From patchwork Wed Sep 20 17:58:37 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 7229 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature ECDSA (secp384r1) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4RrR9K6LrYz3ws3 for ; Wed, 20 Sep 2023 17:58:45 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature ECDSA (secp384r1) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4RrR9G5gDLz26f; Wed, 20 Sep 2023 17:58:42 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4RrR9G36G3z306n; Wed, 20 Sep 2023 17:58:42 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4RrR9F0nN9z2xLQ for ; Wed, 20 Sep 2023 17:58:41 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4RrR9D1GlVzKl; Wed, 20 Sep 2023 17:58:40 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1695232720; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=6+R+FhPo4HsGr6b8Gk26TmJgfByxi3ZoP6Bi8kPjzIo=; b=vKt4u0MXsuwdLbLeM72Rxphx+cQYWGKH+4vbXHb8XNVfG/zwvLRlMslWzJzYwxV2V2rnqU vsvahlSzZ5GqGUDg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1695232720; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=6+R+FhPo4HsGr6b8Gk26TmJgfByxi3ZoP6Bi8kPjzIo=; b=JDkf6l/qBMIcujKoskvD/6g8e3xTSCZZavUlpsQZ51IB2mAQyqh56lqtgPmZsCytYSDEFq zd14v5zclI1E0PohIp6BUbAOhl6jb1j2VH55Xr2bvF8/snylJnS5G7y0Y4HaSb4ughfq7O uTGmyV06mWyQNRXIUklVajeIMGWzkSx8DfmO7II/l10rHCmofjkrB6H12bZrpLKmn8e+UW z1TyBkP04A5an+jg6JsUkgpECJ16Ob4LScYOVSIeiPWVwwaOqneAC0pznb4MHpSHsPYaCh O3QLkgkxtTq3yThTEbDsfidv0lAebRH6ENlM61H3BYRfSuUuO32MWB71jQFZ9g== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] shadow-utils: Update to version 4.14.0-1 Date: Wed, 20 Sep 2023 19:58:37 +0200 Message-ID: <20230920175837.119284-1-adolf.belka@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" - IPFire-3.x - Update from version 4.13-2 to 4.14.0-1 - The build now has --with-libbsd as default yes so --without-libbsd has been added so that it uses its own readpassphrase code as previously. - Changelog 4.14.0 This release includes some steps toward preparing for the Y2038 (e.g. removing lastlog conditionally), a great deal of removal of obsolete function checks (like rmdir), and overhaul of some string manipulation functions, of which there is more to come. And a great deal more. The abbreviated git log follows: Serge Hallyn: configure.ac: check for strlcpy Michael Vetter: Remove intree website Serge Hallyn: 4.14.0-rc4 pre-release Serge Hallyn: Releases: add etc/shadow-maint to distfiles Serge Hallyn: 4.14.0-rc3 Iker Pedrosa: libmisc: include freezero Iker Pedrosa: libmisc: add freezero source code Iker Pedrosa: libmisc: add readpassphrase source code Iker Pedrosa: configure: add with-libbsd option Iker Pedrosa: man: include shadow-man.xsl in tarball Iker Pedrosa: man: include its.rules in tarball Iker Pedrosa: autogen: enable lastlog build Christian Göttsche: Add wrapper for write(2) Serge Hallyn: tag 4.14.0-rc2 Michael Vetter: Add new files to libmisc_la_SOURCES Serge Hallyn: Add a make dist CI test Serge Hallyn: 4.14.0-rc1 Serge Hallyn: remove xmalloc.c from POTFILES.in Iker Pedrosa: logoutd: add missing include Iker Pedrosa: CI: compile old utmp interface in Fedora Iker Pedrosa: src: add SELINUX library Iker Pedrosa: libmisc: conditionally compile utmp.c and logind.c Iker Pedrosa: lib: replace USER_NAME_MAX_LENGTH macro Iker Pedrosa: libmisc: call active_sessions_count() Iker Pedrosa: libmisc: implement active_sessions_count() Iker Pedrosa: utmp: update update_utmp() Iker Pedrosa: utmp: move update_utmp Iker Pedrosa: utmp: move failtmp() Iker Pedrosa: libmisc: implement get_session_host() Iker Pedrosa: configure: new option enable-logind xiongshenglan: shadow userdel: add the adaptation to the busybox ps in 01-kill_user_procs.sh Michael Vetter: chsh: warn if root sets a shell not listed in /etc/shells Michael Vetter: doc: mention ci workflow file to learn about deps Serge Hallyn: man/po/Makefile: add a comment to shadow-man-pages.pot Vegard Nossum: newgrp: fix potential string injection Todd Zullinger: lastlog: fix alignment of Latest header Iker Pedrosa: configure: fix lastlog check Alan D. Salewski: subuid.5: reference newusers(8) rather