Hello community,
here is the log from the commit of package coreutils.1252 for openSUSE:12.1:Update checked in at 2013-02-04 13:53:43
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.1:Update/coreutils.1252 (Old)
and /work/SRC/openSUSE:12.1:Update/.coreutils.1252.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "coreutils.1252", Maintainer is ""
Changes:
--------
New Changes file:
--- /dev/null 2013-01-09 19:40:42.352580873 +0100
+++ /work/SRC/openSUSE:12.1:Update/.coreutils.1252.new/coreutils.changes 2013-02-04 13:53:49.000000000 +0100
@@ -0,0 +1,2008 @@
+-------------------------------------------------------------------
+Wed Jan 23 12:26:20 UTC 2013 - mail@bernhard-voelker.de
+
+- Avoid segmentation fault in "join -i" with long line input
+ (bnc#798541, VUL-1, CVE-2013-0223)
+
+- Avoid segmentation fault in "uniq" with long line input
+ (bnc#796243, VUL-1, CVE-2013-0222)
+
+- Avoid segmentation fault in "sort -d" and "sort -M" with long line input
+ (bnc#798538, VUL-1, CVE-2013-0221)
+
+-------------------------------------------------------------------
+Mon Nov 26 13:27:07 CET 2012 - pth@suse.de
+
+- Set permissions on /bin/su, not the non-existant /usr/bin/su
+ (bnc#791026).
+
+-------------------------------------------------------------------
+Tue Nov 6 23:33:47 UTC 2012 - mail@bernhard-voelker.de
+
+- Add coreutils-cp-corrupt-fragmented-sparse.patch from upstream:
+
+ * cp could read from freed memory and could even make corrupt copies.
+ This could happen with a very fragmented and sparse input file,
+ on GNU/Linux file systems supporting fiemap extent scanning.
+ This bug also affects mv when it resorts to copying, and install.
+ [bug introduced in coreutils-8.11]
+ (bnc#788459, gnu#12656)
+
+-------------------------------------------------------------------
+Fri Sep 21 09:35:45 UTC 2012 - froh@suse.com
+
+- fix coreutils-8.9-singlethreaded-sort.patch to honor
+ OMP_NUM_THREADS again. (bnc#781992)
+
+-------------------------------------------------------------------
+Fri Apr 27 12:54:33 CEST 2012 - pth@suse.de
+
+- Make stdbuf binary find libstdbuf.so by looking in the right
+ path (bnc#741241).
+
+-------------------------------------------------------------------
+Tue Mar 27 02:47:16 CEST 2012 - pth@suse.de
+
+- Add support for environment variable SU_C_SAME_SESSION
+ that makes -c behave like -C and document it in
+ coreutils.info and su(1) (bnc#697897).
+
+-------------------------------------------------------------------
+Mon Oct 17 15:25:21 CEST 2011 - pth@suse.de
+
+- Add upstream patch that fixes three bugs in tac:
+ - remove sole use of sprintf in favor of stpcpy
+ - don't misbehave with multiple non-seekable inputs
+ - don't leak a file descriptor for each non-seekable input
+
+-------------------------------------------------------------------
+Fri Oct 14 16:51:48 CEST 2011 - pth@suse.de
+
+- Uniformly use german quotes not french ones in german messages.
+
+-------------------------------------------------------------------
+Thu Oct 13 16:07:16 CEST 2011 - pth@suse.de
+
+- Update to 8.14. Changes since 8.12:
+ Bug fixes:
+
+ - ls --dereference no longer outputs erroneous "argetm" strings for
+ dangling symlinks when an 'ln=target' entry is in $LS_COLORS.
+ [bug introduced in fileutils-4.0]
+
+ - ls -lL symlink once again properly prints "+" when the referent has
+ an ACL. [bug introduced in coreutils-8.13]
+
+ - sort -g no longer infloops for certain inputs containing NaNs [bug
+ introduced in coreutils-8.5]
+
+ - chown and chgrp with the -v --from= options, now output the correct
+ owner. I.E. for skipped files, the original ownership is output,
+ not the new one. [bug introduced in sh-utils-2.0g]
+
+ - cp -r could mistakenly change the permissions of an existing
+ destination directory. [bug introduced in coreutils-6.8]
+
+ - cp -u -p would fail to preserve one hard link for each up-to-date
+ copy of a src-hard-linked name in the destination tree. I.e., if
+ s/a and s/b are hard-linked and dst/s/a is up to date, "cp -up s
+ dst" would copy s/b to dst/s/b rather than simply linking dst/s/b
+ to dst/s/a. [This bug appears to have been present in "the
+ beginning".]
+
+ - fts-using tools (rm, du, chmod, chgrp, chown, chcon) no longer use
+ memory proportional to the number of entries in each directory they
+ process. Before, rm -rf 4-million-entry-directory would consume
+ about 1GiB of memory. Now, it uses less than 30MB, no matter how
+ many entries there are. [this bug was inherent in the use of fts:
+ thus, for rm the bug was introduced in coreutils-8.0. The prior
+ implementation of rm did not use as much memory. du, chmod, chgrp
+ and chown started using fts in 6.0. chcon was added in
+ coreutils-6.9.91 with fts support. ]
+
+ - pr -T no longer ignores a specified LAST_PAGE to stop at. [bug
+ introduced in textutils-1.19q]
+
+ - printf '%d' '"' no longer accesses out-of-bounds memory in the
+ diagnostic. [bug introduced in sh-utils-1.16]
+
+ - split --number l/... no longer creates extraneous files in certain
+ cases. [bug introduced in coreutils-8.8]
+
+ - timeout now sends signals to commands that create their own process
+ group. timeout is no longer confused when starting off with a
+ child process. [bugs introduced in coreutils-7.0]
+
+ - unexpand -a now aligns correctly when there are spaces spanning a
+ tabstop, followed by a tab. In that case a space was dropped,
+ causing misalignment. We also now ensure that a space never
+ precedes a tab. [bug introduced in coreutils-5.3.0]
+
+ New features:
+
+ - date now accepts ISO 8601 date-time strings with "T" as the
+ separator. It has long parsed dates like "2004-02-29 16:21:42"
+ with a space between the date and time strings. Now it also parses
+ "2004-02-29T16:21:42" and fractional-second and time-zone-annotated
+ variants like "2004-02-29T16:21:42.333-07:00"
+ - md5sum accepts the new --strict option. With --check, it makes the
+ tool exit non-zero for any invalid input line, rather than just warning.
+ This also affects sha1sum, sha224sum, sha384sum and sha512sum.
+
+ - split accepts a new --filter=CMD option. With it, split filters
+ output through CMD. CMD may use the $FILE environment variable,
+ which is set to the nominal output file name for each invocation of
+ CMD. For example, to split a file into 3 approximately equal
+ parts, which are then compressed:
+
+ split -n3 --filter='xz > $FILE.xz' big
+
+ Note the use of single quotes, not double quotes. That creates
+ files named xaa.xz, xab.xz and xac.xz.
+
+ - timeout accepts a new --foreground option, to support commands not
+ started directly from a shell prompt, where the command is
+ interactive or needs to receive signals initiated from the
+ terminal.
+
+ Improvements:
+
+ - md5sum --check now supports the -r format from the corresponding
+ BSD tool. This also affects sha1sum, sha224sum, sha384sum and
+ sha512sum.
+
+ - pwd now works also on systems without openat. On such systems, pwd
+ would fail when run from a directory whose absolute name contained
+ more than PATH_MAX / 3 components. The df, stat and readlink
+ programs are also affected due to their use of the canonicalize_*
+ functions.
+
+ - join --check-order now prints "join: FILE:LINE_NUMBER: bad_line"
+ for an unsorted input, rather than e.g., "join: file 1 is not in
+ sorted order".
+
+ - shuf outputs small subsets of large permutations much more
+ efficiently. For example `shuf -i1-$((2**32-1)) -n2` no longer
+ exhausts memory.
+
+ - stat -f now recognizes the GPFS, MQUEUE and PSTOREFS file system
+ types.
+
+ - timeout now supports sub-second timeouts.
+
+ Changes in behavior:
+
+ - chmod, chown and chgrp now output the original attributes in
+ messages, when -v or -c specified.
+
+ - cp -au (where --preserve=links is implicit) may now replace newer
+ files in the destination, to mirror hard links from the source.
+
+-------------------------------------------------------------------
+Sat Sep 17 23:29:33 UTC 2011 - jengelh@medozas.de
+
+- Remove redundant tags/sections from specfile
+
+-------------------------------------------------------------------
+Tue Aug 2 00:26:05 UTC 2011 - lchiquitto@suse.com
+
+- file-has-acl: use acl_extended_file_nofollow if available to
+ avoid triggering unwanted AutoFS mounts (bnc#701659).
+
+-------------------------------------------------------------------
+Tue May 3 16:42:41 CEST 2011 - pth@suse.de
+
+- Remove services.
+
+-------------------------------------------------------------------
++++ 1811 more lines (skipped)
++++ between /dev/null
++++ and /work/SRC/openSUSE:12.1:Update/.coreutils.1252.new/coreutils.changes
New:
----
baselibs.conf
coreutils-8.14.de.po.xz
coreutils-8.14.tar.xz
coreutils-8.6-compile-su-with-fpie.diff
coreutils-8.6-honor-settings-in-etc-default-su-resp-etc-login.defs.diff
coreutils-8.6-i18n.patch
coreutils-8.6-log-all-su-attempts.diff
coreutils-8.6-make-sure-sbin-resp-usr-sbin-are-in-PATH.diff
coreutils-8.6-pam-support-for-su.diff
coreutils-8.6-set-sane-default-path.diff
coreutils-8.6-update-man-page-for-pam.diff
coreutils-8.9-singlethreaded-sort.patch
coreutils-acl-nofollow.patch
coreutils-bnc#697897-setsid.patch
coreutils-cp-corrupt-fragmented-sparse.patch
coreutils-fix_tac.patch
coreutils-getaddrinfo.patch
coreutils-gl_printf_safe.patch
coreutils-i18n-infloop.patch
coreutils-i18n-no-alloca.patch
coreutils-i18n-uninit.patch
coreutils-invalid-ids.patch
coreutils-misc.patch
coreutils-ptr_int_casts.patch
coreutils-remove_hostname_documentation.patch
coreutils-sysinfo.patch
coreutils.changes
coreutils.spec
su.default
su.pamd
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ coreutils.spec ++++++
#
# spec file for package coreutils
#
# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: coreutils
Summary: GNU Core Utilities
License: GFDL-1.2 and GPL-2.0+ and GPL-3.0+
Group: System/Base
BuildRequires: help2man
BuildRequires: libacl-devel
BuildRequires: libcap-devel
BuildRequires: libselinux-devel
BuildRequires: pam-devel
BuildRequires: xz
Url: http://www.gnu.org/software/coreutils/
Version: 8.14
Release: 0
Provides: fileutils = %{version}
Provides: mktemp = %{version}
Provides: sh-utils = %{version}
Provides: stat = %{version}
Provides: textutils = %{version}
Obsoletes: fileutils < %{version}
Obsoletes: libselinux <= 1.23.11-3
Obsoletes: libselinux-32bit = 9
Obsoletes: libselinux-64bit = 9
Obsoletes: libselinux-x86 = 9
Obsoletes: mktemp < %{version}
Obsoletes: sh-utils < %{version}
Obsoletes: stat < %version}
Obsoletes: textutils < %{version}
PreReq: %{install_info_prereq}
Recommends: %{name}-lang = %version
Requires: pam >= 1.1.1.90
Source: coreutils-%{version}.tar.xz
Source1: su.pamd
Source2: su.default
Source3: baselibs.conf
Source4: coreutils-8.14.de.po.xz
Patch0: coreutils-misc.patch
Patch1: coreutils-remove_hostname_documentation.patch
Patch2: coreutils-gl_printf_safe.patch
Patch4: coreutils-8.6-i18n.patch
Patch5: coreutils-i18n-uninit.patch
Patch6: coreutils-i18n-infloop.patch
Patch8: coreutils-sysinfo.patch
Patch16: coreutils-invalid-ids.patch
Patch20: coreutils-8.6-pam-support-for-su.diff
Patch21: coreutils-8.6-update-man-page-for-pam.diff
Patch22: coreutils-8.6-log-all-su-attempts.diff
Patch23: coreutils-8.6-set-sane-default-path.diff
Patch24: coreutils-8.6-honor-settings-in-etc-default-su-resp-etc-login.defs.diff
Patch25: coreutils-8.6-make-sure-sbin-resp-usr-sbin-are-in-PATH.diff
#
Patch30: coreutils-8.6-compile-su-with-fpie.diff
Patch31: coreutils-getaddrinfo.patch
Patch32: coreutils-ptr_int_casts.patch
Patch33: coreutils-8.9-singlethreaded-sort.patch
Patch34: coreutils-bnc#697897-setsid.patch
Patch35: coreutils-acl-nofollow.patch
Patch36: coreutils-fix_tac.patch
#PATCH-FIX-UPSTREAM will be included in 8.20 [bnc#788459, bnc#788461]
Patch37: coreutils-cp-corrupt-fragmented-sparse.patch
#PATCH-FIX-SUSE avoid crashes due to alloca() in SUSE's i18n patch.
