commit coreutils.1252 for openSUSE:12.1:Update

Hello community, here is the log from the commit of package coreutils.1252 for openSUSE:12.1:Update checked in at 2013-02-04 13:53:43 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.1:Update/coreutils.1252 (Old) and /work/SRC/openSUSE:12.1:Update/.coreutils.1252.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "coreutils.1252", Maintainer is "" Changes: -------- New Changes file: --- /dev/null 2013-01-09 19:40:42.352580873 +0100 +++ /work/SRC/openSUSE:12.1:Update/.coreutils.1252.new/coreutils.changes 2013-02-04 13:53:49.000000000 +0100 @@ -0,0 +1,2008 @@ +------------------------------------------------------------------- +Wed Jan 23 12:26:20 UTC 2013 - mail@bernhard-voelker.de + +- Avoid segmentation fault in "join -i" with long line input + (bnc#798541, VUL-1, CVE-2013-0223) + +- Avoid segmentation fault in "uniq" with long line input + (bnc#796243, VUL-1, CVE-2013-0222) + +- Avoid segmentation fault in "sort -d" and "sort -M" with long line input + (bnc#798538, VUL-1, CVE-2013-0221) + +------------------------------------------------------------------- +Mon Nov 26 13:27:07 CET 2012 - pth@suse.de + +- Set permissions on /bin/su, not the non-existant /usr/bin/su + (bnc#791026). + +------------------------------------------------------------------- +Tue Nov 6 23:33:47 UTC 2012 - mail@bernhard-voelker.de + +- Add coreutils-cp-corrupt-fragmented-sparse.patch from upstream: + + * cp could read from freed memory and could even make corrupt copies. + This could happen with a very fragmented and sparse input file, + on GNU/Linux file systems supporting fiemap extent scanning. + This bug also affects mv when it resorts to copying, and install. + [bug introduced in coreutils-8.11] + (bnc#788459, gnu#12656) + +------------------------------------------------------------------- +Fri Sep 21 09:35:45 UTC 2012 - froh@suse.com + +- fix coreutils-8.9-singlethreaded-sort.patch to honor + OMP_NUM_THREADS again. (bnc#781992) + +------------------------------------------------------------------- +Fri Apr 27 12:54:33 CEST 2012 - pth@suse.de + +- Make stdbuf binary find libstdbuf.so by looking in the right + path (bnc#741241). + +------------------------------------------------------------------- +Tue Mar 27 02:47:16 CEST 2012 - pth@suse.de + +- Add support for environment variable SU_C_SAME_SESSION + that makes -c behave like -C and document it in + coreutils.info and su(1) (bnc#697897). + +------------------------------------------------------------------- +Mon Oct 17 15:25:21 CEST 2011 - pth@suse.de + +- Add upstream patch that fixes three bugs in tac: + - remove sole use of sprintf in favor of stpcpy + - don't misbehave with multiple non-seekable inputs + - don't leak a file descriptor for each non-seekable input + +------------------------------------------------------------------- +Fri Oct 14 16:51:48 CEST 2011 - pth@suse.de + +- Uniformly use german quotes not french ones in german messages. + +------------------------------------------------------------------- +Thu Oct 13 16:07:16 CEST 2011 - pth@suse.de + +- Update to 8.14. Changes since 8.12: + Bug fixes: + + - ls --dereference no longer outputs erroneous "argetm" strings for + dangling symlinks when an 'ln=target' entry is in $LS_COLORS. + [bug introduced in fileutils-4.0] + + - ls -lL symlink once again properly prints "+" when the referent has + an ACL. [bug introduced in coreutils-8.13] + + - sort -g no longer infloops for certain inputs containing NaNs [bug + introduced in coreutils-8.5] + + - chown and chgrp with the -v --from= options, now output the correct + owner. I.E. for skipped files, the original ownership is output, + not the new one. [bug introduced in sh-utils-2.0g] + + - cp -r could mistakenly change the permissions of an existing + destination directory. [bug introduced in coreutils-6.8] + + - cp -u -p would fail to preserve one hard link for each up-to-date + copy of a src-hard-linked name in the destination tree. I.e., if + s/a and s/b are hard-linked and dst/s/a is up to date, "cp -up s + dst" would copy s/b to dst/s/b rather than simply linking dst/s/b + to dst/s/a. [This bug appears to have been present in "the + beginning".] + + - fts-using tools (rm, du, chmod, chgrp, chown, chcon) no longer use + memory proportional to the number of entries in each directory they + process. Before, rm -rf 4-million-entry-directory would consume + about 1GiB of memory. Now, it uses less than 30MB, no matter how + many entries there are. [this bug was inherent in the use of fts: + thus, for rm the bug was