!168 [openEuler-24.03-LTS] Backport patches from upstream
From: @yixiangzhike Reviewed-by: @HuaxinLuGitee Signed-off-by: @HuaxinLuGitee
This commit is contained in:
openeuler-ci-bot
Gitee
commit
c253396220
38
backport-lib-encrypt.c-Do-not-exit-in-error-case.patch
Normal file
38
backport-lib-encrypt.c-Do-not-exit-in-error-case.patch
Normal file
@ -0,0 +1,38 @@
|
||||
From 6cbce81df97a16363c46cbd1e8202c3b4f0a2205 Mon Sep 17 00:00:00 2001
|
||||
From: Tobias Stoeckmann <tobias@stoeckmann.org>
|
||||
Date: Sun, 19 Jan 2025 21:23:54 +0100
|
||||
Subject: [PATCH] lib/encrypt.c: Do not exit in error case
|
||||
|
||||
If crypt fails, pw_encrypt calls exit. This has the consequence that the
|
||||
plaintext password is not cleared.
|
||||
|
||||
A valid password can fail if the underlying library does not support it.
|
||||
One such example is SHA512, for which the password must not be longer
|
||||
than 256 characters on musl. A password longer than this with glibc
|
||||
works, so it is actually possible that a user, running passwd, tries to
|
||||
enter the old password but the musl-based passwd binary simply exits.
|
||||
Let passwd clear the password before exiting.
|
||||
|
||||
Reviewed-by: Alejandro Colomar <alx@kernel.org>
|
||||
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
||||
---
|
||||
lib/encrypt.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/encrypt.c b/lib/encrypt.c
|
||||
index c84a2552..9c1cb406 100644
|
||||
--- a/lib/encrypt.c
|
||||
+++ b/lib/encrypt.c
|
||||
@@ -65,7 +65,8 @@
|
||||
(void) fprintf (shadow_logfd,
|
||||
_("crypt method not supported by libcrypt? (%s)\n"),
|
||||
method);
|
||||
- exit (EXIT_FAILURE);
|
||||
+ errno = EINVAL;
|
||||
+ return NULL;
|
||||
}
|
||||
|
||||
if (strlen (cp) != 13) {
|
||||
--
|
||||
2.33.0
|
||||
|
||||
35
backport-src-gpasswd-Clear-password-in-more-cases.patch
Normal file
35
backport-src-gpasswd-Clear-password-in-more-cases.patch
Normal file
@ -0,0 +1,35 @@
|
||||
From 6b4bbbeecd676c9423f82658bb3a8f6990218e8d Mon Sep 17 00:00:00 2001
|
||||
From: Tobias Stoeckmann <tobias@stoeckmann.org>
|
||||
Date: Sun, 19 Jan 2025 21:27:50 +0100
|
||||
Subject: [PATCH] src/gpasswd: Clear password in more cases
|
||||
|
||||
If encryption of password fails, clear the memory before exiting.
|
||||
|
||||
Reviewed-by: Alejandro Colomar <alx@kernel.org>
|
||||
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
||||
---
|
||||
src/gpasswd.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/gpasswd.c b/src/gpasswd.c
|
||||
index 560b0ea7..e9e111a9 100644
|
||||
--- a/src/gpasswd.c
|
||||
+++ b/src/gpasswd.c
|
||||
@@ -864,13 +864,13 @@ static void change_passwd (struct group *gr)
|
||||
|
||||
salt = crypt_make_salt (NULL, NULL);
|
||||
cp = pw_encrypt (pass, salt);
|
||||
+ memzero (pass, sizeof pass);
|
||||
if (NULL == cp) {
|
||||
fprintf (stderr,
|
||||
_("%s: failed to crypt password with salt '%s': %s\n"),
|
||||
Prog, salt, strerror (errno));
|
||||
exit (1);
|
||||
}
|
||||
- memzero (pass, sizeof pass);
|
||||
#ifdef SHADOWGRP
|
||||
if (is_shadowgrp) {
|
||||
gr->gr_passwd = SHADOW_PASSWD_STRING;
|
||||
--
|
||||
2.33.0
|
||||
|
||||
32
backport-src-useradd.c-get_groups-Fix-memory-leak.patch
Normal file
32
backport-src-useradd.c-get_groups-Fix-memory-leak.patch
Normal file
@ -0,0 +1,32 @@
|
||||
From feead2f639506d49cef9dde385eb56cd3413ecf0 Mon Sep 17 00:00:00 2001
|
||||
From: sgakerru <sulmpx60@yandex.ru>
|
||||
Date: Sat, 19 Oct 2024 13:26:44 +0400
|
||||
Subject: [PATCH] src/useradd.c: get_groups(): Fix memory leak
|
||||
|
||||
---
|
||||
src/useradd.c | 9 +++++++++
|
||||
1 file changed, 9 insertions(+)
|
||||
|
||||
diff --git a/src/useradd.c b/src/useradd.c
|
||||
index 64e7a412..bd3b0624 100644
|
||||
--- a/src/useradd.c
|
||||
+++ b/src/useradd.c
|
||||
@@ -760,6 +760,15 @@ static int get_groups (char *list)
|
||||
int errors = 0;
|
||||
int ngroups = 0;
|
||||
|
||||
+ /*
|
||||
+ * Free previous group list before creating a new one.
|
||||
+ */
|
||||
+ int i = 0;
|
||||
+ while (NULL != user_groups[i]) {
|
||||
+ free(user_groups[i]);
|
||||
+ user_groups[i++] = NULL;
|
||||
+ }
|
||||
+
|
||||
if ('\0' == *list) {
|
||||
return 0;
|
||||
}
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
Name: shadow
|
||||
Version: 4.14.3
|
||||
Release: 6
|
||||
Release: 7
|
||||
Epoch: 2
|
||||
License: BSD and GPLv2+
|
||||
Summary: Tools for managing accounts and shadow password files
|
||||
@ -24,6 +24,9 @@ Patch4: backport-lib-idmapping.c--Use-long-constants-in-prctl-2.patch
|
||||
Patch5: backport-man-lastlog-remove-wrong-use-of-keyword-term.patch
|
||||
Patch6: backport-lib-csrand.c-Fix-the-lower-part-of-the-domain-of-csr.patch
|
||||
Patch7: limit-username-length-to-32.patch
|
||||
Patch8: backport-src-useradd.c-get_groups-Fix-memory-leak.patch
|
||||
Patch9: backport-src-gpasswd-Clear-password-in-more-cases.patch
|
||||
Patch10: backport-lib-encrypt.c-Do-not-exit-in-error-case.patch
|
||||
|
||||
BuildRequires: gcc, libselinux-devel, audit-libs-devel, libsemanage-devel
|
||||
BuildRequires: libacl-devel, libattr-devel
|
||||
@ -193,6 +196,9 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.{la,a}
|
||||
%{_mandir}/*/*
|
||||
|
||||
%changelog
|
||||
* Tue Mar 11 2025 yixiangzhike <yixiangzhike007@163.com> - 2:4.14.3-7
|
||||
- backport patches from upstream
|
||||
|
||||
* Sat Feb 8 2025 hugel <gengqihu2@h-partners.com> - 2:4.14.3-6
|
||||
- limit username length to 32
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user