Patch38: coreutils-i18n-no-alloca.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
# this will create a cycle, broken up randomly - coreutils is just too core to have other
# prerequires
#PreReq: permissions
%description
Basic file, shell, and text manipulation utilities. The package
contains the following programs:
[ arch base64 basename cat chcon chgrp chmod chown chroot cksum comm cp
csplit cut date dd df dir dircolors dirname du echo env expand expr
factor false fmt fold groups head id install join kill link ln logname
ls md5sum mkdir mkfifo mknod mktemp mv nice nl nohup od paste pathchk
pinky pr printenv printf ptx pwd readlink rm rmdir runcon seq sha1sum
sha224sum sha256sum sha384sum sha512sum shred shuf sleep sort split
stat stty su sum sync tac tail tee test timeout touch tr true tsort tty
uname unexpand uniq unlink uptime users vdir wc who whoami yes
%lang_package
%prep
%setup -q
%patch4
%patch5
%patch6
%patch0
%patch1
%patch2
%patch8
%patch16
%patch20
%patch21
%patch22 -p1
%patch23 -p1
%patch24 -p1
%patch25 -p1
#
%patch30 -p1
%patch31
%patch32
%patch33
%patch34
%patch35
%patch36
%patch37
%patch38
xz -dc %{S:4} >po/de.po
%build
AUTOPOINT=true autoreconf -fi
export CFLAGS="%optflags -Wall"
%configure --libexecdir=%{_libdir} \
--without-included-regex \
--enable-install-program=arch,su \
gl_cv_func_printf_directive_n=yes \
gl_cv_func_isnanl_works=yes \
DEFAULT_POSIX2_VERSION=199209
make -C po update-po
make %{?_smp_mflags} V=1
%install
%makeinstall pkglibexecdir=%{_libdir}/%{name}
test -f %{buildroot}%{_bindir}/su || \
install src/su %{buildroot}%{_bindir}/su
install -d %{buildroot}/bin
for i in arch basename cat chgrp chmod chown cp date dd df echo false kill ln ls mkdir mknod mktemp mv pwd rm rmdir sleep sort stat stty su sync touch true uname readlink md5sum
do
mv %{buildroot}%{_bindir}/$i %{buildroot}/bin/$i
test $i = su && echo -n '%%attr(4755,root,root) '
echo /bin/$i
done > bin.files
ln -sf ../../bin/{basename,sort,stat,touch,readlink,md5sum} %{buildroot}%{_bindir}
install -d -m 755 %{buildroot}/etc/pam.d
install -m 644 %{S:1} %{buildroot}/etc/pam.d/su
install -m 644 %{S:1} %{buildroot}/etc/pam.d/su-l
install -d -m 755 %{buildroot}/etc/default
install -m 644 %{S:2} %{buildroot}/etc/default/su
echo '.so man1/test.1' > %{buildroot}/%{_mandir}/man1/\[.1
%find_lang %name
%post
%install_info --info-dir=%{_infodir} %{_infodir}/coreutils.info.gz
# may fail if permissions is not there, but there is no way around that
%set_permissions /bin/su
%postun
%install_info_delete --info-dir=%{_infodir} %{_infodir}/coreutils.info.gz
%verifyscript
%verify_permissions -e /bin/su
%files -f bin.files
%defattr(-,root,root)
%doc README NEWS
%config %{_sysconfdir}/pam.d/su
%config %{_sysconfdir}/pam.d/su-l
%config(noreplace) %{_sysconfdir}/default/su
%{_bindir}/*
%{_libdir}/%{name}
%doc %{_infodir}/coreutils.info*.gz
%doc %{_mandir}/man1/*.1.gz
%dir %{_prefix}/share/locale/*/LC_TIME
%files lang -f %name.lang
%defattr(-,root,root)
%changelog
++++++ baselibs.conf ++++++
targettype x86 package coreutils
+^/bin/uname$
prereq -glibc-x86
++++++ coreutils-8.6-compile-su-with-fpie.diff ++++++
From d1a49cccf99373293a88f5bce74857d5bb813e46 Mon Sep 17 00:00:00 2001
From: Thorsten Kukuk
Date: Tue, 17 Aug 2010 09:21:22 +0200
Subject: [PATCH 7/7] compile su with -fpie
---
lib/Makefile.am | 2 +-
src/Makefile.am | 5 +++++
2 files changed, 6 insertions(+), 1 deletions(-)
diff --git a/lib/Makefile.am b/lib/Makefile.am
index b4a591b..059928e 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -17,7 +17,7 @@
include gnulib.mk
-AM_CFLAGS += $(GNULIB_WARN_CFLAGS) $(WERROR_CFLAGS)
+AM_CFLAGS += $(GNULIB_WARN_CFLAGS) $(WERROR_CFLAGS) -fpie
libcoreutils_a_SOURCES += \
buffer-lcm.c buffer-lcm.h
diff --git a/src/Makefile.am b/src/Makefile.am
index 484f6c2..17600af 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -355,6 +355,11 @@ uptime_LDADD += $(GETLOADAVG_LIBS)
su_SOURCES = su.c getdef.c
su_LDADD += $(LIB_CRYPT) $(PAM_LIBS)
+su_CFLAGS = -fpie
+su_LDFLAGS = -pie
+timeout_CFLAGS = -fpie
+timeout_LDFLAGS = -pie
+
# for various ACL functions
copy_LDADD += $(LIB_ACL)
ls_LDADD += $(LIB_ACL)
--
1.7.1
++++++ coreutils-8.6-honor-settings-in-etc-default-su-resp-etc-login.defs.diff ++++++
From d776b1b67eb1bc1b815426fdf22f38b25ef1e2df Mon Sep 17 00:00:00 2001
From: Ludwig Nussel
Date: Mon, 9 Aug 2010 16:03:12 +0200
Subject: [PATCH 5/7] honor settings in /etc/default/su resp /etc/login.defs
---
src/Makefile.am | 1 +
src/getdef.c | 259 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
src/getdef.h | 29 ++++++
src/su.c | 13 +++-
4 files changed, 300 insertions(+), 2 deletions(-)
create mode 100644 src/getdef.c
create mode 100644 src/getdef.h
diff --git a/src/Makefile.am b/src/Makefile.am
index bc27274..484f6c2 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -352,6 +352,7 @@ factor_LDADD += $(LIB_GMP)
uptime_LDADD += $(GETLOADAVG_LIBS)
# for crypt and pam
+su_SOURCES = su.c getdef.c
su_LDADD += $(LIB_CRYPT) $(PAM_LIBS)
# for various ACL functions
diff --git a/src/getdef.c b/src/getdef.c
new file mode 100644
index 0000000..e1872cf
--- /dev/null
+++ b/src/getdef.c
@@ -0,0 +1,259 @@
+/* Copyright (C) 2003, 2004, 2005 Thorsten Kukuk
+ Author: Thorsten Kukuk
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License version 2 as
+ published by the Free Software Foundation.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation,
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */
+
+#ifdef HAVE_CONFIG_H
+#include
+#endif
+
+#define _GNU_SOURCE
+
+#include
+#include
+#include
+#include
+#include
+#include
+
+#include "getdef.h"
+
+struct item {
+ char *name; /* Name of the option. */
+ char *value; /* Value of the option. */
+ struct item *next; /* Pointer to next option. */
+};
+
+static struct item *list = NULL;
+
+void
+free_getdef_data (void)
+{
+ struct item *ptr;
+
+ ptr = list;
+ while (ptr != NULL)
+ {
+ struct item *tmp;
+ tmp = ptr->next;
+ free (ptr->name);
+ free (ptr->value);
+ free (ptr);
+ ptr = tmp;
+ }
+
+ list = NULL;
+}
+
+/* Add a new entry to the list. */
+static void
+store (const char *name, const char *value)
+{
+ struct item *new = malloc (sizeof (struct item));
+
+ if (new == NULL)
+ abort ();
+
+ if (name == NULL)
+ abort ();
+
+ new->name = strdup (name);
+ new->value = strdup (value ?: "");
+ new->next = list;
+ list = new;
+}
+
+/* Search a special entry in the list and return the value. */
+static const char *
+search (const char *name)
+{
+ struct item *ptr;
+
+ ptr = list;
+ while (ptr != NULL)
+ {
+ if (strcasecmp (name, ptr->name) == 0)
+ return ptr->value;
+ ptr = ptr->next;
+ }
+
+ return NULL;
+}
+
+/* Load the login.defs file (/etc/login.defs). */
+static void
+load_defaults_internal (const char *filename)
+{
+ FILE *fp;
+ char *buf = NULL;
+ size_t buflen = 0;
+
+ fp = fopen (filename, "r");
+ if (NULL == fp)
+ return;
+
+ while (!feof (fp))
+ {
+ char *tmp, *cp;
+#if defined(HAVE_GETLINE)
+ ssize_t n = getline (&buf, &buflen, fp);
+#elif defined (HAVE_GETDELIM)
+ ssize_t n = getdelim (&buf, &buflen, '\n', fp);
+#else
+ ssize_t n;
+
+ if (buf == NULL)
+ {
+ buflen = 8096;
+ buf = malloc (buflen);
+ }
+ buf[0] = '\0';
+ fgets (buf, buflen - 1, fp);
+ if (buf != NULL)
+ n = strlen (buf);
+ else
+ n = 0;
+#endif /* HAVE_GETLINE / HAVE_GETDELIM */
+ cp = buf;
+
+ if (n < 1)
+ break;
+
+ tmp = strchr (cp, '#'); /* remove comments */
+ if (tmp)
+ *tmp = '\0';
+ while (isspace ((unsigned char) *cp)) /* remove spaces and tabs */
+ ++cp;
+ if (*cp == '\0') /* ignore empty lines */
+ continue;
+
+ if (cp[strlen (cp) - 1] == '\n')
+ cp[strlen (cp) - 1] = '\0';
+
+ tmp = strsep (&cp, " \t=");
+ if (cp != NULL)
+ while (isspace ((unsigned char) *cp) || *cp == '=')
+ ++cp;
+
+ store (tmp, cp);
+ }
+ fclose (fp);
+
+ if (buf)
+ free (buf);
+}
+
+static void
+load_defaults (void)
+{
+ load_defaults_internal ("/etc/default/su");
+ load_defaults_internal ("/etc/login.defs");
+}
+
+int
+getdef_bool (const char *name, int dflt)
+{
+ const char *val;
+
+ if (list == NULL)
+ load_defaults ();
+
+ val = search (name);
+
+ if (val == NULL)
+ return dflt;
+
+ return (strcasecmp (val, "yes") == 0);
+}
+
+long
+getdef_num (const char *name, long dflt)
+{
+ const char *val;
+ char *cp;
+ long retval;
+
+ if (list == NULL)
+ load_defaults ();
+
+ val = search (name);
+
+ if (val == NULL)
+ return dflt;
+
+ errno = 0;
+ retval = strtol (val, &cp, 0);
+ if (*cp != '\0'
+ || ((retval == LONG_MAX || retval == LONG_MIN) && errno == ERANGE))
+ {
+ fprintf (stderr,
+ "%s contains invalid numerical value: %s!\n",
+ name, val);
+ retval = dflt;
+ }
+ return retval;
+}
+
+unsigned long
+getdef_unum (const char *name, unsigned long dflt)
+{
+ const char *val;
+ char *cp;