introduced in coreutils-8.0. The prior + implementation of rm did not use as much memory. du, chmod, chgrp + and chown started using fts in 6.0. chcon was added in + coreutils-6.9.91 with fts support. ] + + - pr -T no longer ignores a specified LAST_PAGE to stop at. [bug + introduced in textutils-1.19q] + + - printf '%d' '"' no longer accesses out-of-bounds memory in the + diagnostic. [bug introduced in sh-utils-1.16] + + - split --number l/... no longer creates extraneous files in certain + cases. [bug introduced in coreutils-8.8] + + - timeout now sends signals to commands that create their own process + group. timeout is no longer confused when starting off with a + child process. [bugs introduced in coreutils-7.0] + + - unexpand -a now aligns correctly when there are spaces spanning a + tabstop, followed by a tab. In that case a space was dropped, + causing misalignment. We also now ensure that a space never + precedes a tab. [bug introduced in coreutils-5.3.0] + + New features: + + - date now accepts ISO 8601 date-time strings with "T" as the + separator. It has long parsed dates like "2004-02-29 16:21:42" + with a space between the date and time strings. Now it also parses + "2004-02-29T16:21:42" and fractional-second and time-zone-annotated + variants like "2004-02-29T16:21:42.333-07:00" + - md5sum accepts the new --strict option. With --check, it makes the + tool exit non-zero for any invalid input line, rather than just warning. + This also affects sha1sum, sha224sum, sha384sum and sha512sum. + + - split accepts a new --filter=CMD option. With it, split filters + output through CMD. CMD may use the $FILE environment variable, + which is set to the nominal output file name for each invocation of + CMD. For example, to split a file into 3 approximately equal + parts, which are then compressed: + + split -n3 --filter='xz > $FILE.xz' big + + Note the use of single quotes, not double quotes. That creates + files named xaa.xz, xab.xz and xac.xz. + + - timeout accepts a new --foreground option, to support commands not + started directly from a shell prompt, where the command is + interactive or needs to receive signals initiated from the + terminal. + + Improvements: + + - md5sum --check now supports the -r format from the corresponding + BSD tool. This also affects sha1sum, sha224sum, sha384sum and + sha512sum. + + - pwd now works also on systems without openat. On such systems, pwd + would fail when run from a directory whose absolute name contained + more than PATH_MAX / 3 components. The df, stat and readlink + programs are also affected due to their use of the canonicalize_* + functions. + + - join --check-order now prints "join: FILE:LINE_NUMBER: bad_line" + for an unsorted input, rather than e.g., "join: file 1 is not in + sorted order". + + - shuf outputs small subsets of large permutations much more + efficiently. For example `shuf -i1-$((2**32-1)) -n2` no longer + exhausts memory. + + - stat -f now recognizes the GPFS, MQUEUE and PSTOREFS file system + types. + + - timeout now supports sub-second timeouts. + + Changes in behavior: + + - chmod, chown and chgrp now output the original attributes in + messages, when -v or -c specified. + + - cp -au (where --preserve=links is implicit) may now replace newer + files in the destination, to mirror hard links from the source. + +------------------------------------------------------------------- +Sat Sep 17 23:29:33 UTC 2011 - jengelh@medozas.de + +- Remove redundant tags/sections from specfile + +------------------------------------------------------------------- +Tue Aug 2 00:26:05 UTC 2011 - lchiquitto@suse.com + +- file-has-acl: use acl_extended_file_nofollow if available to + avoid triggering unwanted AutoFS mounts (bnc#701659). + +------------------------------------------------------------------- +Tue May 3 16:42:41 CEST 2011 - pth@suse.de + +- Remove services. + +------------------------------------------------------------------- ++++ 1811 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.1:Update/.coreutils.1252.new/coreutils.changes New: ---- baselibs.conf coreutils-8.14.de.po.xz coreutils-8.14.tar.xz coreutils-8.6-compile-su-with-fpie.diff coreutils-8.6-honor-settings-in-etc-default-su-resp-etc-login.defs.diff coreutils-8.6-i18n.patch coreutils-8.6-log-all-su-attempts.diff coreutils-8.6-make-sure-sbin-resp-usr-sbin-are-in-PATH.diff coreutils-8.6-pam-support-for-su.diff coreutils-8.6-set-sane-default-path.diff coreutils-8.6-update-man-page-for-pam.diff coreutils-8.9-singlethreaded-sort.patch coreutils-acl-nofollow.patch coreutils-bnc#697897-setsid.patch