From 44a40b2f4ee043be419a9843e5ecfea98922a43d Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Sep 19 2012 18:33:30 +0000 Subject: new upstream version - use the original file permissions when creating backup (#853102) --- diff --git a/.gitignore b/.gitignore index 5e224dd..f5997c1 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,5 @@ shadow-4.1.4.2.tar.bz2 /shadow-4.1.4.3.tar.bz2 /shadow-4.1.5.tar.bz2 +/shadow-4.1.5.1.tar.bz2 +/shadow-4.1.5.1.tar.bz2.sig diff --git a/shadow-4.1.4.2-infoParentDir.patch b/shadow-4.1.4.2-infoParentDir.patch deleted file mode 100644 index da260bf..0000000 --- a/shadow-4.1.4.2-infoParentDir.patch +++ /dev/null @@ -1,32 +0,0 @@ -diff -up shadow-4.1.4.2/man/newusers.8.infoParentDir shadow-4.1.4.2/man/newusers.8 ---- shadow-4.1.4.2/man/newusers.8.infoParentDir 2010-04-28 13:44:04.634870854 +0200 -+++ shadow-4.1.4.2/man/newusers.8 2010-04-28 13:46:07.190866220 +0200 -@@ -88,7 +88,7 @@ This field is copied in the GECOS field - .RS 4 - This field is used to define the home directory of the user\&. - .sp --If this field does not specify an existing directory, the specified directory is created, with ownership set to the user being created or updated and its primary group\&. -+If this field does not specify an existing directory, the specified directory is created, with ownership set to the user being created or updated and its primary group\&. Note that newusers does not create parent directories of the new user's home directory. The newusers command will fail to create the home directory if the parent directories do not exist, and will send a message to stderr informing the user of the failure. The newusers command will not halt or return a failure to the calling shell if it fails to create the home directory, it will continue to process the batch of new users specified\&. - .sp - If the home directory of an existing user is changed, - \fBnewusers\fR -diff -up shadow-4.1.4.2/man/newusers.8.xml.infoParentDir shadow-4.1.4.2/man/newusers.8.xml ---- shadow-4.1.4.2/man/newusers.8.xml.infoParentDir 2010-04-28 13:48:01.419238133 +0200 -+++ shadow-4.1.4.2/man/newusers.8.xml 2010-04-28 13:55:40.499663030 +0200 -@@ -192,7 +192,15 @@ - - If this field does not specify an existing directory, the - specified directory is created, with ownership set to the -- user being created or updated and its primary group. -+ user being created or updated and its primary group. Note -+ that newusers does not create parent directories of the new -+ user's home directory. The newusers command will fail to -+ create the home directory if the parent directories do not -+ exist, and will send a message to stderr informing the user -+ of the failure. The newusers command will not halt or return -+ a failure to the calling shell if it fails to create the home -+ directory, it will continue to process the batch of new users -+ specified. - - - If the home directory of an existing user is changed, diff --git a/shadow-4.1.5-goodname.patch b/shadow-4.1.5-goodname.patch deleted file mode 100644 index 81f27b0..0000000 --- a/shadow-4.1.5-goodname.patch +++ /dev/null @@ -1,68 +0,0 @@ -diff -up shadow-4.1.5/libmisc/chkname.c.goodname shadow-4.1.5/libmisc/chkname.c ---- shadow-4.1.5/libmisc/chkname.c.goodname 2009-04-28 21:14:04.000000000 +0200 -+++ shadow-4.1.5/libmisc/chkname.c 2012-03-19 09:52:12.910605026 +0100 -@@ -49,20 +49,28 @@ - static bool is_valid_name (const char *name) - { - /* -- * User/group names must match [a-z_][a-z0-9_-]*[$] -- */ -- if (('\0' == *name) || -- !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) { -+ * User/group names must match gnu e-regex: -+ * [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]? -+ * -+ * as a non-POSIX, extension, allow "$" as the last char for -+ * sake of Samba 3.x "add machine script" -+ */ -+ if ( ('\0' == *name) || -+ !