Release 4.14.5

Signed-off-by: Alejandro Colomar <alx@kernel.org>
etc/pam.d/Makefile.am: Fix typo
2024-02-13 18:59:37 +01:00 · 2024-02-13 18:47:39 +01:00 · 2024-02-11 23:46:58 +01:00 · 2024-02-05 00:46:30 +01:00 · 2024-02-05 00:40:18 +01:00 · 2024-01-30 22:14:53 +01:00
7 changed files with 16 additions and 10 deletions
--- a/configure.ac
+++ b/configure.ac
@@ -4,7 +4,7 @@ m4_define([libsubid_abi_major], 4)
 m4_define([libsubid_abi_minor], 0)
 m4_define([libsubid_abi_micro], 0)
 m4_define([libsubid_abi], [libsubid_abi_major.libsubid_abi_minor.libsubid_abi_micro])
-AC_INIT([shadow], [4.14.2], [pkg-shadow-devel@lists.alioth.debian.org], [],
+AC_INIT([shadow], [4.14.5], [pkg-shadow-devel@lists.alioth.debian.org], [],
 	[https://github.com/shadow-maint/shadow])
 AM_INIT_AUTOMAKE([1.11 foreign dist-xz])
 AC_CONFIG_MACRO_DIRS([m4])
@@ -32,6 +32,7 @@ AC_PROG_CC
 AC_PROG_LN_S
 AC_PROG_YACC
 LT_INIT
+LT_LIB_DLLOAD

 dnl Checks for libraries.

--- a/etc/pam.d/Makefile.am
+++ b/etc/pam.d/Makefile.am
@@ -2,20 +2,20 @@
 # and also cooperate to make a distribution for `make dist'

 pamd_files = \
+	chpasswd \
 	chfn \
 	chsh \
 	groupmems \
 	login \
+	newusers \
 	passwd

 pamd_acct_tools_files = \
 	chage \
 	chgpasswd \
-	chpasswd \
 	groupadd \
 	groupdel \
 	groupmod \
-	newusers \
 	useradd \
 	userdel \
 	usermod
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -20,6 +20,7 @@ endif

 libshadow_la_CPPFLAGS += -I$(top_srcdir)
 libshadow_la_CFLAGS = $(LIBBSD_CFLAGS) $(LIBCRYPT_PAM) $(LIBSYSTEMD)
+libshadow_la_LIBADD = $(LIBADD_DLOPEN)

 libshadow_la_SOURCES = \
 	addgrps.c \
--- a/lib/chkname.c
+++ b/lib/chkname.c
@@ -74,12 +74,14 @@ static bool is_valid_name (const char *name)

 bool is_valid_user_name (const char *name)
 {
+	size_t  maxlen;
+
 	/*
 	 * User names length are limited by the kernel
 	 */
-	if (strlen (name) > sysconf(_SC_LOGIN_NAME_MAX)) {
+	maxlen = sysconf(_SC_LOGIN_NAME_MAX);
+	if (strlen(name) >= maxlen)
 		return false;
-	}

 	return is_valid_name (name);
 }
--- a/lib/logind.c
+++ b/lib/logind.c
@@ -35,7 +35,7 @@ done:
    return ret;
 }

-unsigned long active_sessions_count(const char *name, unsigned long unused)
+unsigned long active_sessions_count(const char *name, unsigned long unused(limit))
 {
    struct passwd *pw;
    unsigned long count = 0;
--- a/lib/sgetgrent.c
+++ b/lib/sgetgrent.c
@@ -37,8 +37,8 @@
 static char **list (char *s)
 {
 	static char **members = NULL;
-	static int size = 0;	/* max members + 1 */
-	int i;
+	static size_t size = 0;	/* max members + 1 */
+	size_t i;

 	i = 0;
 	for (;;) {
@@ -47,8 +47,10 @@ static char **list (char *s)
 		if (i >= size) {
 			size = i + 100;	/* at least: i + 1 */
 			members = REALLOCF(members, size, char *);
-			if (!members)
+			if (!members) {
+				size = 0;
 				return NULL;
+			}
 		}
 		if (!s || s[0] == '\0')
 			break;
--- a/share/containers/debian.dockerfile
+++ b/share/containers/debian.dockerfile
@@ -9,7 +9,7 @@ RUN export DEBIAN_PRIORITY=critical \
 RUN apt-get update -y \
    && apt-get dist-upgrade -y
 RUN apt-get build-dep shadow -y
-RUN apt-get install libbsd-dev pkgconf -y
+RUN apt-get install libltdl-dev libbsd-dev pkgconf -y

