files.
+	    No SELINUX support.
+	  </para>
+	</listitem>
+      </varlistentry>
      <varlistentry>
 	<term>
 	  <option>-W</option>, <option>--warndays</option>&nbsp;<replaceable>WARN_DAYS</replaceable>
--- a/man/chpasswd.8.xml
+++ b/man/chpasswd.8.xml
@@ -173,6 +173,21 @@
 	  </para>
 	</listitem>
      </varlistentry>
+      <varlistentry>
+	<term>
+	  <option>-P</option>, <option>--prefix</option>&nbsp;<replaceable>PREFIX_DIR</replaceable>
+	</term>
+	<listitem>
+	  <para>
+	    Apply changes to configuration files under the root filesystem
+	    found under the directory <replaceable>PREFIX_DIR</replaceable>.
+	    This option does not chroot and is intended for preparing a cross-compilation
+	    target.  Some limitations: NIS and LDAP users/groups are
+	    not verified.  PAM authentication is using the host files.
+	    No SELINUX support.
+	  </para>
+	</listitem>
+      </varlistentry>
      <varlistentry condition="sha_crypt">
 	<term>
 	  <option>-s</option>, <option>--sha-rounds</option>&nbsp;<replaceable>ROUNDS</replaceable>
--- a/man/passwd.1.xml
+++ b/man/passwd.1.xml
@@ -280,6 +280,21 @@
 	  </para>
 	</listitem>
      </varlistentry>
+      <varlistentry>
+	<term>
+	  <option>-P</option>, <option>--prefix</option>&nbsp;<replaceable>PREFIX_DIR</replaceable>
+	</term>
+	<listitem>
+	  <para>
+	    Apply changes to configuration files under the root filesystem
+	    found under the directory <replaceable>PREFIX_DIR</replaceable>.
+	    This option does not chroot and is intended for preparing a cross-compilation
+	    target.  Some limitations: NIS and LDAP users/groups are
+	    not verified.  PAM authentication is using the host files.
+	    No SELINUX support.
+	  </para>
+	</listitem>
+      </varlistentry>
      <varlistentry>
 	<term>
 	  <option>-S</option>, <option>--status</option>
--- a/share/containers/debian.dockerfile
+++ b/share/containers/debian.dockerfile
@@ -9,7 +9,7 @@ RUN export DEBIAN_PRIORITY=critical \
 RUN apt-get update -y \
    && apt-get dist-upgrade -y
 RUN apt-get build-dep shadow -y
-RUN apt-get install libbsd-dev pkgconf -y
+RUN apt-get install libltdl-dev libbsd-dev pkgconf -y

 COPY ./ /usr/local/src/shadow/
 WORKDIR /usr/local/src/shadow/
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -2787,7 +2787,7 @@ int main (int argc, char **argv)
 		if (home_added) {
 			copy_tree (def_template, prefix_user_home, false, true,
 			           (uid_t)-1, user_id, (gid_t)-1, user_gid);
-			copy_tree (def_usrtemplate, prefix_user_home, false, false,
+			copy_tree (def_usrtemplate, prefix_user_home, false, true,
 			           (uid_t)-1, user_id, (gid_t)-1, user_gid);
 		} else {
 			fprintf (stderr,
Author	SHA1	Message	Date
Alejandro Colomar	24605a1b62	Release 4.14.5 Signed-off-by: Alejandro Colomar <alx@kernel.org>	2024-02-13 18:59:37 +01:00
Alejandro Colomar	9f3d42b14d	etc/pam.d/Makefile.am: Fix typo The commit we're fixing mentions that it wanted to move 'chpasswd', but it removed 'ch_g_passwd' from 'pamd_acct_tools_files' and added 'chpasswd' to 'pamd_files'. It seems it removed the wrong thing by accident. Fixes: `341d80c2c7` ("Makefile: move chpasswd and newusers to pamd target") Link: <https://github.com/shadow-maint/shadow/pull/928#discussion_r1487687347> Link: <https://github.com/shadow-maint/shadow/issues/926#issuecomment-1941324761> Reported-by: Dominique Leuenberger <dleuenberger@suse.com> Reported-by: Michael Vetter <jubalh@iodoru.org> Cc: David Runge <dvzrv@archlinux.org> Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Tested-by: Michael Vetter <jubalh@iodoru.org> Reviewed-by: Michael Vetter <jubalh@iodoru.org> Reviewed-by: loqs <https://github.com/loqs> Co-developed-by: Dominique Leuenberger <dleuenberger@suse.com> Signed-off-by: Dominique Leuenberger <dleuenberger@suse.com> Signed-off-by: Alejandro Colomar <alx@kernel.org> Cherry-picked-from: `7eb10e6298` ("etc/pam.d/Makefile.am: Fix typo") Signed-off-by: Alejandro Colomar <alx@kernel.org>	2024-02-13 18:47:39 +01:00