than newusers(1) Iker Pedrosa: CI: build lastlog in Fedora Iker Pedrosa: man: conditionally build lastlog documentation Iker Pedrosa: usermod: conditionally build lastlog functionality Iker Pedrosa: useradd: conditionally build lastlog functionality Iker Pedrosa: login: conditionally build lastlog functionality Iker Pedrosa: lastlog: stop building by default Iker Pedrosa: CI: update debian repos Bernd Kuhls: Fix yescrypt support Jeffrey Bencteux: chgpasswd: fix segfault in command-line options Alejandro Colomar: gpasswd(1): Fix password leak Alejandro Colomar: src/useradd.c: create_mail(): Cosmetic Alejandro Colomar: src/useradd.c: create_home(): Cosmetic Alejandro Colomar: src/useradd.c: create_home(): Cosmetic Alejandro Colomar: src/useradd.c: create_home(): Cosmetic Alejandro Colomar: src/useradd.c: close_group_files(): Cosmetic Alejandro Colomar: src/useradd.c: check_uid_range(): Cosmetic Jaroslav Jindrak: build: link passwd, chpasswd and chage against libdl Jaroslav Jindrak: configure: check whether fgetpwent_r is available before marking xprefix_getpwnam_r as reentrant Jaroslav Jindrak: passwd: fall back to non-PAM code when prefix is used Jaroslav Jindrak: chpasswd: fall back to non-PAM code when prefix is used Jaroslav Jindrak: chpasswd: add --prefix/-P options Jaroslav Jindrak: chage: add --prefix/-P options Jaroslav Jindrak: passwd: Respect --prefix/-P options Michael Vetter: prefix: add prefix support Iker Pedrosa: strtoday: remove unnecessary cast Alejandro Colomar: Use temporary variable Alejandro Colomar: realloc(NULL, ...) is equivalent to malloc(...) Alejandro Colomar: Simplify allocation APIs Christian Göttsche: Drop alloca(3) Christian Göttsche: usermod: fix off-by-one issues Alejandro Colomar: libmisc/csrand.c: Update comments Alejandro Colomar: lib/nss.c: Fix use of invalid p Alejandro Colomar: lib/nss.c: Fix use of uninitialized p Alejandro Colomar: Centralize error handling Alejandro Colomar: Second verse, it gets worse; it gets no better than this Alejandro Colomar: ROFL: Rolling on the floor looping Alejandro Colomar: This ain't no loop Iker Pedrosa: newusers: Improve error message Martin Kletzander: ch(g)passwd: Check selinux permissions upon startup Skyler Ferrante: Check if crypt_method null before dereferencing Alejandro Colomar: xgetXXbyYY: Simplify elifs Alejandro Colomar: xgetXXbyYY: Centralize error handling Alejandro Colomar: xgetXXbyYY: tfix Samanta Navarro: xgetXXbyYY: Avoid duplicated error handling block Samanta Navarro: xgetXXbyYY: Handle DUP_FUNCTION failure Serge Hallyn: sub_[ug]id_{add,remove}: fix return values Martin Kletzander: usermod: Small optimization using memmove for password unlock Alejandro Colomar: Reorder logic to improve comprehensibility Alejandro Colomar: newusers: Fail early Alejandro Colomar: newusers: Add missing error handling Samanta Navarro: libmisc: Use safer chroot/chdir sequence Samanta Navarro: su: Prevent stack overflow in check_perms Samanta Navarro: subsystem: Prevent endless loop Serge Hallyn: def_load: avoid NULL deref Serge Hallyn: def_load: split the econf from non-econf definition Tobias Stoeckmann: Plug econf memory leaks Samanta Navarro: chsh: Verify that login shell path is absolute Samanta Navarro: process_prefix_flag: Drop privileges bubu: Update French translations Samanta Navarro: get_pid.c: Use tighter validation checks Markus Hiereth: replace inadequate German translation of login error message Markus Hiereth: Update German translations Samanta Navarro: Remove some static char arrays Samanta Navarro: commonio: Use do_lock_file again Serge Hallyn: Fix broken docbook translations ed neville: open with O_CREAT when lock path does not exist Samanta Navarro: commonio_open: Remove fcntl call Samanta Navarro: commonio_lock_nowait: Remove deprecated code Samanta Navarro: login_prompt: Simplify login_prompt API Samanta Navarro: login_prompt: Use _exit in signal handler Samanta Navarro: login_prompt: Do not parse environment variables Samanta Navarro: libmisc/yesno.c: Fix regression Alejandro Colomar: libmisc, man: Drop old check and advice for complex character sets in passwords