+ unsigned long retval;
+
+ if (list == NULL)
+ load_defaults ();
+
+ val = search (name);
+
+ if (val == NULL)
+ return dflt;
+
+ errno = 0;
+ retval = strtoul (val, &cp, 0);
+ if (*cp != '\0' || (retval == ULONG_MAX && errno == ERANGE))
+ {
+ fprintf (stderr,
+ "%s contains invalid numerical value: %s!\n",
+ name, val);
+ retval = dflt;
+ }
+ return retval;
+}
+
+const char *
+getdef_str (const char *name, const char *dflt)
+{
+ const char *retval;
+
+ if (list == NULL)
+ load_defaults ();
+
+ retval = search (name);
+
+ return retval ?: dflt;
+}
+
+#if defined(TEST)
+
+int
+main ()
+{
+ printf ("CYPT=%s\n", getdef_str ("cRypt", "no"));
+ printf ("LOG_UNKFAIL_ENAB=%s\n", getdef_str ("log_unkfail_enab",""));
+ printf ("DOESNOTEXIST=%s\n", getdef_str ("DOESNOTEXIST","yes"));
+ return 0;
+}
+
+#endif
diff --git a/src/getdef.h b/src/getdef.h
new file mode 100644
index 0000000..2e86cf9
--- /dev/null
+++ b/src/getdef.h
@@ -0,0 +1,29 @@
+/* Copyright (C) 2003, 2005 Thorsten Kukuk
+ Author: Thorsten Kukuk
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License version 2 as
+ published by the Free Software Foundation.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation,
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */
+
+#ifndef _GETDEF_H_
+
+#define _GETDEF_H_ 1
+
+extern int getdef_bool (const char *name, int dflt);
+extern long getdef_num (const char *name, long dflt);
+extern unsigned long getdef_unum (const char *name, unsigned long dflt);
+extern const char *getdef_str (const char *name, const char *dflt);
+
+/* Free all data allocated by getdef_* calls before. */
+extern void free_getdef_data (void);
+
+#endif /* _GETDEF_H_ */
diff --git a/src/su.c b/src/su.c
index 0071622..eaef195 100644
--- a/src/su.c
+++ b/src/su.c
@@ -111,6 +111,8 @@
# include
#endif
+#include "getdef.h"
+
/* The default PATH for simulated logins to non-superuser accounts. */
#define DEFAULT_LOGIN_PATH "/usr/local/bin:/bin:/usr/bin"
@@ -475,8 +477,8 @@ modify_environment (const struct passwd *pw, const char *shell)
xsetenv ("USER", pw->pw_name);
xsetenv ("LOGNAME", pw->pw_name);
xsetenv ("PATH", (pw->pw_uid
- ? DEFAULT_LOGIN_PATH
- : DEFAULT_ROOT_LOGIN_PATH));
+ ? getdef_str ("PATH", DEFAULT_LOGIN_PATH)
+ : getdef_str ("SUPATH", DEFAULT_ROOT_LOGIN_PATH)));
}
else
{
@@ -486,6 +488,12 @@ modify_environment (const struct passwd *pw, const char *shell)
{
xsetenv ("HOME", pw->pw_dir);
xsetenv ("SHELL", shell);
+ if (getdef_bool ("ALWAYS_SET_PATH", 0))
+ xsetenv ("PATH", (pw->pw_uid
+ ? getdef_str ("PATH",
+ DEFAULT_LOGIN_PATH)
+ : getdef_str ("SUPATH",
+ DEFAULT_ROOT_LOGIN_PATH)));
if (pw->pw_uid)
{
xsetenv ("USER", pw->pw_name);
@@ -720,6 +728,7 @@ main (int argc, char **argv)
#ifdef SYSLOG_FAILURE
log_su (pw, false);
#endif
+ sleep (getdef_num ("FAIL_DELAY", 1));
error (EXIT_CANCELED, 0, _("incorrect password"));
}
#ifdef SYSLOG_SUCCESS
--
1.7.1
++++++ coreutils-8.6-i18n.patch ++++++
++++ 4160 lines (skipped)
++++++ coreutils-8.6-log-all-su-attempts.diff ++++++
From f2ea0c33d8c25ee40e7fe7a16d0994c8069bc120 Mon Sep 17 00:00:00 2001
From: Ludwig Nussel
Date: Tue, 17 Aug 2010 13:22:01 +0200
Subject: [PATCH 3/7] log all su attempts
---
src/su.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/src/su.c b/src/su.c
index 1d3d007..2a9e423 100644
--- a/src/su.c
+++ b/src/su.c
@@ -75,6 +75,9 @@
#if HAVE_SYSLOG_H && HAVE_SYSLOG
# include
+# define SYSLOG_SUCCESS 1
+# define SYSLOG_FAILURE 1
+# define SYSLOG_NON_ROOT 1
#else
# undef SYSLOG_SUCCESS
# undef SYSLOG_FAILURE
--
1.7.1
++++++ coreutils-8.6-make-sure-sbin-resp-usr-sbin-are-in-PATH.diff ++++++
From b43728c1f0c7abe90e73369542564d3ad4704963 Mon Sep 17 00:00:00 2001
From: Werner Fink
Date: Tue, 17 Aug 2010 09:09:55 +0200
Subject: [PATCH 6/7] make sure /sbin resp /usr/sbin are in PATH
---
src/su.c | 127 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 127 insertions(+), 0 deletions(-)
diff --git a/src/su.c b/src/su.c
index eaef195..d78f968 100644
--- a/src/su.c
+++ b/src/su.c
@@ -455,6 +455,117 @@ correct_password (const struct passwd *pw)
#endif /* !USE_PAM */
}
+/* Add or clear /sbin and /usr/sbin for the su command
+ used without `-'. */
+
+/* Set if /sbin is found in path. */
+#define SBIN_MASK 0x01
+/* Set if /usr/sbin is found in path. */
+#define USBIN_MASK 0x02
+
+static char *
+addsbin (const char *const path)
+{
+ unsigned char smask = 0;
+ char *ptr, *tmp, *cur, *ret = NULL;
+ size_t len;
+
+ if (!path || *path == 0)
+ return NULL;
+
+ tmp = xstrdup (path);
+ cur = tmp;
+ for (ptr = strsep (&cur, ":"); ptr != NULL; ptr = strsep (&cur, ":"))
+ {
+ if (!strcmp (ptr, "/sbin"))
+ smask |= SBIN_MASK;
+ if (!strcmp (ptr, "/usr/sbin"))
+ smask |= USBIN_MASK;
+ }
+
+ if ((smask & (USBIN_MASK|SBIN_MASK)) == (USBIN_MASK|SBIN_MASK))
+ {
+ free (tmp);
+ return NULL;
+ }
+
+ len = strlen (path);
+ if (!(smask & USBIN_MASK))
+ len += strlen ("/usr/sbin:");
+
+ if (!(smask & SBIN_MASK))
+ len += strlen (":/sbin");
+
+ ret = xmalloc (len + 1);
+ strcpy (tmp, path);
+
+ *ret = 0;
+ cur = tmp;
+ for (ptr = strsep (&cur, ":"); ptr; ptr = strsep (&cur, ":"))
+ {
+ if (!strcmp (ptr, "."))
+ continue;
+ if (*ret)
+ strcat (ret, ":");
+ if (!(smask & USBIN_MASK) && !strcmp (ptr, "/bin"))
+ {
+ strcat (ret, "/usr/sbin:");
+ strcat (ret, ptr);
+ smask |= USBIN_MASK;
+ continue;
+ }
+ if (!(smask & SBIN_MASK) && !strcmp (ptr, "/usr/bin"))
+ {
+ strcat (ret, ptr);
+ strcat (ret, ":/sbin");
+ smask |= SBIN_MASK;
+ continue;
+ }
+ strcat (ret, ptr);
+ }
+ free (tmp);
+
+ if (!(smask & USBIN_MASK))
+ strcat (ret, ":/usr/sbin");
+
+ if (!(smask & SBIN_MASK))
+ strcat (ret, ":/sbin");
+
+ return ret;
+}
+
+static char *
+clearsbin (const char *const path)
+{
+ char *ptr, *tmp, *cur, *ret = NULL;
+
+ if (!path || *path == 0)
+ return NULL;
+
+ tmp = strdup (path);
+ if (!tmp)
+ return NULL;
+
+ ret = xmalloc (strlen (path) + 1);
+ *ret = 0;
+ cur = tmp;
+ for (ptr = strsep (&cur, ":"); ptr; ptr = strsep (&cur, ":"))
+ {
+ if (!strcmp (ptr, "/sbin"))
+ continue;
+ if (!strcmp (ptr, "/usr/sbin"))
+ continue;
+ if (!strcmp (ptr, "/usr/local/sbin"))
+ continue;
+ if (*ret)
+ strcat (ret, ":");
+ strcat (ret, ptr);
+ }
+ free (tmp);
+
+ return ret;
+}
+
/* Update `environ' for the new shell based on PW, with SHELL being
the value for the SHELL environment variable. */
@@ -494,6 +605,22 @@ modify_environment (const struct passwd *pw, const char *shell)
DEFAULT_LOGIN_PATH)
: getdef_str ("SUPATH",
DEFAULT_ROOT_LOGIN_PATH)));
+ else
+ {
+ char const *path = getenv ("PATH");
+ char *new = NULL;
+
+ if (pw->pw_uid)
+ new = clearsbin (path);
+ else
+ new = addsbin (path);
+
+ if (new)
+ {
+ xsetenv ("PATH", new);
+ free (new);
+ }
+ }
if (pw->pw_uid)
{
xsetenv ("USER", pw->pw_name);
--
1.7.1
++++++ coreutils-8.6-pam-support-for-su.diff ++++++
From 8b1e75c55ea6be5c8639c98b73ecfa0cf15226ce Mon Sep 17 00:00:00 2001
From: Ludwig Nussel
Date: Tue, 17 Aug 2010 13:21:44 +0200
Subject: [PATCH 1/7] pam support for su
---
configure.ac | 14 +++
src/Makefile.am | 4 +-
src/su.c | 266 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-
3 files changed, 278 insertions(+), 6 deletions(-)
Index: configure.ac
===================================================================
--- configure.ac.orig 2011-01-03 13:27:37.268088087 +0100
+++ configure.ac 2011-01-03 13:28:05.256895209 +0100
@@ -134,6 +134,20 @@ fi
AC_FUNC_FORK
+AC_ARG_ENABLE(pam, AS_HELP_STRING([--disable-pam],
+ [Enable PAM support in su (default=auto)]), , [enable_pam=yes])
+if test "x$enable_pam" != xno; then
+ AC_CHECK_LIB([pam], [pam_start], [enable_pam=yes], [enable_pam=no])
+ AC_CHECK_LIB([pam_misc], [misc_conv], [:], [enable_pam=no])
+ if test "x$enable_pam" != xno; then
+ AC_DEFINE(USE_PAM, 1, [Define if you want to use PAM])
+ PAM_LIBS="-lpam -lpam_misc"
+ AC_SUBST(PAM_LIBS)
+ fi
+fi
+AC_MSG_CHECKING([whether to enable PAM support in su])
+AC_MSG_RESULT([$enable_pam])
+
optional_bin_progs=
AC_CHECK_FUNCS([chroot],
gl_ADD_PROG([optional_bin_progs], [chroot]))
Index: src/Makefile.am
===================================================================
--- src/Makefile.am.orig 2011-01-03 13:27:37.268088087 +0100
+++ src/Makefile.am 2011-01-03 13:28:16.038206110 +0100
@@ -351,8 +351,8 @@ factor_LDADD += $(LIB_GMP)
# for getloadavg
uptime_LDADD += $(GETLOADAVG_LIBS)
-# for crypt
-su_LDADD += $(LIB_CRYPT)
+# for crypt and pam
+su_LDADD += $(LIB_CRYPT) $(PAM_LIBS)
# for various ACL functions
copy_LDADD += $(LIB_ACL)
Index: src/su.c
===================================================================
--- src/su.c.orig 2011-01-03 13:27:37.268088087 +0100
+++ src/su.c 2011-01-03 13:28:16.177210120 +0100
@@ -37,6 +37,16 @@
restricts who can su to UID 0 accounts. RMS considers that to
be fascist.