coreutils-cp-corrupt-fragmented-sparse.patch coreutils-fix_tac.patch coreutils-getaddrinfo.patch coreutils-gl_printf_safe.patch coreutils-i18n-infloop.patch coreutils-i18n-no-alloca.patch coreutils-i18n-uninit.patch coreutils-invalid-ids.patch coreutils-misc.patch coreutils-ptr_int_casts.patch coreutils-remove_hostname_documentation.patch coreutils-sysinfo.patch coreutils.changes coreutils.spec su.default su.pamd ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ coreutils.spec ++++++ # # spec file for package coreutils # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: coreutils Summary: GNU Core Utilities License: GFDL-1.2 and GPL-2.0+ and GPL-3.0+ Group: System/Base BuildRequires: help2man BuildRequires: libacl-devel BuildRequires: libcap-devel BuildRequires: libselinux-devel BuildRequires: pam-devel BuildRequires: xz Url: http://www.gnu.org/software/coreutils/ Version: 8.14 Release: 0 Provides: fileutils = %{version} Provides: mktemp = %{version} Provides: sh-utils = %{version} Provides: stat = %{version} Provides: textutils = %{version} Obsoletes: fileutils < %{version} Obsoletes: libselinux <= 1.23.11-3 Obsoletes: libselinux-32bit = 9 Obsoletes: libselinux-64bit = 9 Obsoletes: libselinux-x86 = 9 Obsoletes: mktemp < %{version} Obsoletes: sh-utils < %{version} Obsoletes: stat < %version} Obsoletes: textutils < %{version} PreReq: %{install_info_prereq} Recommends: %{name}-lang = %version Requires: pam >= 1.1.1.90 Source: coreutils-%{version}.tar.xz Source1: su.pamd Source2: su.default Source3: baselibs.conf Source4: coreutils-8.14.de.po.xz Patch0: coreutils-misc.patch Patch1: coreutils-remove_hostname_documentation.patch Patch2: coreutils-gl_printf_safe.patch Patch4: coreutils-8.6-i18n.patch Patch5: coreutils-i18n-uninit.patch Patch6: coreutils-i18n-infloop.patch Patch8: coreutils-sysinfo.patch Patch16: coreutils-invalid-ids.patch Patch20: coreutils-8.6-pam-support-for-su.diff Patch21: coreutils-8.6-update-man-page-for-pam.diff Patch22: coreutils-8.6-log-all-su-attempts.diff Patch23: coreutils-8.6-set-sane-default-path.diff Patch24: coreutils-8.6-honor-settings-in-etc-default-su-resp-etc-login.defs.diff Patch25: coreutils-8.6-make-sure-sbin-resp-usr-sbin-are-in-PATH.diff # Patch30: coreutils-8.6-compile-su-with-fpie.diff Patch31: coreutils-getaddrinfo.patch Patch32: coreutils-ptr_int_casts.patch Patch33: coreutils-8.9-singlethreaded-sort.patch Patch34: coreutils-bnc#697897-setsid.patch Patch35: coreutils-acl-nofollow.patch Patch36: coreutils-fix_tac.patch #PATCH-FIX-UPSTREAM will be included in 8.20 [bnc#788459, bnc#788461] Patch37: coreutils-cp-corrupt-fragmented-sparse.patch #PATCH-FIX-SUSE avoid crashes due to alloca() in SUSE's i18n patch. Patch38: coreutils-i18n-no-alloca.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build # this will create a cycle, broken up randomly - coreutils is just too core to have other # prerequires #PreReq: permissions %description Basic file, shell, and text manipulation utilities. The package contains the following programs: [ arch base64 basename cat chcon chgrp chmod chown chroot cksum comm cp csplit cut date dd df dir dircolors dirname du echo env expand expr factor false fmt fold groups head id install join kill link ln logname ls md5sum mkdir mkfifo mknod mktemp mv nice nl nohup od paste pathchk pinky pr printenv printf ptx pwd readlink rm rmdir runcon seq sha1sum sha224sum sha256sum sha384sum sha512sum shred shuf sleep sort split stat stty su sum sync tac tail tee test timeout touch tr true tsort tty uname unexpand uniq unlink uptime users vdir wc who whoami yes %lang_package %prep %setup -q %patch4 %patch5 %patch6 %patch0 %patch1 %patch2 %patch8 %patch16 %patch20 %patch21 %patch22 -p1 %patch23 -p1 %patch24 -p1 %patch25 -p1 # %patch30 -p1 %patch31 %patch32 %patch33 %patch34 %patch35 %patch36 %patch37 %patch38 xz -dc %{S:4} >po/de.po %build AUTOPOINT=true autoreconf -fi export CFLAGS="%optflags -Wall" %configure --libexecdir=%{_libdir} \ --without-included-regex \ --enable-install-program=arch,su \ gl_cv_func_printf_directive_n=yes \ gl_cv_func_isnanl_works=yes \ DEFAULT_POSIX2_VERSION=199209 make -C po update-po make %{?