((*name >= 'a' && *name <= 'z') || -+ (*name >= 'A' && *name <= 'Z') || -+ (*name >= '0' && *name <= '9') || -+ (*name == '_') || (*name == '.') -+ )) { - return false; - } - - while ('\0' != *++name) { -- if (!(( ('a' <= *name) && ('z' >= *name) ) || -- ( ('0' <= *name) && ('9' >= *name) ) || -- ('_' == *name) || -- ('-' == *name) || -- ( ('$' == *name) && ('\0' == *(name + 1)) ) -- )) { -+ if (!( (*name >= 'a' && *name <= 'z') || -+ (*name >= 'A' && *name <= 'Z') || -+ (*name >= '0' && *name <= '9') || -+ (*name == '_') || (*name == '.') || (*name == '-') || -+ (*name == '$' && *(name + 1) == '\0') -+ )) { - return false; - } - } -diff -up shadow-4.1.5/man/groupadd.8.goodname shadow-4.1.5/man/groupadd.8 ---- shadow-4.1.5/man/groupadd.8.goodname 2012-02-12 22:27:42.000000000 +0100 -+++ shadow-4.1.5/man/groupadd.8 2012-03-19 09:56:17.113723732 +0100 -@@ -181,9 +181,7 @@ Shadow password suite configuration\&. - .RE - .SH "CAVEATS" - .PP --Groupnames must start with a lower case letter or an underscore, followed by lower case letters, digits, underscores, or dashes\&. They can end with a dollar sign\&. In regular expression terms: [a\-z_][a\-z0\-9_\-]*[$]? --.PP --Groupnames may only be up to 16 characters long\&. -+Groupnames may only be up to 32 characters long\&. - .PP - You may not add a NIS or LDAP group\&. This must be performed on the corresponding server\&. - .PP -diff -up shadow-4.1.5/man/useradd.8.goodname shadow-4.1.5/man/useradd.8 ---- shadow-4.1.5/man/useradd.8.goodname 2012-02-12 22:28:02.000000000 +0100 -+++ shadow-4.1.5/man/useradd.8 2012-03-19 09:52:12.911605018 +0100 -@@ -421,8 +421,6 @@ Similarly, if the username already exist - \fBuseradd\fR - will deny the user account creation request\&. - .PP --Usernames must start with a lower case letter or an underscore, followed by lower case letters, digits, underscores, or dashes\&. They can end with a dollar sign\&. In regular expression terms: [a\-z_][a\-z0\-9_\-]*[$]? --.PP - Usernames may only be up to 32 characters long\&. - .SH "CONFIGURATION" - .PP diff --git a/shadow-4.1.5-man.patch b/shadow-4.1.5-man.patch deleted file mode 100644 index f0fa089..0000000 --- a/shadow-4.1.5-man.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up shadow-4.1.5/man/useradd.8.man shadow-4.1.5/man/useradd.8 ---- shadow-4.1.5/man/useradd.8.man 2012-03-19 13:06:48.000000000 +0100 -+++ shadow-4.1.5/man/useradd.8 2012-03-19 13:07:44.540169270 +0100 -@@ -215,7 +215,7 @@ is not enabled, no home directories are - .PP - \fB\-M\fR - .RS 4 --Do no create the user\*(Aqs home directory, even if the system wide setting from -+Do not create the user\*(Aqs home directory, even if the system wide setting from - /etc/login\&.defs - (\fBCREATE_HOME\fR) is set to - \fIyes\fR\&. diff --git a/shadow-4.1.5-selinux.patch b/shadow-4.1.5-selinux.patch deleted file mode 100644 index d138e58..0000000 --- a/shadow-4.1.5-selinux.patch +++ /dev/null @@ -1,41 +0,0 @@ -diff -up shadow-4.1.5/lib/commonio.c.selinux shadow-4.1.5/lib/commonio.c ---- shadow-4.1.5/lib/commonio.c.selinux 2011-12-09 23:23:16.000000000 +0100 -+++ shadow-4.1.5/lib/commonio.c 2012-03-22 16:42:00.952464092 +0100 -@@ -977,6 +977,12 @@ int commonio_close (struct commonio_db * - - snprintf (buf, sizeof buf, "%s+", db->filename); - -+#ifdef WITH_SELINUX -+ if (set_selinux_file_context (buf) != 0) { -+ errors++; -+ } -+#endif -+ - db->fp = fopen_set_perms (buf, "w", &sb); - if (NULL == db->fp) { - goto fail; -@@ -1011,6 +1017,12 @@ int commonio_close (struct commonio_db * - goto fail; - } - -+#ifdef WITH_SELINUX -+ if (reset_selinux_file_context () != 0) { -+ goto fail; -+ } -+#endif -+ - nscd_need_reload = true; - goto success; - fail: -diff -up shadow-4.1.5/src/useradd.c.selinux shadow-4.1.5/src/useradd.c ---- shadow-4.1.5/src/useradd.c.selinux 2012-03-22 16:46:11.007377548 +0100 -+++ shadow-4.1.5/src/useradd.c 2012-03-22 16:46:35.037251897 +0100 -@@ -2040,7 +2040,7 @@ int main (int argc, char **argv) - if (mflg) { - create_home (); - if (home_added) { -- copy_tree (def_template, user_home, false, false, -+ copy_tree (def_template, user_home, false, true, - (uid_t)-1, user_id, (gid_t)-1, user_gid); - } else { - fprintf (stderr, diff --git a/shadow-4.1.5.1-backup-mode.patch b/shadow-4.1.5.1-backup-mode.patch new file mode 100644 index 0000000..7366b86 --- /dev/null +++ b/shadow-4.1.5.1-backup-mode.patch @@ -0,0 +1,20 @@ +diff -up shadow-4.1.5.1/lib/commonio.c.backup-mode shadow-4.1.5.1/lib/commonio.c +--- shadow-4.1.5.1/lib/commonio.c.backup-mode 2012-05-18 21:44:54.000000000 +0200 ++++ shadow-4.1.5.1/lib/commonio.c 2012-09-19 20:27:16.089444234 +0200 +@@ -301,15 +301,12 @@ static int create_backup (const char *ba + struct utimbuf ub; + FILE *bkfp; + int c; +- mode_t mask; + + if (fstat (fileno (fp), &sb) != 0) { + return -1; + } + +- mask = umask (077); +- bkfp = fopen (backup, "w"); +- (void) umask (mask); ++ bkfp = fopen_set_perms (backup, "w", &sb); + if (NULL == bkfp) { + return -1; + } diff --git a/shadow-4.1.5.1-goodname.patch b/shadow-4.1.5.1-goodname.patch new file mode 100644 index 0000000..1fdd84f --- /dev/null +++ b/shadow-4.1.5.1-goodname.patch @@ -0,0 +1,118 @@ +diff -up shadow-4.1.5.1/libmisc/chkname.c.goodname shadow-4.1.5.1/libmisc/chkname.c +--- shadow-4.1.5.1/libmisc/chkname.c.goodname 2009-07-13 00:24:45.000000000 +0200 ++++ shadow-4.1.5.1/libmisc/chkname.c 2012-09-19 18:43:53.492160653 +0200 +@@ -49,20 +49,28 @@ + static bool is_valid_name (const char *name) + { + /* +- * User/group names must match [a-z_][a-z0-9_-]*[$] +- */ +- if (('\0' == *name) || +- !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) { ++ * User/group names must match gnu e-regex: ++ * [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]? ++ * ++ * as a non-POSIX, extension, allow "$" as the last char for ++ * sake of Samba 3.x "add machine script" ++ */ ++ if ( ('\0' == *name) || ++ !((*name >= 'a' && *name <= 'z') || ++ (*name >= 'A' && *name <= 'Z') || ++ (*name >= '0' && *name <= '9') || ++ (*name == '_') || (*name == '.') ++ )) { + return false; + } + + while ('\0' != *++name) { +- if (!(( ('a' <= *name) && ('z' >= *name) ) || +- ( ('0' <= *name) && ('9' >= *name) ) || +- ('_' == *name) || +- ('-' == *name) || +- ( ('$' == *name) && ('\0' == *(name + 1)) ) +- )) { ++ if (!( (*name >= 'a' && *name <= 'z') || ++ (*name >= 'A' && *name <= 'Z') || ++ (*name >= '0' && *name <= '9') || ++ (*name == '_') || (*name == '.') || (*name == '-') || ++ (*name == '$' && *(name + 1) == '\0') ++ )) { + return false; + } + } +diff -up shadow-4.1.5.1/man/groupadd.8.xml.goodname shadow-4.1.5.1/man/groupadd.8.xml +--- shadow-4.1.5.1/man/groupadd.8.xml.goodname 2012-05-25 13:45:27.000000000 +0200 ++++ shadow-4.1.5.1/man/groupadd.8.xml 2012-09-19 18:43:53.492160653 +0200 +@@ -259,12 +259,6 @@ + + CAVEATS + +- Groupnames must start with a lower case letter or an underscore, +- followed by lower case letters, digits, underscores, or dashes. +- They can end with a dollar sign. +- In regular expression terms: [a-z_][a-z0-9_-]*[$]? +- +- + Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long. + + +diff -up shadow-4.1.5.1/man/man8/groupadd.8.goodname shadow-4.1.5.1/man/man8/groupadd.8 +--- shadow-4.1.5.1/man/man8/groupadd.8.goodname 2012-05-25 13:58:40.000000000 +0200 ++++ shadow-4.1.5.1/man/man8/groupadd.8 2012-09-19 18:44:42.175123079 +0200 +@@ -190,9 +190,7 @@ Shadow password suite configuration\&. + .RE + .SH "CAVEATS" + .PP +-Groupnames must start with