+#ifdef USE_PAM
+
+ Actually, with PAM, su has nothing to do with whether or not a
+ wheel group is enforced by su. RMS tries to restrict your access
+ to a su which implements the wheel group, but PAM considers that
+ to be fascist, and gives the user/sysadmin the opportunity to
+ enforce a wheel group by proper editing of /etc/pam.d/su
+
+#endif
+
Compile-time options:
-DSYSLOG_SUCCESS Log successful su's (by default, to root) with syslog.
-DSYSLOG_FAILURE Log failed su's (by default, to root) with syslog.
@@ -52,6 +62,13 @@
#include
#include
#include
+#ifdef USE_PAM
+#include
+#include
+#include
+#include
+#include
+#endif
#include "system.h"
#include "getpass.h"
@@ -111,7 +128,9 @@
/* The user to become if none is specified. */
#define DEFAULT_USER "root"
+#ifndef USE_PAM
char *crypt (char const *key, char const *salt);
+#endif
static void run_shell (char const *, char const *, char **, size_t)
ATTRIBUTE_NORETURN;
@@ -125,6 +144,11 @@ static bool simulate_login;
/* If true, change some environment vars to indicate the user su'd to. */
static bool change_environment;
+#ifdef USE_PAM
+static bool _pam_session_opened;
+static bool _pam_cred_established;
+#endif
+
static struct option const longopts[] =
{
{"command", required_argument, NULL, 'c'},
@@ -200,7 +224,164 @@ log_su (struct passwd const *pw, bool su
}
#endif
+#ifdef USE_PAM
+#define PAM_SERVICE_NAME PROGRAM_NAME
+#define PAM_SERVICE_NAME_L PROGRAM_NAME "-l"
+static sig_atomic_t volatile caught_signal = false;
+static pam_handle_t *pamh = NULL;
+static int retval;
+static struct pam_conv conv =
+{
+ misc_conv,
+ NULL
+};
+
+#define PAM_BAIL_P(a) \
+ if (retval) \
+ { \
+ pam_end (pamh, retval); \
+ a; \
+ }
+
+static void
+cleanup_pam (int retcode)
+{
+ if (_pam_session_opened)
+ pam_close_session (pamh, 0);
+
+ if (_pam_cred_established)
+ pam_setcred (pamh, PAM_DELETE_CRED | PAM_SILENT);
+
+ pam_end(pamh, retcode);
+}
+
+/* Signal handler for parent process. */
+static void
+su_catch_sig (int sig)
+{
+ caught_signal = true;
+}
+
+/* Export env variables declared by PAM modules. */
+static void
+export_pamenv (void)
+{
+ char **env;
+
+ /* This is a copy but don't care to free as we exec later anyways. */
+ env = pam_getenvlist (pamh);
+ while (env && *env)
+ {
+ if (putenv (*env) != 0)
+ xalloc_die ();
+ env++;
+ }
+}
+
+static void
+create_watching_parent (void)
+{
+ pid_t child;
+ sigset_t ourset;
+ int status = 0;
+
+ retval = pam_open_session (pamh, 0);
+ if (retval != PAM_SUCCESS)
+ {
+ cleanup_pam (retval);
+ error (EXIT_FAILURE, 0, _("cannot not open session: %s"),
+ pam_strerror (pamh, retval));
+ }
+ else
+ _pam_session_opened = 1;
+
+ child = fork ();
+ if (child == (pid_t) -1)
+ {
+ cleanup_pam (PAM_ABORT);
+ error (EXIT_FAILURE, errno, _("cannot create child process"));
+ }
+
+ /* the child proceeds to run the shell */
+ if (child == 0)
+ return;
+
+ /* In the parent watch the child. */
+
+ /* su without pam support does not have a helper that keeps
+ sitting on any directory so let's go to /. */
+ if (chdir ("/") != 0)
+ error (0, errno, _("warning: cannot change directory to %s"), "/");
+
+ sigfillset (&ourset);
+ if (sigprocmask (SIG_BLOCK, &ourset, NULL))
+ {
+ error (0, errno, _("cannot block signals"));
+ caught_signal = true;
+ }
+ if (!caught_signal)
+ {
+ struct sigaction action;
+ action.sa_handler = su_catch_sig;
+ sigemptyset (&action.sa_mask);
+ action.sa_flags = 0;
+ sigemptyset (&ourset);
+ if (sigaddset (&ourset, SIGTERM)
+ || sigaddset (&ourset, SIGALRM)
+ || sigaction (SIGTERM, &action, NULL)
+ || sigprocmask (SIG_UNBLOCK, &ourset, NULL))
+ {
+ error (0, errno, _("cannot set signal handler"));
+ caught_signal = true;
+ }
+ }
+ if (!caught_signal)
+ {
+ pid_t pid;
+ for (;;)
+ {
+ pid = waitpid (child, &status, WUNTRACED);
+
+ if (pid != (pid_t)-1 && WIFSTOPPED (status))
+ {
+ kill (getpid (), SIGSTOP);
+ /* once we get here, we must have resumed */
+ kill (pid, SIGCONT);
+ }
+ else
+ break;
+ }
+ if (pid != (pid_t)-1)
+ if (WIFSIGNALED (status))
+ status = WTERMSIG (status) + 128;
+ else
+ status = WEXITSTATUS (status);
+ else
+ status = 1;
+ }
+ else
+ status = 1;
+
+ if (caught_signal)
+ {
+ fprintf (stderr, _("\nSession terminated, killing shell..."));
+ kill (child, SIGTERM);
+ }
+
+ cleanup_pam (PAM_SUCCESS);
+
+ if (caught_signal)
+ {
+ sleep (2);
+ kill (child, SIGKILL);
+ fprintf (stderr, _(" ...killed.\n"));
+ }
+ exit (status);
+}
+#endif
+
/* Ask the user for a password.
+ If PAM is in use, let PAM ask for the password if necessary.