Alejandro Colomar	f0f7fc60f2	Release 4.14.4 Signed-off-by: Alejandro Colomar <alx@kernel.org>	2024-02-11 23:46:58 +01:00
Tobias Stoeckmann	bc0151d4d3	lib/chkname.c: Take NUL byte into account The _SC_LOGIN_NAME_MAX value includes space for the NUL byte. The length of name must smaller than this value to be valid. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> Cherry-picked-from: `403a2e3771` ("lib/chkname.c: Take NUL byte into account") Link: <https://github.com/shadow-maint/shadow/pull/935> Cc: Serge Hallyn <serge@hallyn.com> Signed-off-by: Alejandro Colomar <alx@kernel.org>	2024-02-05 00:46:30 +01:00
Alejandro Colomar	4b775cbff9	lib/chkname.c: Use tmp variable to avoid a -Wsign-compare warning I used size_t because: sysconf(3) can return -1 if the value is not supported, but then it can only mean that there's no limit. Having no limit is the same as having a limit of SIZE_MAX (to which -1 is converted). Signed-off-by: Alejandro Colomar <alx@kernel.org> Cherry-picked-from: `6be85b0baf` ("lib/chkname.c: Use tmp variable to avoid a -Wsign-compare warning") [alx: This is to cherry-pick the next commit without conflict] Link: <https://github.com/shadow-maint/shadow/pull/801> Link: <https://github.com/shadow-maint/shadow/pull/935> Cc: Serge Hallyn <serge@hallyn.com> Cc: Tobias Stoeckmann <tobias@stoeckmann.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>	2024-02-05 00:40:18 +01:00
loqs	bc2cc1106d	Makefile: Move chpasswd and newusers to pamd target Install pam configs for chpasswd and newusers when using: $ ./configure --with-libpam --disable-account-tools-setuid Closes: <https://github.com/shadow-maint/shadow/issues/810> Link: <https://github.com/shadow-maint/shadow/pull/928> Tested-by: David Runge <dvzrv@archlinux.org> Cherry-picked-from: `341d80c2c7` ("Makefile: move chpasswd and newusers to pamd target") Cc: Iker Pedrosa <ipedrosa@redhat.com> Signed-off-by: Alejandro Colomar <alx@kernel.org>	2024-01-30 22:14:53 +01:00
Pablo Saavedra	f630203ed8	lib/logind.c: active_sessions_count(): Fix build error 'parameter name omitted' Add the omitted parameter name. Closes: <https://github.com/shadow-maint/shadow/issues/918> Link: <https://github.com/shadow-maint/shadow/pull/919> Signed-off-by: Pablo Saavedra <psaavedra@igalia.com> Cherry-picked-from: `da84d0ede7` ("Fix Build error 'parameter name omitted' in logind") Cc: Michael Vetter <jubalh@iodoru.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>	2024-01-30 17:34:04 +01:00
Sam James	7540b05197	Link correctly with libdl This fixes build with glibc-2.33 (newer glibc merged libdl and libpthread into libc): ``` libtool: link: x86_64-pc-linux-gnu-gcc -isystem /usr/include/bsd -DLIBBSD_OVERLAY -O2 -pipe -Wl,-O1 -o login login.o login_nopam.o -Wl,--as-needed ../lib/.libs/libshadow.a -lcrypt -lsystemd -lpam -lpam_misc -lbsd /usr/lib/gcc/x86_64-pc-linux-gnu/13/../../../../x86_64-pc-linux-gnu/bin/ld: ../lib/.libs/libshadow.a(libshadow_la-nss.o): undefined reference to symbol 'dlclose@@GLIBC_2.2.5' /usr/lib/gcc/x86_64-pc-linux-gnu/13/../../../../x86_64-pc-linux-gnu/bin/ld: /lib64/libdl.so.2: error adding symbols: DSO missing from command line collect2: error: ld returned 1 exit status ``` In Debian, the needed macro from libtool seems to be in libltdl-dev. Signed-off-by: Sam James <sam@gentoo.org> Cc: Iker Pedrosa <ikerpedrosam@gmail.com> Cherry-picked-from: `0f4e59fd00` ("Link correctly with libdl") Link: <https://github.com/shadow-maint/shadow/pull/917> Signed-off-by: Alejandro Colomar <alx@kernel.org>	2024-01-26 13:32:08 +01:00