Christian Göttsche: semanage: disconnect to free libsemanage internals Christian Göttsche: commonio: free removed database entries ed neville: run_parts for groupadd and groupdel lilinjie: fix typos Alejandro Colomar: libmisc/yesno.c: Use getline(3) and rpmatch(3) Samanta Navarro: newgrp/useradd: always set SIGCHLD to default Serge Hallyn: Update AUTHORS to add Marek Michałkiewicz Samanta Navarro: Read whole line in yes_or_no Christian Göttsche: useradd/usermod: add --selinux-range argument Alejandro Colomar: CI: Make build logs more readable Iker Pedrosa: ci: remove explicit fedora dependencies Iker Pedrosa: README: add reference to contribution guidelines Iker Pedrosa: doc: add contributions introduction Iker Pedrosa: doc: add license Iker Pedrosa: doc: add releases Iker Pedrosa: doc: add Continuous Integration Iker Pedrosa: doc: add tests Iker Pedrosa: doc: add coding style Iker Pedrosa: doc: add build & install Serge Hallyn: trivial: vipw.8: fix grammar Christian Göttsche: sssd: skip flushing if executable does not exist Christian Göttsche: Overhaul valid_field() Martin Kletzander: semanage: Do not set default SELinux range Michael Vetter: Fix typo in groupadd usage Christian Göttsche: ci: update Differential ShellCheck tomspiderlabs: Added control character check Mike Gilbert: usermod: respect --prefix for --gid option Alejandro Colomar: Fix su(1) silent truncation Alejandro Colomar: Simplify is_my_tty() Alejandro Colomar: Fix is_my_tty() buffer overrun Alejandro Colomar: Add STRLEN(): a constexpr strlen(3) for string literals Alejandro Colomar: Fix crash with large timestamps Paul Eggert: Prefer strcpy(3) to strlcpy(3) when either works Paul Eggert: Fix change_field() buffer underrun Paul Eggert: Omit unneeded test in change_field() Paul Eggert: Simplify change_field() by using strcpy skyler-ferrante: Fix null dereference in basename Iker Pedrosa: CI: script for local container build Iker Pedrosa: CI: build project in containers Iker Pedrosa: container: add fedora Iker Pedrosa: container: add debian Iker Pedrosa: container: add alpine Iker Pedrosa: SECURITY.md: add Iker Pedrosa Christian Göttsche: selinux: use type safe function pointer assignment Christian Göttsche: Use strict prototype in definition Vinícius dos Santos Oliveira: Add .editorconfig Serge Hallyn: run_some: fix shellcheck warning Serge Hallyn: fail on any run_some test failure Serge Hallyn: ignore first test in run_some Serge Hallyn: swap first two tests - does the first one still fail? Serge Hallyn: tests: remove some github runner PATH tweaking Alejandro Colomar: tests: Support git-worktree(1) Serge Hallyn: tests: newuidmap and newgidmap: update expected fail message Serge Hallyn: libsubid: include alloc.h Serge Hallyn: run_some: log stderr Vinícius dos Santos Oliveira: Validate fds created by the user Serge Hallyn: get_pidfd_from_fd: return -1 on error, not 0 Serge Hallyn: g-h-a workflow: workaround Serge Hallyn: Fix regression in some translation strings Iker Pedrosa: lib: bit_ceil_wrapul(): stop recursion Iker Pedrosa: lib: define ULONG_WIDTH if non-existent maqi: Update translation Serge Hallyn: newuidmap and newgidmap: support passing pid as fd Alejandro Colomar: Fix use-after-free of pointer after realloc(3) Alejandro Colomar: Use safer allocation macros Alejandro Colomar: libmisc: Add safer allocation macros Alejandro Colomar: Use xreallocarray() instead of its pattern Alejandro Colomar: Use reallocarrayf() instead of its pattern Signed-off-by: Adolf Belka --- shadow-utils/shadow-utils.nm | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/shadow-utils/shadow-utils.nm b/shadow-utils/shadow-utils.nm index fcc4fd5fd..a16b88a2c 100644 --- a/shadow-utils/shadow-utils.nm +++ b/shadow-utils/shadow-utils.nm @@ -4,8 +4,8 @@ ############################################################################### name = shadow-utils -version = 4.13 -release = 2 +version = 4.14.0 +release = 1 thisapp = shadow-%{version} groups = System/Base @@ -52,7 +52,8 @@ build --without-audit \ --without-selinux \ --without-su \ - --with-fcaps + --with-fcaps \ + --without-libbsd install_cmds rm -vf \