Return true if the user gives the correct password for entry PW,
false if not. Return true without asking for a password if run by UID 0
or if PW has an empty password. */
@@ -208,10 +389,52 @@ log_su (struct passwd const *pw, bool su
static bool
correct_password (const struct passwd *pw)
{
+#ifdef USE_PAM
+ const struct passwd *lpw;
+ const char *cp;
+
+ retval = pam_start (simulate_login ? PAM_SERVICE_NAME_L : PAM_SERVICE_NAME,
+ pw->pw_name, &conv, &pamh);
+ PAM_BAIL_P (return false);
+
+ if (isatty (0) && (cp = ttyname (0)) != NULL)
+ {
+ const char *tty;
+
+ if (strncmp (cp, "/dev/", 5) == 0)
+ tty = cp + 5;
+ else
+ tty = cp;
+ retval = pam_set_item (pamh, PAM_TTY, tty);
+ PAM_BAIL_P (return false);
+ }
+#if 0 /* Manpage discourages use of getlogin. */
+ cp = getlogin ();
+ if (!(cp && *cp && (lpw = getpwnam (cp)) != NULL && lpw->pw_uid == getuid ()))
+#endif
+ lpw = getpwuid (getuid ());
+ if (lpw && lpw->pw_name)
+ {
+ retval = pam_set_item (pamh, PAM_RUSER, (const void *) lpw->pw_name);
+ PAM_BAIL_P (return false);
+ }
+ retval = pam_authenticate (pamh, 0);
+ PAM_BAIL_P (return false);
+ retval = pam_acct_mgmt (pamh, 0);
+ if (retval == PAM_NEW_AUTHTOK_REQD)
+ {
+ /* Password has expired. Offer option to change it. */
+ retval = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
+ PAM_BAIL_P (return false);
+ }
+ PAM_BAIL_P (return false);
+ /* Must be authenticated if this point was reached. */
+ return true;
+#else /* !USE_PAM */
char *unencrypted, *encrypted, *correct;
#if HAVE_GETSPNAM && HAVE_STRUCT_SPWD_SP_PWDP
/* Shadow passwd stuff for SVR3 and maybe other systems. */
- struct spwd *sp = getspnam (pw->pw_name);
+ const struct spwd *sp = getspnam (pw->pw_name);
endspent ();
if (sp)
@@ -232,6 +455,7 @@ correct_password (const struct passwd *p
encrypted = crypt (unencrypted, correct);
memset (unencrypted, 0, strlen (unencrypted));
return STREQ (encrypted, correct);
+#endif /* !USE_PAM */
}
/* Update `environ' for the new shell based on PW, with SHELL being
@@ -274,19 +498,41 @@ modify_environment (const struct passwd
}
}
}
+
+#ifdef USE_PAM
+ export_pamenv ();
+#endif
}
/* Become the user and group(s) specified by PW. */
static void
-change_identity (const struct passwd *pw)
+init_groups (const struct passwd *pw)
{
#ifdef HAVE_INITGROUPS
errno = 0;
if (initgroups (pw->pw_name, pw->pw_gid) == -1)
- error (EXIT_CANCELED, errno, _("cannot set groups"));
+ {
+#ifdef USE_PAM
+ cleanup_pam (PAM_ABORT);
+#endif
+ error (EXIT_FAILURE, errno, _("cannot set groups"));
+ }
endgrent ();
#endif
+
+#ifdef USE_PAM
+ retval = pam_setcred (pamh, PAM_ESTABLISH_CRED);
+ if (retval != PAM_SUCCESS)
+ error (EXIT_FAILURE, 0, "%s", pam_strerror (pamh, retval));
+ else
+ _pam_cred_established = 1;
+#endif
+}
+
+static void
+change_identity (const struct passwd *pw)
+{
if (setgid (pw->pw_gid))
error (EXIT_CANCELED, errno, _("cannot set group id"));
if (setuid (pw->pw_uid))
@@ -500,9 +746,21 @@ main (int argc, char **argv)
shell = NULL;
}
shell = xstrdup (shell ? shell : pw->pw_shell);
- modify_environment (pw, shell);
+
+ init_groups (pw);
+
+#ifdef USE_PAM
+ create_watching_parent ();
+ /* Now we're in the child. */
+#endif
change_identity (pw);
+
+ /* Set environment after pam_open_session, which may put KRB5CCNAME
+ into the pam_env, etc. */
+
+ modify_environment (pw, shell);
+
if (simulate_login && chdir (pw->pw_dir) != 0)
error (0, errno, _("warning: cannot change directory to %s"), pw->pw_dir);
++++++ coreutils-8.6-set-sane-default-path.diff ++++++
From 3c13edc2b9aeab8f24e60a62ab5e8a8db554486f Mon Sep 17 00:00:00 2001
From: Ludwig Nussel
Date: Mon, 9 Aug 2010 16:02:30 +0200
Subject: [PATCH 4/7] set sane default path
---
src/su.c | 12 ++----------
1 files changed, 2 insertions(+), 10 deletions(-)
diff --git a/src/su.c b/src/su.c
index 2a9e423..0071622 100644
--- a/src/su.c
+++ b/src/su.c
@@ -112,18 +112,10 @@
#endif
/* The default PATH for simulated logins to non-superuser accounts. */
-#ifdef _PATH_DEFPATH
-# define DEFAULT_LOGIN_PATH _PATH_DEFPATH
-#else
-# define DEFAULT_LOGIN_PATH ":/usr/ucb:/bin:/usr/bin"
-#endif
+#define DEFAULT_LOGIN_PATH "/usr/local/bin:/bin:/usr/bin"
/* The default PATH for simulated logins to superuser accounts. */
-#ifdef _PATH_DEFPATH_ROOT
-# define DEFAULT_ROOT_LOGIN_PATH _PATH_DEFPATH_ROOT
-#else
-# define DEFAULT_ROOT_LOGIN_PATH "/usr/ucb:/bin:/usr/bin:/etc"
-#endif
+#define DEFAULT_ROOT_LOGIN_PATH "/usr/sbin:/bin:/usr/bin:/sbin"
/* The shell to run if none is given in the user's passwd entry. */
#define DEFAULT_SHELL "/bin/sh"
--
1.7.1
++++++ coreutils-8.6-update-man-page-for-pam.diff ++++++
From 13ed7b537ae655c6d67965f1486aa2e3b181e574 Mon Sep 17 00:00:00 2001
From: Ludwig Nussel
Date: Tue, 17 Aug 2010 08:59:35 +0200
Subject: [PATCH 2/7] update man page for pam
---
doc/coreutils.texi | 34 +++++-----------------------------
1 files changed, 5 insertions(+), 29 deletions(-)
Index: doc/coreutils.texi
===================================================================
--- doc/coreutils.texi.orig 2011-01-05 14:27:40.715232991 +0100
+++ doc/coreutils.texi 2011-01-05 14:27:41.929267939 +0100
@@ -15290,8 +15290,11 @@ to certain shells, etc.).
@findex syslog
@command{su} can optionally be compiled to use @code{syslog} to report
failed, and optionally successful, @command{su} attempts. (If the system
-supports @code{syslog}.) However, GNU @command{su} does not check if the
-user is a member of the @code{wheel} group; see below.
+supports @code{syslog}.)
+
+This version of @command{su} has support for using PAM for
+authentication. You can edit @file{/etc/pam.d/su} resp @file{/etc/pam.d/su-l}
+to customize its behaviour.
The program accepts the following options. Also see @ref{Common options}.
@@ -15372,33 +15375,6 @@ Exit status:
the exit status of the subshell otherwise
@end display
-@cindex wheel group, not supported
-@cindex group wheel, not supported
-@cindex fascism
-@subsection Why GNU @command{su} does not support the @samp{wheel} group
-
-(This section is by Richard Stallman.)
-
-@cindex Twenex
-@cindex MIT AI lab
-Sometimes a few of the users try to hold total power over all the
-rest. For example, in 1984, a few users at the MIT AI lab decided to
-seize power by changing the operator password on the Twenex system and
-keeping it secret from everyone else. (I was able to thwart this coup
-and give power back to the users by patching the kernel, but I
-wouldn't know how to do that in Unix.)
-
-However, occasionally the rulers do tell someone. Under the usual
-@command{su} mechanism, once someone learns the root password who
-sympathizes with the ordinary users, he or she can tell the rest. The
-``wheel group'' feature would make this impossible, and thus cement the
-power of the rulers.
-
-I'm on the side of the masses, not that of the rulers. If you are
-used to supporting the bosses and sysadmins in whatever they do, you
-might find this idea strange at first.
-
-
@node timeout invocation
@section @command{timeout}: Run a command with a time limit
++++++ coreutils-8.9-singlethreaded-sort.patch ++++++
Index: src/sort.c
===================================================================
--- src/sort.c.orig
+++ src/sort.c
@@ -5288,7 +5288,11 @@ main (int argc, char **argv)
{
if (!nthreads)
{
- unsigned long int np = num_processors (NPROC_CURRENT_OVERRIDABLE);
+ unsigned long int np;
+ if (getenv("OMP_NUM_THREADS"))
+ np = num_processors (NPROC_CURRENT_OVERRIDABLE);
+ else
+ np = 1;
nthreads = MIN (np, DEFAULT_MAX_THREADS);
}
++++++ coreutils-acl-nofollow.patch ++++++
commit 95f7c57ff4090a5dee062044d2c7b99879077808
Author: Kamil Dudka
Date: Fri Jul 22 14:48:42 2011 +0200
file-has-acl: use acl_extended_file_nofollow if available
* lib/acl-internal.h (HAVE_ACL_EXTENDED_FILE): New macro.
(acl_extended_file): New macro.
* lib/file-has-acl.c (file_has_acl): Use acl_extended_file_nofollow.
* m4/acl.m4 (gl_FUNC_ACL): Check for acl_extended_file_nofollow.
This addresses http://bugzilla.redhat.com/692823.
Index: lib/acl-internal.h
===================================================================
--- lib/acl-internal.h.orig 2011-10-05 17:31:39.000000000 +0200
+++ lib/acl-internal.h 2011-10-13 16:02:40.895813897 +0200
@@ -133,6 +133,12 @@ rpl_acl_set_fd (int fd, acl_t acl)
# endif
/* Linux-specific */
+# ifndef HAVE_ACL_EXTENDED_FILE_NOFOLLOW
+# define HAVE_ACL_EXTENDED_FILE_NOFOLLOW false
+# define acl_extended_file_nofollow(name) (-1)
+# endif
+
+/* Linux-specific */
# ifndef HAVE_ACL_FROM_MODE
# define HAVE_ACL_FROM_MODE false
# define acl_from_mode(mode) (NULL)
Index: lib/file-has-acl.c
===================================================================
--- lib/file-has-acl.c.orig 2011-10-05 17:31:39.000000000 +0200
+++ lib/file-has-acl.c 2011-10-13 16:02:40.895813897 +0200
@@ -454,12 +454,20 @@ file_has_acl (char const *name, struct s
/* Linux, FreeBSD, MacOS X, IRIX, Tru64 */
int ret;
- if (HAVE_ACL_EXTENDED_FILE) /* Linux */
+ if (HAVE_ACL_EXTENDED_FILE || HAVE_ACL_EXTENDED_FILE_NOFOLLOW) /* Linux */
{
+# if HAVE_ACL_EXTENDED_FILE_NOFOLLOW
+ /* acl_extended_file_nofollow() uses lgetxattr() in order to prevent
+ unnecessary mounts, but it returns the same result as we already
+ know that NAME is not a symbolic link at this point (modulo the
+ TOCTTOU race condition). */
+ ret = acl_extended_file_nofollow (name);
+# else
/* On Linux, acl_extended_file is an optimized function: It only
makes two calls to getxattr(), one for ACL_TYPE_ACCESS, one for
ACL_TYPE_DEFAULT. */
ret = acl_extended_file (name);
+# endif
}
else /* FreeBSD, MacOS X, IRIX, Tru64 */
{
Index: m4/acl.m4
===================================================================
--- m4/acl.m4.orig 2011-10-05 17:31:39.000000000 +0200
+++ m4/acl.m4 2011-10-13 16:02:40.895813897 +0200
@@ -33,7 +33,7 @@ AC_DEFUN([gl_FUNC_ACL],
AC_CHECK_FUNCS(
[acl_get_file acl_get_fd acl_set_file acl_set_fd \
acl_free acl_from_mode acl_from_text \
- acl_delete_def_file acl_extended_file \
+ acl_delete_def_file acl_extended_file acl_extended_file_nofollow \
acl_delete_fd_np acl_delete_file_np \
acl_copy_ext_native acl_create_entry_np \
acl_to_short_text acl_free_text])
Index: ChangeLog
===================================================================
--- ChangeLog.orig 2011-10-12 11:56:55.000000000 +0200
+++ ChangeLog 2011-10-13 16:04:55.772001787 +0200
@@ -751,6 +751,14 @@
MacOS X 10.7 has an fdatasync that is not declared, and is rumored to
be ineffective. (Bug#9141)
+2011-07-22 Kamil Dudka
+
+ file-has-acl: use acl_extended_file_nofollow if available
+ * lib/acl-internal.h (HAVE_ACL_EXTENDED_FILE): New macro.
+ (acl_extended_file): New macro.
+ * lib/file-has-acl.c (file_has_acl): Use acl_extended_file_nofollow.
+ * m4/acl.m4 (gl_FUNC_ACL): Check for acl_extended_file_nofollow.