_smp_mflags} V=1 %install %makeinstall pkglibexecdir=%{_libdir}/%{name} test -f %{buildroot}%{_bindir}/su || \ install src/su %{buildroot}%{_bindir}/su install -d %{buildroot}/bin for i in arch basename cat chgrp chmod chown cp date dd df echo false kill ln ls mkdir mknod mktemp mv pwd rm rmdir sleep sort stat stty su sync touch true uname readlink md5sum do mv %{buildroot}%{_bindir}/$i %{buildroot}/bin/$i test $i = su && echo -n '%%attr(4755,root,root) ' echo /bin/$i done > bin.files ln -sf ../../bin/{basename,sort,stat,touch,readlink,md5sum} %{buildroot}%{_bindir} install -d -m 755 %{buildroot}/etc/pam.d install -m 644 %{S:1} %{buildroot}/etc/pam.d/su install -m 644 %{S:1} %{buildroot}/etc/pam.d/su-l install -d -m 755 %{buildroot}/etc/default install -m 644 %{S:2} %{buildroot}/etc/default/su echo '.so man1/test.1' > %{buildroot}/%{_mandir}/man1/\[.1 %find_lang %name %post %install_info --info-dir=%{_infodir} %{_infodir}/coreutils.info.gz # may fail if permissions is not there, but there is no way around that %set_permissions /bin/su %postun %install_info_delete --info-dir=%{_infodir} %{_infodir}/coreutils.info.gz %verifyscript %verify_permissions -e /bin/su %files -f bin.files %defattr(-,root,root) %doc README NEWS %config %{_sysconfdir}/pam.d/su %config %{_sysconfdir}/pam.d/su-l %config(noreplace) %{_sysconfdir}/default/su %{_bindir}/* %{_libdir}/%{name} %doc %{_infodir}/coreutils.info*.gz %doc %{_mandir}/man1/*.1.gz %dir %{_prefix}/share/locale/*/LC_TIME %files lang -f %name.lang %defattr(-,root,root) %changelog ++++++ baselibs.conf ++++++ targettype x86 package coreutils +^/bin/uname$ prereq -glibc-x86 ++++++ coreutils-8.6-compile-su-with-fpie.diff ++++++

From d1a49cccf99373293a88f5bce74857d5bb813e46 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Tue, 17 Aug 2010 09:21:22 +0200 Subject: [PATCH 7/7] compile su with -fpie

--- lib/Makefile.am | 2 +- src/Makefile.am | 5 +++++ 2 files changed, 6 insertions(+), 1 deletions(-) diff --git a/lib/Makefile.am b/lib/Makefile.am index b4a591b..059928e 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -17,7 +17,7 @@ include gnulib.mk -AM_CFLAGS += $(GNULIB_WARN_CFLAGS) $(WERROR_CFLAGS) +AM_CFLAGS += $(GNULIB_WARN_CFLAGS) $(WERROR_CFLAGS) -fpie libcoreutils_a_SOURCES += \ buffer-lcm.c buffer-lcm.h diff --git a/src/Makefile.am b/src/Makefile.am index 484f6c2..17600af 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -355,6 +355,11 @@ uptime_LDADD += $(GETLOADAVG_LIBS) su_SOURCES = su.c getdef.c su_LDADD += $(LIB_CRYPT) $(PAM_LIBS) +su_CFLAGS = -fpie +su_LDFLAGS = -pie +timeout_CFLAGS = -fpie +timeout_LDFLAGS = -pie + # for various ACL functions copy_LDADD += $(LIB_ACL) ls_LDADD += $(LIB_ACL) -- 1.7.1 ++++++ coreutils-8.6-honor-settings-in-etc-default-su-resp-etc-login.defs.diff ++++++

From d776b1b67eb1bc1b815426fdf22f38b25ef1e2df Mon Sep 17 00:00:00 2001 From: Ludwig Nussel Date: Mon, 9 Aug 2010 16:03:12 +0200 Subject: [PATCH 5/7] honor settings in /etc/default/su resp /etc/login.defs

--- src/Makefile.am | 1 + src/getdef.c | 259 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ src/getdef.h | 29 ++++++ src/su.c | 13 +++- 4 files changed, 300 insertions(+), 2 deletions(-) create mode 100644 src/getdef.c create mode 100644 src/getdef.h diff --git a/src/Makefile.am b/src/Makefile.am index bc27274..484f6c2 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -352,6 +352,7 @@ factor_LDADD += $(LIB_GMP) uptime_LDADD += $(GETLOADAVG_LIBS) # for crypt and pam +su_SOURCES = su.c getdef.c su_LDADD += $(LIB_CRYPT) $(PAM_LIBS) # for various ACL functions diff --git a/src/getdef.c b/src/getdef.c new file mode 100644 index 0000000..e1872cf --- /dev/null +++ b/src/getdef.c @@ -0,0 +1,259 @@ +/* Copyright (C) 2003, 2004, 2005 Thorsten Kukuk + Author: Thorsten Kukuk + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License version 2 as + published by the Free Software Foundation. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software Foundation, + Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#define _GNU_SOURCE + +#include +#include +#include +#include +#include +#include + +#include "getdef.h" + +struct item { + char *name; /* Name of the option. */ + char *value; /* Value of the option. */ + struct item *next; /* Pointer to next option. */ +}; + +static struct item *list = NULL; + +void +free_getdef_data (void) +{ + struct item *ptr; + + ptr = list; + while (ptr != NULL) + { + struct item *tmp; + tmp = ptr->next; + free (ptr->name); + free (ptr->value); + free (ptr); + ptr = tmp; + } + + list = NULL; +} + +/* Add a new entry to the list. */ +static void +store (const char *name, const char *value) +{ + struct item *new = malloc (sizeof (struct item)); + + if (new == NULL) + abort (); + + if (name == NULL) + abort (); + + new->name = strdup (name); + new->value = strdup (value ?: ""); + new->next = list; + list = new; +} + +/* Search a special entry in the list and return the value. */ +static const char * +search (const char *name) +{ + struct item *ptr; + + ptr = list; + while (ptr != NULL) + { + if (strcasecmp (name, ptr->name) == 0) + return ptr->value; + ptr = ptr->next; + } + + return NULL; +} + +/* Load the login.defs file (/etc/login.defs). */ +static void +load_defaults_internal (const char *filename) +{ + FILE *fp; + char *buf = NULL; + size_t buflen = 0; + + fp = fopen (filename, "r"); + if (NULL == fp) + return; + + while (!feof (fp)) + { + char *tmp, *cp; +#if defined(HAVE_GETLINE) + ssize_t n = getline (&buf, &buflen, fp); +#elif defined (HAVE_GETDELIM) + ssize_t n = getdelim (&buf, &buflen, '\n', fp); +#else + ssize_t n; + + if (buf == NULL) + { + buflen = 8096; + buf = malloc (buflen); + } + buf[0] = '\0'; + fgets (buf, buflen - 1, fp); + if (buf != NULL) + n = strlen (buf); + else + n = 0; +#endif /* HAVE_GETLINE / HAVE_GETDELIM */ + cp = buf; + + if (n < 1) + break; + + tmp = strchr (cp, '#'); /* remove comments */ + if (tmp) + *tmp = '\0'; + while (isspace ((unsigned char) *cp)) /* remove spaces and tabs */ + ++cp; + if (*cp == '\0') /* ignore empty lines */ + continue; + + if (cp[strlen (cp) - 1] == '\n') + cp[strlen (cp) - 1] = '\0'; + + tmp = strsep (&cp, " \t="); + if (cp != NULL) + while (isspace ((unsigned char) *cp) || *cp == '=') + ++cp; + + store (tmp, cp); + } + fclose (fp); + + if (buf) + free (buf); +} + +static void +load_defaults (void) +{ + load_defaults_internal ("/etc/default/su"); + load_defaults_internal ("/etc/login.defs"); +} + +int +getdef_bool (const char *name, int dflt) +{ + const char *val; + + if (list == NULL) + load_defaults (); + + val = search (name); + + if (val == NULL) + return dflt; + + return (strcasecmp (val, "yes") == 0); +} + +long +getdef_num (const char *name, long dflt) +{ + const char *val; + char *cp; + long retval; + + if (list == NULL) + load_defaults (); + + val = search (name); + + if (val == NULL) + return dflt; + + errno = 0; + retval = strtol (val, &cp, 0); + if (*cp != '\0' + || ((retval == LONG_MAX || retval == LONG_MIN) && errno == ERANGE)) + { + fprintf (stderr, + "%s contains invalid numerical value: %s!\n", + name, val); + retval = dflt; + } + return retval; +} + +unsigned long +getdef_unum (const char *name, unsigned long dflt) +{ + const char *val; + char *cp; + unsigned long retval; + + if (list == NULL) + load_defaults (); + + val = search (name); + + if (val == NULL) + return dflt; + + errno = 0; + retval = strtoul (val, &cp, 0); + if (*cp != '\0' || (retval == ULONG_MAX && errno == ERANGE)) + { + fprintf (stderr, + "%s contains invalid numerical value: %s!\n", + name, val); + retval = dflt; + } + return retval; +} + +const char * +getdef_str (const char *name, const char *dflt) +{ + const char *retval; + + if (list == NULL) + load_defaults (); + + retval = search (name); + + return retval ?: dflt; +} + +#if defined(TEST) + +int +main () +{ + printf ("CYPT=%s\n", getdef_str ("cRypt", "no")); + printf ("LOG_UNKFAIL_ENAB=%s\n", getdef_str ("log_unkfail_enab","")); + printf ("DOESNOTEXIST=%s\n", getdef_str ("DOESNOTEXIST","yes")); + return 0; +} + +#endif diff --git a/src/getdef.h b/src/getdef.h new file mode 100644 index 0000000..2e86cf9 --- /dev/null +++ b/src/getdef.h @@ -0,0 +1,29 @@ +/* Copyright (C) 2003, 2005 Thorsten Kukuk + Author: Thorsten Kukuk + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License version 2 as + published by the Free Software Foundation. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software Foundation, + Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ + +#ifndef _GETDEF_H_ + +#define _GETDEF_H_ 1 + +extern int getdef_bool (const char *name, int dflt); +extern long getdef_num (const char *name, long dflt); +extern unsigned long getdef_unum (const char *name, unsigned long dflt); +extern const char *getdef_str (const char *name, const char *dflt); + +/* Free all data allocated by getdef_* calls before. */ +extern void free_getdef_data (void); + +#endif /* _GETDEF_H_ */ diff --git a/src/su.c b/src/su.c index 0071622..eaef195 100644 --- a/src/su.c +++ b/src/su.c @@ -111,6 +111,8 @@ # include #endif +#include "getdef.h" + /* The default PATH for simulated logins to non-superuser accounts. */ #define DEFAULT_LOGIN_PATH "/usr/local/bin:/bin:/usr/bin" @@ -475,8 +477,8 @@ modify_environment (const struct passwd *pw, const char *shell) xsetenv ("USER", pw->pw_name); xsetenv ("LOGNAME", pw->pw_name); xsetenv ("PATH", (pw->pw_uid - ? DEFAULT_LOGIN_PATH - : DEFAULT_ROOT_LOGIN_PATH)); + ? getdef_str ("PATH", DEFAULT_LOGIN_PATH) + : getdef_str ("SUPATH", DEFAULT_ROOT_LOGIN_PATH))); } else { @@ -486,6 +488,12 @@ modify_environment (const struct passwd *pw, const char *shell) { xsetenv ("HOME", pw->pw_dir); xsetenv ("SHELL", shell); + if (getdef_bool ("ALWAYS_SET_PATH", 0)) + xsetenv ("PATH", (pw->pw_uid + ? getdef_str ("PATH", + DEFAULT_LOGIN_PATH) + : getdef_str ("SUPATH", + DEFAULT_ROOT_LOGIN_PATH))); if (pw->pw_uid) { xsetenv ("USER", pw->pw_name); @@ -720,6 +728,7 @@ main (int argc, char **argv) #ifdef SYSLOG_FAILURE log_su (pw, false); #endif + sleep (getdef_num ("FAIL_DELAY", 1)); error (EXIT_CANCELED, 0, _("incorrect password")); } #ifdef SYSLOG_SUCCESS -- 1.7.1 ++++++ coreutils-8.6-i18n.patch ++++++ ++++ 4160 lines (skipped) ++++++ coreutils-8.6-log-all-su-attempts.diff ++++++