Alejandro Colomar	eae0b02796	Release 4.14.3 Signed-off-by: Alejandro Colomar <alx@kernel.org>	2024-01-16 00:01:06 +01:00
Samanta Navarro	1c6a1206bd	lib/sgetgrent.c: fix null pointer dereference If reallocation fails in function list, then reset the size to 0 again. Without the reset, the next call assumes that `members` points to a memory location with reserved space. Also use size_t instead of int for size to prevent signed integer overflows. The length of group lines is not limited. Fixes `45c0003e53` (4.14 release series) Proof of Concept: - Prepare a group file (one long group line and a shorter one, both with a list of users) $ echo -n "root:x:0:" > /tmp/uwu $ yes , \| tr -d '\n' \| dd of=/tmp/uwu bs=10 count=3145728 seek=1 conv=notrunc iflag=fullblock $ echo -e "\nbin:x:1:," >> /tmp/uwu - Run grpck with tight memory constraints $ ulimit -d 102400 $ grpck /tmp/uwu Segmentation fault (core dumped) Reviewed-by: Alejandro Colomar <alx@kernel.org> Signed-off-by: Samanta Navarro <ferivoz@riseup.net> Cherry-picked-from: `a9e07c0feb` ("lib/sgetgrent.c: fix null pointer dereference") Link: <https://github.com/shadow-maint/shadow/pull/904> Signed-off-by: Alejandro Colomar <alx@kernel.org>	2024-01-16 00:00:43 +01:00
Alejandro Colomar	22656c36a2	Release 4.14.2 Link: <https://github.com/shadow-maint/shadow/pull/824> Reviewed-by: Michael Vetter <jubalh@iodoru.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>	2023-10-30 00:14:15 +01:00
Michael Vetter	11071522a2	man: document --prefix option in chage, chpasswd and passwd Support for `--prefix` was added in https://github.com/shadow-maint/shadow/pull/714 and is available since shadow 4.14.0. Close https://github.com/shadow-maint/shadow/issues/822 Cherry-picked-from: `01f6258df7` ("man: document --prefix option in chage, chpasswd and passwd") Link: <https://github.com/shadow-maint/shadow/pull/823> Suggested-by: Michael Vetter <jubalh@iodoru.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>	2023-10-30 00:00:28 +01:00
Johannes Segitz	909036d714	useradd: Set proper SELinux labels for def_usrtemplate Fixes: `74c17c716` ("Add support for skeleton files from /usr/etc/skel") Signed-off-by: Johannes Segitz <jsegitz@suse.com> Cherry-picked-from: `48aa12af31` Link: <https://github.com/shadow-maint/shadow/pull/812> Reviewed-by: Michael Vetter <jubalh@iodoru.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>	2023-10-30 00:00:24 +01:00
Iker Pedrosa	de50b39475	utmp: call prepare_utmp() even if utent is NULL update_utmp() should also return 0 when success. Fixes: `1f368e1c18` ("utmp: update `update_utmp()") Resolves: https://github.com/shadow-maint/shadow/issues/805 Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com> Cherry-picked-from: `5178f8c5af` Link: <https://github.com/shadow-maint/shadow/issues/805> Link: <https://github.com/shadow-maint/shadow/pull/808> Reviewed-by: Michael Vetter <jubalh@iodoru.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>	2023-10-30 00:00:19 +01:00
Christian Göttsche	b5c99ec30e	lib/btrfs: avoid NULL-dereference btrfs.c:42:13: warning: use of NULL 'cmd' where non-null expected [CWE-476] [-Wanalyzer-null-argument] Reviewed-by: Alejandro Colomar <alx@kernel.org> Cherry-picked-from: `54ab542887` Link: <https://github.com/shadow-maint/shadow/pull/770> Reviewed-by: Michael Vetter <jubalh@iodoru.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>	2023-10-30 00:00:15 +01:00
Heiko Becker	58b96645c9	Replace __{BEGIN,END}_DECLS with #ifdef __cplusplus Fixes the build with musl libc. Cherry-picked-from: `890f911e17` Link: <https://github.com/shadow-maint/shadow/pull/789> Reviewed-by: Michael Vetter <jubalh@iodoru.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>	2023-10-30 00:00:10 +01:00