+
2011-07-20 Mike Frysinger
dircolors: add screen.Eterm terminal type
++++++ coreutils-bnc#697897-setsid.patch ++++++
Index: src/su.c
===================================================================
--- src/su.c.orig 2012-03-27 03:56:34.823879996 +0200
+++ src/su.c 2012-03-27 03:56:53.452427731 +0200
@@ -141,6 +141,9 @@ static bool simulate_login;
/* If true, change some environment vars to indicate the user su'd to. */
static bool change_environment;
+/* If true, then don't call setsid() with a command. */
+int same_session = 0;
+
#ifdef USE_PAM
static bool _pam_session_opened;
static bool _pam_cred_established;
@@ -149,6 +152,7 @@ static bool _pam_cred_established;
static struct option const longopts[] =
{
{"command", required_argument, NULL, 'c'},
+ {"session-command", required_argument, NULL, 'C'},
{"fast", no_argument, NULL, 'f'},
{"login", no_argument, NULL, 'l'},
{"preserve-environment", no_argument, NULL, 'p'},
@@ -323,14 +327,29 @@ create_watching_parent (void)
sigemptyset (&action.sa_mask);
action.sa_flags = 0;
sigemptyset (&ourset);
- if (sigaddset (&ourset, SIGTERM)
- || sigaddset (&ourset, SIGALRM)
- || sigaction (SIGTERM, &action, NULL)
- || sigprocmask (SIG_UNBLOCK, &ourset, NULL))
- {
+
+ if (!same_session)
+ {
+ if (sigaddset(&ourset, SIGINT) || sigaddset(&ourset, SIGQUIT))
+ {
+ error (0, errno, _("cannot set signal handler"));
+ caught_signal = true;
+ }
+ }
+ if (!caught_signal && (sigaddset(&ourset, SIGTERM)
+ || sigaddset(&ourset, SIGALRM)
+ || sigaction(SIGTERM, &action, NULL)
+ || sigprocmask(SIG_UNBLOCK, &ourset, NULL)))
+ {
error (0, errno, _("cannot set signal handler"));
caught_signal = true;
}
+ if (!caught_signal && !same_session && (sigaction(SIGINT, &action, NULL)
+ || sigaction(SIGQUIT, &action, NULL)))
+ {
+ error (0, errno, _("cannot set signal handler"));
+ caught_signal = true;
+ }
}
if (!caught_signal)
{
@@ -747,7 +766,10 @@ usage (int status)
Change the effective user id and group id to that of USER.\n\
\n\
-, -l, --login make the shell a login shell\n\
- -c, --command=COMMAND pass a single COMMAND to the shell with -c\n\
+ -c, --commmand=COMMAND pass a single COMMAND to the shell with -c\n\
+ and start a new session for it\n\
+ -C, --session-command=COMMAND pass a single COMMAND to the shell with -c\n\
+ and do not create a new session\n\
-f, --fast pass -f to the shell (for csh or tcsh)\n\
-m, --preserve-environment do not reset environment variables\n\
-p same as -m\n\
@@ -770,6 +792,7 @@ main (int argc, char **argv)
int optc;
const char *new_user = DEFAULT_USER;
char *command = NULL;
+ int request_same_session = 0;
char *shell = NULL;
struct passwd *pw;
struct passwd pw_copy;
@@ -787,12 +810,19 @@ main (int argc, char **argv)
simulate_login = false;
change_environment = true;
- while ((optc = getopt_long (argc, argv, "c:flmps:", longopts, NULL)) != -1)
+ while ((optc = getopt_long (argc, argv, "c:C:flmps:", longopts, NULL)) != -1)
{
switch (optc)
{
case 'c':
command = optarg;
+ if (NULL != getenv("SU_C_SAME_SESSION"))
+ request_same_session = 1;
+ break;
+
+ case 'C':
+ command = optarg;
+ request_same_session = 1;
break;
case 'f':
@@ -865,6 +895,9 @@ main (int argc, char **argv)
}
#endif
+ if (request_same_session || !command || !pw->pw_uid)
+ same_session = 1;
+
if (!shell && !change_environment)
shell = getenv ("SHELL");
if (shell && getuid () != 0 && restricted_shell (pw->pw_shell))
@@ -886,6 +919,8 @@ main (int argc, char **argv)
#endif
change_identity (pw);
+ if (!same_session)
+ setsid ();
/* Set environment after pam_open_session, which may put KRB5CCNAME
into the pam_env, etc. */
Index: doc/coreutils.texi
===================================================================
--- doc/coreutils.texi.orig 2012-03-27 03:56:34.792880749 +0200
+++ doc/coreutils.texi 2012-03-27 03:56:34.864879002 +0200
@@ -15501,6 +15501,10 @@ This version of @command{su} has support
authentication. You can edit @file{/etc/pam.d/su} resp @file{/etc/pam.d/su-l}
to customize its behaviour.
+ If the environment variable SU_C_SAME_SESSION is set, su will
+not open a new session for running a command so that @option{-c} behaves
+just like @option{-C}.
+
The program accepts the following options. Also see @ref{Common options}.
@table @samp
@@ -15509,7 +15513,16 @@ The program accepts the following option
@opindex -c
@opindex --command
Pass @var{command}, a single command line to run, to the shell with
-a @option{-c} option instead of starting an interactive shell.
+a @option{-c} option instead of starting an interactive shell. Unless
+SU_C_SAME_SESSION is set, the shell is started in its own session.
+
+@item -C @var{command}
+@itemx --same-session=@var{command}
+@opindex -C
+@opindex --same-session
+Pass COMMAND, a single command line to run, to the shell with a
+@option{-c} option instead of starting an interactive and do not create
+a new session for it.
@item -f
@itemx --fast
++++++ coreutils-cp-corrupt-fragmented-sparse.patch ++++++
commit 64aef5fb9afecc023a6e719da161dbbf450908b8
Author: Jim Meyering
Date: Tue Oct 16 17:43:49 2012 +0200
cp: avoid data-corrupting free-memory-read
NEWS entry:
cp could read from freed memory and could even make corrupt copies.
This could happen with a very fragmented and sparse input file,
on GNU/Linux file systems supporting fiemap extent scanning.
This bug also affects mv when it resorts to copying, and install.
[bug introduced in coreutils-8.11]
* src/extent-scan.c (extent_scan_read): Reset our last_ei
pointer whenever the parent buffer might have just been freed.
* tests/cp/fiemap-extent-FMR.sh: New test.
* tests/local.mk (all_tests): Add it.
* NEWS (Bug fixes): Mention it.
Reported by Mike Gerth in http://bugs.gnu.org/12656, and with
help from Alan Curry. Bug introduced in commit v8.10-60-g18f5a85.
Index: src/extent-scan.c
===================================================================
--- src/extent-scan.c.orig
+++ src/extent-scan.c
@@ -89,7 +89,7 @@ extern bool
extent_scan_read (struct extent_scan *scan)
{
unsigned int si = 0;
- struct extent_info *last_ei IF_LINT ( = scan->ext_info);
+ struct extent_info *last_ei = scan->ext_info;
while (true)
{
@@ -127,8 +127,14 @@ extent_scan_read (struct extent_scan *sc
assert (scan->ei_count <= SIZE_MAX - fiemap->fm_mapped_extents);
scan->ei_count += fiemap->fm_mapped_extents;
- scan->ext_info = xnrealloc (scan->ext_info, scan->ei_count,
- sizeof (struct extent_info));
+ {
+ /* last_ei points into a buffer that may be freed via xnrealloc.
+ Record its offset and adjust after allocation. */
+ size_t prev_idx = last_ei - scan->ext_info;
+ scan->ext_info = xnrealloc (scan->ext_info, scan->ei_count,
+ sizeof (struct extent_info));
+ last_ei = scan->ext_info + prev_idx;
+ }
unsigned int i = 0;
for (i = 0; i < fiemap->fm_mapped_extents; i++)
Index: tests/cp/fiemap-FMR
===================================================================
--- /dev/null
+++ tests/cp/fiemap-FMR
@@ -0,0 +1,31 @@
+#!/bin/sh
+# Trigger a free-memory read bug in cp from coreutils-[8.11..8.19]
+
+# Copyright (C) 2012 Free Software Foundation, Inc.
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see http://www.gnu.org/licenses/.
+
+. "${srcdir=.}/init.sh"; path_prepend_ ./src
+print_ver_ cp
+
+require_valgrind_
+require_perl_
+: ${PERL=perl}
+
+$PERL -e 'for (1..600) { sysseek (*STDOUT, 4096, 1)' \
+ -e '&& syswrite (*STDOUT, "a" x 1024) or die "$!"}' > j || fail=1
+valgrind --quiet --error-exitcode=3 cp j j2 || fail=1
+cmp j j2 || fail=1
+
+Exit $fail
Index: tests/Makefile.am
===================================================================
--- tests/Makefile.am.orig
+++ tests/Makefile.am
@@ -331,6 +331,7 @@ TESTS = \
cp/existing-perm-race \
cp/fail-perm \
cp/fiemap-empty \
+ cp/fiemap-FMR \
cp/fiemap-perf \
cp/fiemap-2 \
cp/file-perm-race \
++++++ coreutils-fix_tac.patch ++++++
From cdd328f232a93fb40aec25d0681ef191eaeba2da Mon Sep 17 00:00:00 2001
From: Jim Meyering
Date: Sun, 16 Oct 2011 10:35:56 +0200
Subject: [PATCH 1/3] maint: tac: remove sole use of sprintf in favor of
stpcpy
* src/tac.c (copy_to_temp): Use stpcpy rather than sprintf.
Move some declarations "down" to point of initialization.
---
src/tac.c | 17 +++++++----------
1 files changed, 7 insertions(+), 10 deletions(-)
Index: src/tac.c
===================================================================
--- src/tac.c.orig 2011-02-19 18:17:03.000000000 +0100
+++ src/tac.c 2011-10-17 15:46:27.879485098 +0200
@@ -426,20 +426,17 @@ copy_to_temp (FILE **g_tmp, char **g_tem
{
static char *template = NULL;
static char const *tempdir;
- char *tempfile;
- FILE *tmp;
- int fd;
if (template == NULL)
{
- char const * const Template = "%s/tacXXXXXX";
+ char const * const Template = "tacXXXXXX";
tempdir = getenv ("TMPDIR");
if (tempdir == NULL)
tempdir = DEFAULT_TMPDIR;
- /* Subtract 2 for `%s' and add 1 for the trailing NUL byte. */
- template = xmalloc (strlen (tempdir) + strlen (Template) - 2 + 1);
- sprintf (template, Template, tempdir);
+ /* Add 1 for the slash and one for the trailing NUL byte. */
+ template = xmalloc (strlen (tempdir) + strlen (Template) + 1 + 1);
+ stpcpy (stpcpy (stpcpy (template, tempdir), "/"), Template);
}
/* FIXME: there's a small window between a successful mkstemp call
@@ -451,21 +448,23 @@ copy_to_temp (FILE **g_tmp, char **g_tem
FIXME: clean up upon fatal signal. Don't block them, in case
$TMPFILE is a remote file system. */
- tempfile = template;
- fd = mkstemp (template);
+ char *tempfile = xstrdup (template);
+ int fd = mkstemp (tempfile);
if (fd < 0)
{
error (0, errno, _("cannot create temporary file in %s"),
quote (tempdir));
+ free (tempfile);
return false;
}
- tmp = fdopen (fd, (O_BINARY ? "w+b" : "w+"));
+ FILE *tmp = fdopen (fd, (O_BINARY ? "w+b" : "w+"));
if (! tmp)
{
error (0, errno, _("cannot open %s for writing"), quote (tempfile));
close (fd);
unlink (tempfile);
+ free (tempfile);
return false;
}
@@ -501,6 +500,7 @@ copy_to_temp (FILE **g_tmp, char **g_tem
Fail:
fclose (tmp);
+ free (tempfile);
return false;
}
@@ -512,8 +512,14 @@ tac_nonseekable (int input_fd, const cha
{
FILE *tmp_stream;
char *tmp_file;
- return (copy_to_temp (&tmp_stream, &tmp_file, input_fd, file)
- && tac_seekable (fileno (tmp_stream), tmp_file));
+
+ if (!copy_to_temp (&tmp_stream, &tmp_file, input_fd, file))
+ return false;
+
+ bool ok = tac_seekable (fileno (tmp_stream), tmp_file);
+ fclose (tmp_stream);
+ free (tmp_file);
+ return ok;
}
/* Print FILE in reverse, copying it to a temporary
Index: tests/Makefile.am
===================================================================
--- tests/Makefile.am.orig 2011-10-17 15:40:44.533154336 +0200
+++ tests/Makefile.am 2011-10-17 15:40:44.882149592 +0200
@@ -270,6 +270,7 @@ TESTS = \
misc/sum-sysv \
misc/tac \
misc/tac-continue \
+ misc/tac-2-nonseekable \
misc/tail \
misc/tee \
misc/tee-dash \
Index: tests/misc/tac-2-nonseekable
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ tests/misc/tac-2-nonseekable 2011-10-17 15:40:44.883149578 +0200
@@ -0,0 +1,27 @@
+#!/bin/sh
+# ensure that tac works with two or more non-seekable inputs
+
+# Copyright (C) 2011 Free Software Foundation, Inc.