From f2ea0c33d8c25ee40e7fe7a16d0994c8069bc120 Mon Sep 17 00:00:00 2001 From: Ludwig Nussel Date: Tue, 17 Aug 2010 13:22:01 +0200 Subject: [PATCH 3/7] log all su attempts

--- src/su.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/src/su.c b/src/su.c index 1d3d007..2a9e423 100644 --- a/src/su.c +++ b/src/su.c @@ -75,6 +75,9 @@ #if HAVE_SYSLOG_H && HAVE_SYSLOG # include +# define SYSLOG_SUCCESS 1 +# define SYSLOG_FAILURE 1 +# define SYSLOG_NON_ROOT 1 #else # undef SYSLOG_SUCCESS # undef SYSLOG_FAILURE -- 1.7.1 ++++++ coreutils-8.6-make-sure-sbin-resp-usr-sbin-are-in-PATH.diff ++++++

From b43728c1f0c7abe90e73369542564d3ad4704963 Mon Sep 17 00:00:00 2001 From: Werner Fink Date: Tue, 17 Aug 2010 09:09:55 +0200 Subject: [PATCH 6/7] make sure /sbin resp /usr/sbin are in PATH

--- src/su.c | 127 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 files changed, 127 insertions(+), 0 deletions(-) diff --git a/src/su.c b/src/su.c index eaef195..d78f968 100644 --- a/src/su.c +++ b/src/su.c @@ -455,6 +455,117 @@ correct_password (const struct passwd *pw) #endif /* !USE_PAM */ } +/* Add or clear /sbin and /usr/sbin for the su command + used without `-'. */ + +/* Set if /sbin is found in path. */ +#define SBIN_MASK 0x01 +/* Set if /usr/sbin is found in path. */ +#define USBIN_MASK 0x02 + +static char * +addsbin (const char *const path) +{ + unsigned char smask = 0; + char *ptr, *tmp, *cur, *ret = NULL; + size_t len; + + if (!path || *path == 0) + return NULL; + + tmp = xstrdup (path); + cur = tmp; + for (ptr = strsep (&cur, ":"); ptr != NULL; ptr = strsep (&cur, ":")) + { + if (!strcmp (ptr, "/sbin")) + smask |= SBIN_MASK; + if (!strcmp (ptr, "/usr/sbin")) + smask |= USBIN_MASK; + } + + if ((smask & (USBIN_MASK|SBIN_MASK)) == (USBIN_MASK|SBIN_MASK)) + { + free (tmp); + return NULL; + } + + len = strlen (path); + if (!(smask & USBIN_MASK)) + len += strlen ("/usr/sbin:"); + + if (!(smask & SBIN_MASK)) + len += strlen (":/sbin"); + + ret = xmalloc (len + 1); + strcpy (tmp, path); + + *ret = 0; + cur = tmp; + for (ptr = strsep (&cur, ":"); ptr; ptr = strsep (&cur, ":")) + { + if (!strcmp (ptr, ".")) + continue; + if (*ret) + strcat (ret, ":"); + if (!(smask & USBIN_MASK) && !strcmp (ptr, "/bin")) + { + strcat (ret, "/usr/sbin:"); + strcat (ret, ptr); + smask |= USBIN_MASK; + continue; + } + if (!(smask & SBIN_MASK) && !strcmp (ptr, "/usr/bin")) + { + strcat (ret, ptr); + strcat (ret, ":/sbin"); + smask |= SBIN_MASK; + continue; + } + strcat (ret, ptr); + } + free (tmp); + + if (!(smask & USBIN_MASK)) + strcat (ret, ":/usr/sbin"); + + if (!(smask & SBIN_MASK)) + strcat (ret, ":/sbin"); + + return ret; +} + +static char * +clearsbin (const char *const path) +{ + char *ptr, *tmp, *cur, *ret = NULL; + + if (!path || *path == 0) + return NULL; + + tmp = strdup (path); + if (!tmp) + return NULL; + + ret = xmalloc (strlen (path) + 1); + *ret = 0; + cur = tmp; + for (ptr = strsep (&cur, ":"); ptr; ptr = strsep (&cur, ":")) + { + if (!strcmp (ptr, "/sbin")) + continue; + if (!strcmp (ptr, "/usr/sbin")) + continue; + if (!strcmp (ptr, "/usr/local/sbin")) + continue; + if (*ret) + strcat (ret, ":"); + strcat (ret, ptr); + } + free (tmp); + + return ret; +} + /* Update `environ' for the new shell based on PW, with SHELL being the value for the SHELL environment variable. */ @@ -494,6 +605,22 @@ modify_environment (const struct passwd *pw, const char *shell) DEFAULT_LOGIN_PATH) : getdef_str ("SUPATH", DEFAULT_ROOT_LOGIN_PATH))); + else + { + char const *path = getenv ("PATH"); + char *new = NULL; + + if (pw->pw_uid) + new = clearsbin (path); + else + new = addsbin (path); + + if (new) + { + xsetenv ("PATH", new); + free (new); + } + } if (pw->pw_uid) { xsetenv ("USER", pw->pw_name); -- 1.7.1 ++++++ coreutils-8.6-pam-support-for-su.diff ++++++

From 8b1e75c55ea6be5c8639c98b73ecfa0cf15226ce Mon Sep 17 00:00:00 2001 From: Ludwig Nussel Date: Tue, 17 Aug 2010 13:21:44 +0200 Subject: [PATCH 1/7] pam support for su