a lower case letter or an underscore, followed by lower case letters, digits, underscores, or dashes\&. They can end with a dollar sign\&. In regular expression terms: [a\-z_][a\-z0\-9_\-]*[$]? +-.PP +-Groupnames may only be up to 16 characters long\&. ++Groupnames may only be up to 32 characters long\&. + .PP + You may not add a NIS or LDAP group\&. This must be performed on the corresponding server\&. + .PP +diff -up shadow-4.1.5.1/man/man8/useradd.8.goodname shadow-4.1.5.1/man/man8/useradd.8 +--- shadow-4.1.5.1/man/man8/useradd.8.goodname 2012-05-25 13:59:28.000000000 +0200 ++++ shadow-4.1.5.1/man/man8/useradd.8 2012-09-19 18:46:09.249033949 +0200 +@@ -224,7 +224,7 @@ is not enabled, no home directories are + .PP + \fB\-M\fR + .RS 4 +-Do no create the user\*(Aqs home directory, even if the system wide setting from ++Do not create the user\*(Aqs home directory, even if the system wide setting from + /etc/login\&.defs + (\fBCREATE_HOME\fR) is set to + \fIyes\fR\&. +@@ -430,8 +430,6 @@ Similarly, if the username already exist + \fBuseradd\fR + will deny the user account creation request\&. + .PP +-Usernames must start with a lower case letter or an underscore, followed by lower case letters, digits, underscores, or dashes\&. They can end with a dollar sign\&. In regular expression terms: [a\-z_][a\-z0\-9_\-]*[$]? +-.PP + Usernames may only be up to 32 characters long\&. + .SH "CONFIGURATION" + .PP +diff -up shadow-4.1.5.1/man/useradd.8.xml.goodname shadow-4.1.5.1/man/useradd.8.xml +--- shadow-4.1.5.1/man/useradd.8.xml.goodname 2012-05-25 13:45:29.000000000 +0200 ++++ shadow-4.1.5.1/man/useradd.8.xml 2012-09-19 18:43:53.493160675 +0200 +@@ -366,7 +366,7 @@ + + + +- Do no create the user's home directory, even if the system ++ Do not create the user's home directory, even if the system + wide setting from /etc/login.defs + () is set to + yes. +@@ -654,12 +654,6 @@ + + + +- Usernames must start with a lower case letter or an underscore, +- followed by lower case letters, digits, underscores, or dashes. +- They can end with a dollar sign. +- In regular expression terms: [a-z_][a-z0-9_-]*[$]? +- +- + Usernames may only be up to 32 characters long. + + diff --git a/shadow-4.1.5.1-info-parent-dir.patch b/shadow-4.1.5.1-info-parent-dir.patch new file mode 100644 index 0000000..d2bc009 --- /dev/null +++ b/shadow-4.1.5.1-info-parent-dir.patch @@ -0,0 +1,32 @@ +diff -up shadow-4.1.5.1/man/man8/newusers.8.info-parent-dir shadow-4.1.5.1/man/man8/newusers.8 +--- shadow-4.1.5.1/man/man8/newusers.8.info-parent-dir 2012-05-25 13:59:09.000000000 +0200 ++++ shadow-4.1.5.1/man/man8/newusers.8 2012-09-19 18:47:17.203525237 +0200 +@@ -99,7 +99,7 @@ This field is copied in the GECOS field + .RS 4 + This field is used to define the home directory of the user\&. + .sp +-If this field does not specify an existing directory, the specified directory is created, with ownership set to the user being created or updated and its primary group\&. ++If this field does not specify an existing directory, the specified directory is created, with ownership set to the user being created or updated and its primary group\&. Note that newusers does not create parent directories of the new user's home directory. The newusers command will fail to create the home directory if the parent directories do not exist, and will send a message to stderr informing the user of the failure. The newusers command will not halt or return a failure to the calling shell if it fails to create the home directory, it will continue to process the batch of new users specified\&. + .sp + If the home directory of an existing user is changed, + \fBnewusers\fR +diff -up shadow-4.1.5.1/man/newusers.8.xml.info-parent-dir shadow-4.1.5.1/man/newusers.8.xml +--- shadow-4.1.5.1/man/newusers.8.xml.info-parent-dir 2012-05-25 13:45:28.000000000 +0200 ++++ shadow-4.1.5.1/man/newusers.8.xml 2012-09-19 18:46:35.651613365 +0200 +@@ -216,7 +216,15 @@ + + If this field does not specify an existing directory, the + specified directory is created, with ownership set to the +- user being created or updated and its primary group. ++ user being created or updated and its primary group. Note ++ that newusers does not create parent directories of the new ++ user's home directory. The newusers command will fail to ++ create the home directory if the parent directories do not ++ exist, and will send a message to stderr informing the user ++ of the failure. The newusers command will not halt or return ++ a failure to the calling shell if it fails to create the home ++ directory, it will continue to process the batch of new users ++ specified. + + + If the home directory of an existing user is changed, diff --git a/shadow-4.1.5.1-selinux.patch b/shadow-4.1.5.1-selinux.patch new file mode 100644 index 0000000..773fd60 --- /dev/null +++ b/shadow-4.1.5.1-selinux.patch @@ -0,0 +1,12 @@ +diff -up shadow-4.1.5.1/src/useradd.c.selinux shadow-4.1.5.1/src/useradd.c +--- shadow-4.1.5.1/src/useradd.c.selinux 2012-09-19 18:28:37.662060468 +0200 ++++ shadow-4.1.5.1/src/useradd.c 2012-09-19 18:28:37.672060688 +0200 +@@ -2040,7 +2040,7 @@ int main (int argc, char **argv) + if (mflg) { + create_home (); + if (home_added) { +- copy_tree (def_template, user_home, false, false, ++ copy_tree (def_template, user_home, false, true, + (uid_t)-1, user_id, (gid_t)-1, user_gid); + } else { + fprintf (stderr, diff --git a/shadow-utils.spec b/shadow-utils.spec index 761ac88..96497bb 100644 --- a/shadow-utils.spec +++ b/shadow-utils.spec @@ -1,20 +1,20 @@ Summary: Utilities for managing accounts and shadow password files Name: shadow-utils -Version: 4.1.5 -Release: 5%{?dist} +Version: 4.1.5.1 +Release: 1%{?dist} Epoch: 2 URL: http://pkg-shadow.alioth.debian.org/ Source0: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.bz2 +Source3: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.bz2.sig Source1: shadow-utils.login.defs Source2: shadow-utils.useradd Patch0: shadow-4.1.5-redhat.patch -Patch1: shadow-4.1.5-goodname.patch -Patch2: shadow-4.1.4.2-infoParentDir.patch +Patch1: shadow-4.1.5.1-goodname.patch +Patch2: shadow-4.1.5.1-info-parent-dir.patch Patch3: shadow-4.1.5-uflg.patch -Patch4: shadow-4.1.5-man.patch -Patch5: shadow-4.1.5-grremove.patch -Patch6: shadow-4.1.5-selinux.patch +Patch6: shadow-4.1.5.1-selinux.patch Patch7: shadow-4.1.5-2ndskip.patch +Patch8: shadow-4.1.5.1-backup-mode.patch License: BSD and GPLv2+ Group: System Environment/Base BuildRequires: libselinux-devel >= 1.25.2-1 @@ -45,13 +45,11 @@ are used for managing group accounts. %setup -q -n shadow-%{version} %patch0 -p1 -b .redhat %patch1 -p1 -b .goodname -%patch2 -p1 -b .infoParentDir +%patch2 -p1 -b .info-parent-dir %patch3 -p1 -b .uflg -%patch4 -p1 -b .man -%patch5 -p1 -b .grremove %patch6 -p1 -b .selinux %patch7 -p1 -b .2ndskip - +%patch8 -p1 -b .backup-mode iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 cp -f doc/HOWTO.utf8 doc/HOWTO @@ -206,6 +204,10 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man8/vigr.8* %changelog +* Wed Sep 19 2012 Tomas Mraz - 2:4.1.5.1-1 +- new upstream version +- use the original file permissions when creating backup (#853102) + * Wed Jul 25 2012 Peter Vrabec - 2:4.1.5-5 - make /etc/default/useradd world-readable (#835137) diff --git a/sources b/sources index 0afb6c5..888eac7 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ -d5f7a588fadb79faeb4b08b1eee82e9a shadow-4.1.5.tar.bz2 +a00449aa439c69287b6d472191dc2247 shadow-4.1.5.1.tar.bz2 +f16f31f6f5a607b1ffb1aa1aac4c37f2 shadow-4.1.5.1.tar.bz2.sig