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see http://www.gnu.org/licenses/.
+
+. "${srcdir=.}/init.sh"; path_prepend_ ../src
+print_ver_ tac
+
+echo x | tac - - > out 2> err || fail=1
+echo x > exp || fail=1
+compare out exp || fail=1
+compare err /dev/null || fail=1
+
+Exit $fail
++++++ coreutils-getaddrinfo.patch ++++++
Index: gnulib-tests/test-getaddrinfo.c
===================================================================
--- gnulib-tests/test-getaddrinfo.c.orig 2010-03-13 16:21:08.000000000 +0100
+++ gnulib-tests/test-getaddrinfo.c 2010-05-05 14:51:40.343025353 +0200
@@ -88,11 +88,7 @@ simple (char const *host, char const *se
the test merely because someone is down the country on their
in-law's farm. */
if (res == EAI_AGAIN)
- {
- skip++;
- fprintf (stderr, "skipping getaddrinfo test: no network?\n");
- return 77;
- }
+ return 0;
/* IRIX reports EAI_NONAME for "https". Don't fail the test
merely because of this. */
if (res == EAI_NONAME)
++++++ coreutils-gl_printf_safe.patch ++++++
Index: configure
===================================================================
--- configure.orig 2011-10-12 11:45:49.000000000 +0200
+++ configure 2011-10-13 16:01:35.584691275 +0200
@@ -3641,7 +3641,6 @@ as_fn_append ac_func_list " alarm"
as_fn_append ac_header_list " sys/statvfs.h"
as_fn_append ac_header_list " sys/select.h"
as_fn_append ac_func_list " nl_langinfo"
-gl_printf_safe=yes
as_fn_append ac_header_list " priv.h"
as_fn_append ac_header_list " pthread.h"
as_fn_append ac_header_list " utmp.h"
Index: m4/gnulib-comp.m4
===================================================================
--- m4/gnulib-comp.m4.orig 2011-10-09 19:02:39.000000000 +0200
+++ m4/gnulib-comp.m4 2011-10-13 16:02:07.582261432 +0200
@@ -1417,7 +1417,6 @@ gl_POSIXTM
gl_POSIXVER
gl_FUNC_PRINTF_FREXP
gl_FUNC_PRINTF_FREXPL
-m4_divert_text([INIT_PREPARE], [gl_printf_safe=yes])
gl_PRIV_SET
AC_CHECK_DECLS([program_invocation_name], [], [], [#include ])
AC_CHECK_DECLS([program_invocation_short_name], [], [], [#include ])
++++++ coreutils-i18n-infloop.patch ++++++
Index: src/sort.c
===================================================================
--- src/sort.c.orig 2011-01-05 14:27:40.227218942 +0100
+++ src/sort.c 2011-01-05 14:27:40.574228931 +0100
@@ -3134,7 +3134,8 @@ keycompare_mb (const struct line *a, con
if (MBLENGTH == (size_t)-2 || MBLENGTH == (size_t)-1) \
STATE = state_bak; \
if (!ignore) \
- COPY[NEW_LEN++] = TEXT[i++]; \
+ COPY[NEW_LEN++] = TEXT[i]; \
+ i++; \
continue; \
} \
\
++++++ coreutils-i18n-no-alloca.patch ++++++
From: Bernhard Voelker
Subject: sort, join, uniq: avoid segmentation fault with long input lines
The i18n patches used to make use of the alloca function which cannot
guarantee success, and the result can not be tested for success/failure.
From `man alloca`:
"If the allocation causes stack overflow, program behavior is undefined."
Simply replace all uses of alloca by xmalloc.
- Avoid segmentation fault in "join -i" with long line input
(bnc#798541, VUL-1)
Test case:
$ perl -e 'print "1","A"x50000000,"\r\n\r\n"' > /tmp/test.txt
$ join -i /tmp/test.txt /tmp/test.txt
* src/join.c: Instead of usig unreliable alloca() stack allocation,
use heap allocation via xmalloc()+free().
(coreutils-i18n.patch, from Philipp Thomas )
- Avoid segmentation fault in "sort -d" and "sort -M" with long line input
(bnc#798538, VUL-1)
Test cases:
$ perl -e 'print "1","A"x50000000,"\r\n\r\n"' | sort -d
$ perl -e 'print "1","A"x50000000,"\r\n\r\n"' | sort -M
* src/sort.c: Instead of usig unreliable alloca() stack allocation,
use heap allocation via xmalloc()+free().
(coreutils-i18n.patch, from Philipp Thomas )
- Avoid segmentation fault in "uniq" with long line input
(bnc#796243, VUL-1)
Test case:
$ perl -e 'print "1","\0"x50000000,"\r\n\r\n"' | uniq
* src/cut.c: Instead of usig unreliable alloca() stack allocation,
use heap allocation via xmalloc()+free().
(coreutils-i18n.patch)
---
src/join.c | 21 ++++++++++++++++++---
src/sort.c | 13 +++++++++----
src/uniq.c | 16 ++++++++++++----
3 files changed, 39 insertions(+), 11 deletions(-)
Index: src/join.c
===================================================================
--- src/join.c.orig
+++ src/join.c
@@ -478,6 +478,7 @@ keycmp (struct line const *line1, struct
size_t len[2]; /* Length of fields to compare. */
int diff;
int i, j;
+ int mallocd = 0;
if (jf_1 < line1->nfields)
{
@@ -519,7 +520,8 @@ keycmp (struct line const *line1, struct
for (i = 0; i < 2; i++)
{
- copy[i] = alloca (len[i] + 1);
+ mallocd = 1;
+ copy[i] = xmalloc (len[i] + 1);
for (j = 0; j < MIN (len[0], len[1]);)
{
@@ -559,7 +561,8 @@ keycmp (struct line const *line1, struct
{
for (i = 0; i < 2; i++)
{
- copy[i] = alloca (len[i] + 1);
+ mallocd = 1;
+ copy[i] = xmalloc (len[i] + 1);
for (j = 0; j < MIN (len[0], len[1]); j++)
copy[i][j] = toupper (beg[i][j]);
@@ -575,9 +578,21 @@ keycmp (struct line const *line1, struct
}
if (hard_LC_COLLATE)
- return xmemcoll ((char *) copy[0], len[0], (char *) copy[1], len[1]);
+ {
+ diff = xmemcoll ((char *) copy[0], len[0], (char *) copy[1], len[1]);
+
+ if (mallocd)
+ for (i = 0; i < 2; i++)
+ free (copy[i]);
+
+ return diff;
+ }
+
diff = memcmp (copy[0], copy[1], MIN (len[0], len[1]));
+ if (mallocd)
+ for (i = 0; i < 2; i++)
+ free (copy[i]);
if (diff)
return diff;
Index: src/sort.c
===================================================================
--- src/sort.c.orig
+++ src/sort.c
@@ -2830,13 +2830,13 @@ getmonth_mb (const char *s, size_t len,
if (len == 0)
return 0;
- month = (char *) alloca (len + 1);
+ month = (char *) xmalloc (len + 1);
- tmp = (char *) alloca (len + 1);
+ tmp = (char *) xmalloc (len + 1);
memcpy (tmp, s, len);
tmp[len] = '\0';
pp = (const char **)&tmp;
- month_wcs = (wchar_t *) alloca ((len + 1) * sizeof (wchar_t));
+ month_wcs = (wchar_t *) xmalloc ((len + 1) * sizeof (wchar_t));
memset (&state, '\0', sizeof(mbstate_t));
wclength = mbsrtowcs (month_wcs, pp, len + 1, &state);
@@ -2875,6 +2875,10 @@ getmonth_mb (const char *s, size_t len,
result = (!strncmp (month, monthtab[lo].name, strlen (monthtab[lo].name))
? monthtab[lo].val : 0);
+ free (month);
+ free (tmp);
+ free (month_wcs);
+
return result;
}
#endif
@@ -3136,7 +3140,7 @@ keycompare_mb (const struct line *a, con
{
if (ignore || translate)
{
- char *copy_a = (char *) alloca (lena + 1 + lenb + 1);
+ char *copy_a = xmalloc (lena + 1 + lenb + 1);
char *copy_b = copy_a + lena + 1;
size_t new_len_a, new_len_b;
size_t i, j;
@@ -3212,6 +3216,7 @@ keycompare_mb (const struct line *a, con
IGNORE_CHARS (new_len_b, lenb, textb, copy_b,
wc_b, mblength_b, state_b);
diff = xmemcoll (copy_a, new_len_a, copy_b, new_len_b);
+ free(copy_a);
}
else if (lena == 0)
diff = - NONZERO (lenb);
Index: src/uniq.c
===================================================================
--- src/uniq.c.orig
+++ src/uniq.c
@@ -349,14 +349,19 @@ different (char *old, char *new, size_t
{
size_t i;
- copy_old = alloca (oldlen + 1);
- copy_new = alloca (oldlen + 1);
+ copy_old = xmalloc (sizeof(char) * (oldlen + 1));
+ copy_new = xmalloc (sizeof(char) * (oldlen + 1));
for (i = 0; i < oldlen; i++)
{
copy_old[i] = toupper (old[i]);
copy_new[i] = toupper (new[i]);
}
+
+ bool rc = xmemcoll (copy_old, oldlen, copy_new, newlen);
+ free (copy_old);
+ free (copy_new);
+ return rc;
}
else
{
@@ -389,7 +394,7 @@ different_multi (const char *old, const
for (i = 0; i < 2; i++)
{
- copy[i] = alloca (len[i] + 1);
+ copy[i] = xmalloc (len[i] + 1);
for (j = 0, chars = 0; j < len[i] && chars < check_chars; chars++)
{
@@ -430,7 +435,10 @@ different_multi (const char *old, const
len[i] = j;
}
- return xmemcoll (copy[0], len[0], copy[1], len[1]);
+ int rc = xmemcoll (copy[0], len[0], copy[1], len[1]);
+ free (copy[0]);
+ free (copy[1]);
+ return rc;
}
#endif
++++++ coreutils-i18n-uninit.patch ++++++
Index: src/cut.c
===================================================================
--- src/cut.c.orig 2010-11-11 16:28:46.581137538 +0100
+++ src/cut.c 2010-11-11 16:30:04.886974551 +0100
@@ -868,7 +868,10 @@ cut_fields_mb (FILE *stream)
c = getc (stream);
empty_input = (c == EOF);
if (c != EOF)
- ungetc (c, stream);
+ {
+ ungetc (c, stream);
+ wc = 0;
+ }
else
wc = WEOF;
++++++ coreutils-invalid-ids.patch ++++++
While uid_t and gid_t are both unsigned, the values (uid_t) -1 and
(gid_t) -1 are reserved. A uid or gid argument of -1 to the chown(2)
system call means to leave the uid/gid unchanged. Catch this case
so that trying to set a uid or gid to -1 will result in an error.