--- configure.ac | 14 +++ src/Makefile.am | 4 +- src/su.c | 266 ++++++++++++++++++++++++++++++++++++++++++++++++++++++- 3 files changed, 278 insertions(+), 6 deletions(-) Index: configure.ac =================================================================== --- configure.ac.orig 2011-01-03 13:27:37.268088087 +0100 +++ configure.ac 2011-01-03 13:28:05.256895209 +0100 @@ -134,6 +134,20 @@ fi AC_FUNC_FORK +AC_ARG_ENABLE(pam, AS_HELP_STRING([--disable-pam], + [Enable PAM support in su (default=auto)]), , [enable_pam=yes]) +if test "x$enable_pam" != xno; then + AC_CHECK_LIB([pam], [pam_start], [enable_pam=yes], [enable_pam=no]) + AC_CHECK_LIB([pam_misc], [misc_conv], [:], [enable_pam=no]) + if test "x$enable_pam" != xno; then + AC_DEFINE(USE_PAM, 1, [Define if you want to use PAM]) + PAM_LIBS="-lpam -lpam_misc" + AC_SUBST(PAM_LIBS) + fi +fi +AC_MSG_CHECKING([whether to enable PAM support in su]) +AC_MSG_RESULT([$enable_pam]) + optional_bin_progs= AC_CHECK_FUNCS([chroot], gl_ADD_PROG([optional_bin_progs], [chroot])) Index: src/Makefile.am =================================================================== --- src/Makefile.am.orig 2011-01-03 13:27:37.268088087 +0100 +++ src/Makefile.am 2011-01-03 13:28:16.038206110 +0100 @@ -351,8 +351,8 @@ factor_LDADD += $(LIB_GMP) # for getloadavg uptime_LDADD += $(GETLOADAVG_LIBS) -# for crypt -su_LDADD += $(LIB_CRYPT) +# for crypt and pam +su_LDADD += $(LIB_CRYPT) $(PAM_LIBS) # for various ACL functions copy_LDADD += $(LIB_ACL) Index: src/su.c =================================================================== --- src/su.c.orig 2011-01-03 13:27:37.268088087 +0100 +++ src/su.c 2011-01-03 13:28:16.177210120 +0100 @@ -37,6 +37,16 @@ restricts who can su to UID 0 accounts. RMS considers that to be fascist. +#ifdef USE_PAM + + Actually, with PAM, su has nothing to do with whether or not a + wheel group is enforced by su. RMS tries to restrict your access + to a su which implements the wheel group, but PAM considers that + to be fascist, and gives the user/sysadmin the opportunity to + enforce a wheel group by proper editing of /etc/pam.d/su + +#endif + Compile-time options: -DSYSLOG_SUCCESS Log successful su's (by default, to root) with syslog. -DSYSLOG_FAILURE Log failed su's (by default, to root) with syslog. @@ -52,6 +62,13 @@ #include #include #include +#ifdef USE_PAM +#include +#include +#include +#include +#include +#endif #include "system.h" #include "getpass.h" @@ -111,7 +128,9 @@ /* The user to become if none is specified. */ #define DEFAULT_USER "root" +#ifndef USE_PAM char *crypt (char const *key, char const *salt); +#endif static void run_shell (char const *, char const *, char **, size_t) ATTRIBUTE_NORETURN; @@ -125,6 +144,11 @@ static bool simulate_login; /* If true, change some environment vars to indicate the user su'd to. */ static bool change_environment; +#ifdef USE_PAM +static bool _pam_session_opened; +static bool _pam_cred_established; +#endif + static struct option const longopts[] = { {"command", required_argument, NULL, 'c'}, @@ -200,7 +224,164 @@ log_su (struct passwd const *pw, bool su } #endif +#ifdef USE_PAM +#define PAM_SERVICE_NAME PROGRAM_NAME +#define PAM_SERVICE_NAME_L PROGRAM_NAME "-l" +static sig_atomic_t volatile caught_signal = false; +static pam_handle_t *pamh = NULL; +static int retval; +static struct pam_conv conv = +{ + misc_conv, + NULL +}; + +#define PAM_BAIL_P(a) \ + if (retval) \ + { \ + pam_end (pamh, retval); \ + a; \ + } + +static void +cleanup_pam (int retcode) +{ + if (_pam_session_opened) + pam_close_session (pamh, 0); + + if (_pam_cred_established) + pam_setcred (pamh, PAM_DELETE_CRED | PAM_SILENT); + + pam_end(pamh, retcode); +} + +/* Signal handler for parent process. */ +static void +su_catch_sig (int sig) +{ + caught_signal = true; +} + +/* Export env variables declared by PAM modules. */ +static void +export_pamenv (void) +{ + char **env; + + /* This is a copy but don't care to free as we exec later anyways. */ + env = pam_getenvlist (pamh); + while (env && *env) + { + if (putenv (*env) != 0) + xalloc_die (); + env++; + } +} + +static void +create_watching_parent (void) +{ + pid_t child; + sigset_t ourset; + int status = 0; + + retval = pam_open_session (pamh, 0); + if (retval != PAM_SUCCESS) + { + cleanup_pam (retval); + error (EXIT_FAILURE, 0, _("cannot not open session: %s"), + pam_strerror (pamh, retval)); + } + else + _pam_session_opened = 1; + + child = fork (); + if (child == (pid_t) -1) + { + cleanup_pam (PAM_ABORT); + error (EXIT_FAILURE, errno, _("cannot create child process")); + } + + /* the child proceeds to run the shell */ + if (child == 