 COPY ./ /usr/local/src/shadow/
 WORKDIR /usr/local/src/shadow/
Author	SHA1	Message	Date
Alejandro Colomar	24605a1b62	Release 4.14.5 Signed-off-by: Alejandro Colomar <alx@kernel.org>	2024-02-13 18:59:37 +01:00
Alejandro Colomar	9f3d42b14d	etc/pam.d/Makefile.am: Fix typo The commit we're fixing mentions that it wanted to move 'chpasswd', but it removed 'ch_g_passwd' from 'pamd_acct_tools_files' and added 'chpasswd' to 'pamd_files'. It seems it removed the wrong thing by accident. Fixes: `341d80c2c7` ("Makefile: move chpasswd and newusers to pamd target") Link: <https://github.com/shadow-maint/shadow/pull/928#discussion_r1487687347> Link: <https://github.com/shadow-maint/shadow/issues/926#issuecomment-1941324761> Reported-by: Dominique Leuenberger <dleuenberger@suse.com> Reported-by: Michael Vetter <jubalh@iodoru.org> Cc: David Runge <dvzrv@archlinux.org> Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Tested-by: Michael Vetter <jubalh@iodoru.org> Reviewed-by: Michael Vetter <jubalh@iodoru.org> Reviewed-by: loqs <https://github.com/loqs> Co-developed-by: Dominique Leuenberger <dleuenberger@suse.com> Signed-off-by: Dominique Leuenberger <dleuenberger@suse.com> Signed-off-by: Alejandro Colomar <alx@kernel.org> Cherry-picked-from: `7eb10e6298` ("etc/pam.d/Makefile.am: Fix typo") Signed-off-by: Alejandro Colomar <alx@kernel.org>	2024-02-13 18:47:39 +01:00
Alejandro Colomar	f0f7fc60f2	Release 4.14.4 Signed-off-by: Alejandro Colomar <alx@kernel.org>	2024-02-11 23:46:58 +01:00
Tobias Stoeckmann	bc0151d4d3	lib/chkname.c: Take NUL byte into account The _SC_LOGIN_NAME_MAX value includes space for the NUL byte. The length of name must smaller than this value to be valid. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> Cherry-picked-from: `403a2e3771` ("lib/chkname.c: Take NUL byte into account") Link: <https://github.com/shadow-maint/shadow/pull/935> Cc: Serge Hallyn <serge@hallyn.com> Signed-off-by: Alejandro Colomar <alx@kernel.org>	2024-02-05 00:46:30 +01:00
Alejandro Colomar	4b775cbff9	lib/chkname.c: Use tmp variable to avoid a -Wsign-compare warning I used size_t because: sysconf(3) can return -1 if the value is not supported, but then it can only mean that there's no limit. Having no limit is the same as having a limit of SIZE_MAX (to which -1 is converted). Signed-off-by: Alejandro Colomar <alx@kernel.org> Cherry-picked-from: `6be85b0baf` ("lib/chkname.c: Use tmp variable to avoid a -Wsign-compare warning") [alx: This is to cherry-pick the next commit without conflict] Link: <https://github.com/shadow-maint/shadow/pull/801> Link: <https://github.com/shadow-maint/shadow/pull/935> Cc: Serge Hallyn <serge@hallyn.com> Cc: Tobias Stoeckmann <tobias@stoeckmann.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>	2024-02-05 00:40:18 +01:00
loqs	bc2cc1106d	Makefile: Move chpasswd and newusers to pamd target Install pam configs for chpasswd and newusers when using: $ ./configure --with-libpam --disable-account-tools-setuid Closes: <https://github.com/shadow-maint/shadow/issues/810> Link: <https://github.com/shadow-maint/shadow/pull/928> Tested-by: David Runge <dvzrv@archlinux.org> Cherry-picked-from: `341d80c2c7` ("Makefile: move chpasswd and newusers to pamd target") Cc: Iker Pedrosa <ipedrosa@redhat.com> Signed-off-by: Alejandro Colomar <alx@kernel.org>	2024-01-30 22:14:53 +01:00