Test cases:
chown 4294967295 file
chown :4294967295 file
chgrp 4294967295 file
Andreas Gruenbacher
Index: src/chgrp.c
===================================================================
--- src/chgrp.c.orig 2010-01-01 14:06:47.000000000 +0100
+++ src/chgrp.c 2010-05-05 14:03:28.279359192 +0200
@@ -89,7 +89,7 @@ parse_group (const char *name)
{
unsigned long int tmp;
if (! (xstrtoul (name, NULL, 10, &tmp, "") == LONGINT_OK
- && tmp <= GID_T_MAX))
+ && tmp <= GID_T_MAX && (gid_t) tmp != (gid_t) -1))
error (EXIT_FAILURE, 0, _("invalid group: %s"), quote (name));
gid = tmp;
}
++++++ coreutils-misc.patch ++++++
Index: gnulib-tests/test-isnanl.h
===================================================================
--- gnulib-tests/test-isnanl.h.orig 2011-10-09 19:02:27.000000000 +0200
+++ gnulib-tests/test-isnanl.h 2011-10-13 15:58:39.627054718 +0200
@@ -49,7 +49,7 @@ main ()
/* Quiet NaN. */
ASSERT (isnanl (NaNl ()));
-#if defined LDBL_EXPBIT0_WORD && defined LDBL_EXPBIT0_BIT
+#if defined LDBL_EXPBIT0_WORD && defined LDBL_EXPBIT0_BIT && 0
/* A bit pattern that is different from a Quiet NaN. With a bit of luck,
it's a Signalling NaN. */
{
@@ -91,6 +91,7 @@ main ()
{ LDBL80_WORDS (0xFFFF, 0x83333333, 0x00000000) };
ASSERT (isnanl (x.value));
}
+#if 0
/* The isnanl function should recognize Pseudo-NaNs, Pseudo-Infinities,
Pseudo-Zeroes, Unnormalized Numbers, and Pseudo-Denormals, as defined in
Intel IA-64 Architecture Software Developer's Manual, Volume 1:
@@ -124,6 +125,7 @@ main ()
ASSERT (isnanl (x.value));
}
#endif
+#endif
return 0;
}
Index: tests/misc/help-version
===================================================================
--- tests/misc/help-version.orig 2011-07-28 12:38:27.000000000 +0200
+++ tests/misc/help-version 2011-10-13 15:58:39.628054705 +0200
@@ -250,6 +250,7 @@ parted_setup () { args="-s $tmp_in mklab
for i in $built_programs; do
# Skip these.
case $i in chroot|stty|tty|false|chcon|runcon) continue;; esac
+ case $i in df) continue;; esac
rm -rf $tmp_in $tmp_in2 $tmp_dir $tmp_out $bigZ_in $zin $zin2
echo z |gzip > $zin
Index: tests/other-fs-tmpdir
===================================================================
--- tests/other-fs-tmpdir.orig 2011-07-28 12:38:27.000000000 +0200
+++ tests/other-fs-tmpdir 2011-10-13 16:01:02.181139986 +0200
@@ -44,6 +44,9 @@ for d in $CANDIDATE_TMP_DIRS; do
done
+# Autobuild hack
+test -f /bin/uname.bin && other_partition_tmpdir=
+
if test -z "$other_partition_tmpdir"; then
skip_ \
"requires a writable directory on a different disk partition,
++++++ coreutils-ptr_int_casts.patch ++++++
Index: src/join.c
===================================================================
--- src/join.c.orig 2010-11-11 16:29:37.000000000 +0100
+++ src/join.c 2010-11-11 17:04:33.776501344 +0100
@@ -1273,7 +1273,7 @@ main (int argc, char **argv)
case 't':
{
- char *newtab;
+ char *newtab = NULL;
size_t newtablen;
newtab = xstrdup (optarg);
#if HAVE_MBRTOWC
@@ -1295,7 +1295,7 @@ main (int argc, char **argv)
newtablen = 1;
if (! newtab)
{
- newtab = '\n'; /* '' => process the whole line. */
+ newtab = "\n"; /* '' => process the whole line. */
}
else if (optarg[1])
{
++++++ coreutils-remove_hostname_documentation.patch ++++++
Index: doc/coreutils.texi
===================================================================
--- doc/coreutils.texi.orig 2011-04-04 13:43:03.000000000 +0200
+++ doc/coreutils.texi 2011-04-04 13:47:21.655051052 +0200
@@ -66,7 +66,6 @@
* groups: (coreutils)groups invocation. Print group names a user is in.
* head: (coreutils)head invocation. Output the first part of files.
* hostid: (coreutils)hostid invocation. Print numeric host identifier.
-* hostname: (coreutils)hostname invocation. Print or set system name.
* id: (coreutils)id invocation. Print user identity.
* install: (coreutils)install invocation. Copy and change attributes.
* join: (coreutils)join invocation. Join lines on a common field.
@@ -197,7 +196,7 @@ Free Documentation License''.
* File name manipulation:: dirname basename pathchk mktemp
* Working context:: pwd stty printenv tty
* User information:: id logname whoami groups users who
-* System context:: date arch nproc uname hostname hostid uptime
+* System context:: date arch nproc uname hostid uptime
* SELinux context:: chcon runcon
* Modified command invocation:: chroot env nice nohup stdbuf su timeout
* Process control:: kill
@@ -414,7 +413,6 @@ System context
* date invocation:: Print or set system date and time
* nproc invocation:: Print the number of processors
* uname invocation:: Print system information
-* hostname invocation:: Print or set system name
* hostid invocation:: Print numeric host identifier
* uptime invocation:: Print system uptime and load
@@ -13761,7 +13759,6 @@ information.
* arch invocation:: Print machine hardware name.
* nproc invocation:: Print the number of processors.
* uname invocation:: Print system information.
-* hostname invocation:: Print or set system name.
* hostid invocation:: Print numeric host identifier.
* uptime invocation:: Print system uptime and load.
@end menu
@@ -14523,15 +14520,6 @@ easily available, as is the case with Li
Print the machine hardware name (sometimes called the hardware class
or hardware type).
-@item -n
-@itemx --nodename
-@opindex -n
-@opindex --nodename
-@cindex hostname
-@cindex node name
-@cindex network node name
-Print the network node hostname.
-
@item -p
@itemx --processor
@opindex -p
@@ -14585,30 +14573,6 @@ Print the kernel version.
@exitstatus
-
-@node hostname invocation
-@section @command{hostname}: Print or set system name
-
-@pindex hostname
-@cindex setting the hostname
-@cindex printing the hostname
-@cindex system name, printing
-@cindex appropriate privileges
-
-With no arguments, @command{hostname} prints the name of the current host
-system. With one argument, it sets the current host name to the
-specified string. You must have appropriate privileges to set the host
-name. Synopsis:
-
-@example
-hostname [@var{name}]
-@end example
-
-The only options are @option{--help} and @option{--version}. @xref{Common
-options}.
-
-@exitstatus
-
@node hostid invocation
@section @command{hostid}: Print numeric host identifier
Index: man/Makefile.am
===================================================================
--- man/Makefile.am.orig 2011-01-01 22:19:23.000000000 +0100
+++ man/Makefile.am 2011-01-05 14:27:40.742233767 +0100
@@ -197,7 +197,7 @@ check-x-vs-1:
@PATH=../src$(PATH_SEPARATOR)$$PATH; export PATH; \
t=$@-t; \
(cd $(srcdir) && ls -1 *.x) | sed 's/\.x$$//' | $(ASSORT) > $$t;\
- (echo $(dist_man1_MANS) $(NO_INSTALL_PROGS_DEFAULT) \
+ (echo $(dist_man1_MANS) $(NO_INSTALL_PROGS_DEFAULT) hostid \
| tr -s ' ' '\n' | sed 's/\.1$$//') \
| $(ASSORT) -u | diff - $$t || { rm $$t; exit 1; }; \
rm $$t
Index: man/Makefile.in
===================================================================
--- man/Makefile.in.orig 2011-01-04 12:23:07.000000000 +0100
+++ man/Makefile.in 2011-01-05 14:27:40.768234515 +0100
@@ -1641,7 +1641,7 @@ check-x-vs-1:
@PATH=../src$(PATH_SEPARATOR)$$PATH; export PATH; \
t=$@-t; \
(cd $(srcdir) && ls -1 *.x) | sed 's/\.x$$//' | $(ASSORT) > $$t;\
- (echo $(dist_man1_MANS) $(NO_INSTALL_PROGS_DEFAULT) \
+ (echo $(dist_man1_MANS) $(NO_INSTALL_PROGS_DEFAULT) hostid \
| tr -s ' ' '\n' | sed 's/\.1$$//') \
| $(ASSORT) -u | diff - $$t || { rm $$t; exit 1; }; \
rm $$t
++++++ coreutils-sysinfo.patch ++++++
Index: src/uname.c
===================================================================
--- src/uname.c.orig 2010-01-01 14:06:47.000000000 +0100
+++ src/uname.c 2010-05-05 13:58:03.471359120 +0200
@@ -339,6 +339,36 @@ main (int argc, char **argv)
# endif
}
#endif
+ if (element == unknown)
+ {
+ struct utsname name;
+ static char processor[sizeof (name.machine)];
+ if (uname (&name) != 0)
+ error (EXIT_FAILURE, errno, _("cannot get system name"));
+ strcpy (processor, name.machine);
+ element = processor;
+#ifdef __linux__
+ if (!strcmp (element, "i686"))
+ {
+ /* Check for Athlon */
+ char line[1024];
+ FILE *f = fopen ("/proc/cpuinfo", "r");
+ if (f)
+ {
+ while (fgets (line, sizeof (line), f) > 0)
+ {
+ if (strncmp (line, "vendor_id", 9) == 0)
+ {
+ if (strstr (line, "AuthenticAMD"))
+ element = "athlon";
+ break;
+ }
+ }
+ fclose (f);
+ }
+ }
+#endif
+ }
if (! (toprint == UINT_MAX && element == unknown))
print_element (element);
}
@@ -364,6 +394,18 @@ main (int argc, char **argv)
element = hardware_platform;
}
#endif
+ if (element == unknown)
+ {
+ struct utsname name;
+ static char hardware_platform[sizeof (name.machine)];
+ if (uname (&name) != 0)
+ error (EXIT_FAILURE, errno, _("cannot get system name"));
+ strcpy (hardware_platform, name.machine);
+ if (hardware_platform[0] == 'i' && hardware_platform[2] == '8'
+ && hardware_platform[3] == '6' && hardware_platform[4] == 0)
+ hardware_platform[1] = '3';
+ element = hardware_platform;
+ }
if (! (toprint == UINT_MAX && element == unknown))
print_element (element);
}
++++++ su.default ++++++
# Per default, only "su -" will set a new PATH.
# If this variable is changed to "yes" (default is "no"),
# every su call will overwrite the PATH variable.
ALWAYS_SET_PATH=no
# Default path.
PATH=/usr/local/bin:/bin:/usr/bin
# Default path for a user invoking su to root.
SUPATH=/usr/sbin:/bin:/usr/bin:/sbin
++++++ su.pamd ++++++
#%PAM-1.0
auth sufficient pam_rootok.so
auth include common-auth
account sufficient pam_rootok.so
account include common-account
password include common-password
session include common-session
session optional pam_xauth.so
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org