From b8bc22b20d5d036cf1c5b6e9cd1dba0b676334e2 Mon Sep 17 00:00:00 2001 From: lvgenggeng Date: Wed, 20 Sep 2023 14:40:03 +0800 Subject: [PATCH] fix: backport patches from upstream Signed-off-by: lvgenggeng --- ...fix-segfault-in-command-line-options.patch | 36 +++++++++++++++++++ shadow.spec | 6 +++- 2 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 backport-chgpasswd-fix-segfault-in-command-line-options.patch diff --git a/backport-chgpasswd-fix-segfault-in-command-line-options.patch b/backport-chgpasswd-fix-segfault-in-command-line-options.patch new file mode 100644 index 0000000..db47426 --- /dev/null +++ b/backport-chgpasswd-fix-segfault-in-command-line-options.patch @@ -0,0 +1,36 @@ +From 53a17c1742a4b5fcf9280fd6dd85fc77588535c2 Mon Sep 17 00:00:00 2001 +From: Jeffrey Bencteux +Date: Wed, 21 Jun 2023 15:12:43 +0200 +Subject: [PATCH] chgpasswd: fix segfault in command-line options + +Using the --sha-rounds option without first giving a crypt method via the --crypt-method option results in comparisons with a NULL pointer and thus make chgpasswd segfault: + +$ chgpasswd -s 1 +zsh: segmentation fault chgpasswd -s 1 + +Current patch add a sanity check before these comparisons to ensure there is a defined encryption method. +--- + src/chgpasswd.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/src/chgpasswd.c b/src/chgpasswd.c +index fe4055d8..7b773e2f 100644 +--- a/src/chgpasswd.c ++++ b/src/chgpasswd.c +@@ -186,6 +186,13 @@ static void process_flags (int argc, char **argv) + case 's': + sflg = true; + bad_s = 0; ++ ++ if (!crypt_method) { ++ fprintf (stderr, ++ _("%s: no crypt method defined\n"), ++ Prog); ++ usage (E_USAGE); ++ } + #if defined(USE_SHA_CRYPT) + if ( ( ((0 == strcmp (crypt_method, "SHA256")) || (0 == strcmp (crypt_method, "SHA512"))) + && (0 == getlong(optarg, &sha_rounds)))) { +-- +2.20.1 + diff --git a/shadow.spec b/shadow.spec index 6bda4fe..e1a7176 100644 --- a/shadow.spec +++ b/shadow.spec @@ -1,6 +1,6 @@ Name: shadow Version: 4.13 -Release: 6 +Release: 7 Epoch: 2 License: BSD and GPLv2+ Summary: Tools for managing accounts and shadow password files @@ -31,6 +31,7 @@ Patch11: backport-commonio-free-removed-database-entries.patch Patch12: backport-semanage-disconnect-to-free-libsemanage-internals.patch Patch13: backport-run_parts-for-groupadd-and-groupdel.patch Patch14: shadow-Remove-encrypted-passwd-for-useradd-gr.patch +Patch15: backport-chgpasswd-fix-segfault-in-command-line-options.patch BuildRequires: gcc, libselinux-devel, audit-libs-devel, libsemanage-devel BuildRequires: libacl-devel, libattr-devel @@ -198,6 +199,9 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.{la,a} %{_mandir}/*/* %changelog +* Wed Sep 20 2023 lvgenggeng - 2:4.13-7 +- backport patches from upstream + * Fri Aug 11 2023 xiongshenglan - 2:4.13-6 - Remove encrypted passwd for useradd-groupadd-groupmod-usermod