Pablo Saavedra	f630203ed8	lib/logind.c: active_sessions_count(): Fix build error 'parameter name omitted' Add the omitted parameter name. Closes: <https://github.com/shadow-maint/shadow/issues/918> Link: <https://github.com/shadow-maint/shadow/pull/919> Signed-off-by: Pablo Saavedra <psaavedra@igalia.com> Cherry-picked-from: `da84d0ede7` ("Fix Build error 'parameter name omitted' in logind") Cc: Michael Vetter <jubalh@iodoru.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>	2024-01-30 17:34:04 +01:00
Sam James	7540b05197	Link correctly with libdl This fixes build with glibc-2.33 (newer glibc merged libdl and libpthread into libc): ``` libtool: link: x86_64-pc-linux-gnu-gcc -isystem /usr/include/bsd -DLIBBSD_OVERLAY -O2 -pipe -Wl,-O1 -o login login.o login_nopam.o -Wl,--as-needed ../lib/.libs/libshadow.a -lcrypt -lsystemd -lpam -lpam_misc -lbsd /usr/lib/gcc/x86_64-pc-linux-gnu/13/../../../../x86_64-pc-linux-gnu/bin/ld: ../lib/.libs/libshadow.a(libshadow_la-nss.o): undefined reference to symbol 'dlclose@@GLIBC_2.2.5' /usr/lib/gcc/x86_64-pc-linux-gnu/13/../../../../x86_64-pc-linux-gnu/bin/ld: /lib64/libdl.so.2: error adding symbols: DSO missing from command line collect2: error: ld returned 1 exit status ``` In Debian, the needed macro from libtool seems to be in libltdl-dev. Signed-off-by: Sam James <sam@gentoo.org> Cc: Iker Pedrosa <ikerpedrosam@gmail.com> Cherry-picked-from: `0f4e59fd00` ("Link correctly with libdl") Link: <https://github.com/shadow-maint/shadow/pull/917> Signed-off-by: Alejandro Colomar <alx@kernel.org>	2024-01-26 13:32:08 +01:00
Alejandro Colomar	eae0b02796	Release 4.14.3 Signed-off-by: Alejandro Colomar <alx@kernel.org>	2024-01-16 00:01:06 +01:00
Samanta Navarro	1c6a1206bd	lib/sgetgrent.c: fix null pointer dereference If reallocation fails in function list, then reset the size to 0 again. Without the reset, the next call assumes that `members` points to a memory location with reserved space. Also use size_t instead of int for size to prevent signed integer overflows. The length of group lines is not limited. Fixes `45c0003e53` (4.14 release series) Proof of Concept: - Prepare a group file (one long group line and a shorter one, both with a list of users) $ echo -n "root:x:0:" > /tmp/uwu $ yes , \| tr -d '\n' \| dd of=/tmp/uwu bs=10 count=3145728 seek=1 conv=notrunc iflag=fullblock $ echo -e "\nbin:x:1:," >> /tmp/uwu - Run grpck with tight memory constraints $ ulimit -d 102400 $ grpck /tmp/uwu Segmentation fault (core dumped) Reviewed-by: Alejandro Colomar <alx@kernel.org> Signed-off-by: Samanta Navarro <ferivoz@riseup.net> Cherry-picked-from: `a9e07c0feb` ("lib/sgetgrent.c: fix null pointer dereference") Link: <https://github.com/shadow-maint/shadow/pull/904> Signed-off-by: Alejandro Colomar <alx@kernel.org>	2024-01-16 00:00:43 +01:00