0) + return; + + /* In the parent watch the child. */ + + /* su without pam support does not have a helper that keeps + sitting on any directory so let's go to /. */ + if (chdir ("/") != 0) + error (0, errno, _("warning: cannot change directory to %s"), "/"); + + sigfillset (&ourset); + if (sigprocmask (SIG_BLOCK, &ourset, NULL)) + { + error (0, errno, _("cannot block signals")); + caught_signal = true; + } + if (!caught_signal) + { + struct sigaction action; + action.sa_handler = su_catch_sig; + sigemptyset (&action.sa_mask); + action.sa_flags = 0; + sigemptyset (&ourset); + if (sigaddset (&ourset, SIGTERM) + || sigaddset (&ourset, SIGALRM) + || sigaction (SIGTERM, &action, NULL) + || sigprocmask (SIG_UNBLOCK, &ourset, NULL)) + { + error (0, errno, _("cannot set signal handler")); + caught_signal = true; + } + } + if (!caught_signal) + { + pid_t pid; + for (;;) + { + pid = waitpid (child, &status, WUNTRACED); + + if (pid != (pid_t)-1 && WIFSTOPPED (status)) + { + kill (getpid (), SIGSTOP); + /* once we get here, we must have resumed */ + kill (pid, SIGCONT); + } + else + break; + } + if (pid != (pid_t)-1) + if (WIFSIGNALED (status)) + status = WTERMSIG (status) + 128; + else + status = WEXITSTATUS (status); + else + status = 1; + } + else + status = 1; + + if (caught_signal) + { + fprintf (stderr, _("\nSession terminated, killing shell...")); + kill (child, SIGTERM); + } + + cleanup_pam (PAM_SUCCESS); + + if (caught_signal) + { + sleep (2); + kill (child, SIGKILL); + fprintf (stderr, _(" ...killed.\n")); + } + exit (status); +} +#endif + /* Ask the user for a password. + If PAM is in use, let PAM ask for the password if necessary. Return true if the user gives the correct password for entry PW, false if not. Return true without asking for a password if run by UID 0 or if PW has an empty password. */ @@ -208,10 +389,52 @@ log_su (struct passwd const *pw, bool su static bool correct_password (const struct passwd *pw) { +#ifdef USE_PAM + const struct passwd *lpw; + const char *cp; + + retval = pam_start (simulate_login ? PAM_SERVICE_NAME_L : PAM_SERVICE_NAME, + pw->pw_name, &conv, &pamh); + PAM_BAIL_P (return false); + + if (isatty (0) && (cp = ttyname (0)) != NULL) + { + const char *tty; + + if (strncmp (cp, "/dev/", 5) == 0) + tty = cp + 5; + else + tty = cp; + retval = pam_set_item (pamh, PAM_TTY, tty); + PAM_BAIL_P (return false); + } +#if 0 /* Manpage discourages use of getlogin. */ + cp = getlogin (); + if (!(cp && *cp && (lpw = getpwnam (cp)) != NULL && lpw->pw_uid == getuid ())) +#endif + lpw = getpwuid (getuid ()); + if (lpw && lpw->pw_name) + { + retval = pam_set_item (pamh, PAM_RUSER, (const void *) lpw->pw_name); + PAM_BAIL_P (return false); + } + retval = pam_authenticate (pamh, 0); + PAM_BAIL_P (return false); + retval = pam_acct_mgmt (pamh, 0); + if (retval == PAM_NEW_AUTHTOK_REQD) + { + /* Password has expired. Offer option to change it. */ + retval = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK); + PAM_BAIL_P (return false); + } + PAM_BAIL_P (return false); + /* Must be authenticated if this point was reached. */ + return true; +#else /* !USE_PAM */ char *unencrypted, *encrypted, *correct; #if HAVE_GETSPNAM && HAVE_STRUCT_SPWD_SP_PWDP /* Shadow passwd stuff for SVR3 and maybe other systems. */ - struct spwd *sp = getspnam (pw->pw_name); + const struct spwd *sp = getspnam (pw->pw_name); endspent (); if (sp) @@ -232,6 +455,7 @@ correct_password (const struct passwd *p encrypted = crypt (unencrypted, correct); memset (unencrypted, 0, strlen (unencrypted)); return STREQ (encrypted, correct); +#endif /* !USE_PAM */ } /* Update `environ' for the new shell based on PW, with SHELL being @@ -274,19 +498,41 @@ modify_environment (const struct passwd } } } + +#ifdef USE_PAM + export_pamenv (); +#endif } /* Become the user and group(s) specified by PW. */ static void -change_identity (const struct passwd *pw) +init_groups (const struct passwd *pw) { #ifdef HAVE_INITGROUPS errno = 0; if (initgroups (pw->pw_name, pw->pw_gid) == -1) - error (EXIT_CANCELED, errno, _("cannot set groups")); + { +#ifdef USE_PAM + cleanup_pam (PAM_ABORT); +#endif + error (EXIT_FAILURE, errno, _("cannot set groups")); + } endgrent (); #endif + +#ifdef USE_PAM + retval = pam_setcred (pamh, PAM_ESTABLISH_CRED); + if (retval != PAM_SUCCESS) + error (EXIT_FAILURE, 0, "%s", pam_strerror (pamh, retval)); + else + _pam_cred_established = 1; +#endif +} + +static void +change_identity (const struct passwd *pw) +{ if (setgid (pw->pw_gid)) error (EXIT_CANCELED, errno, _("cannot set group id")); if (setuid (pw->pw_uid)) @@ -500,9 +746,21 @@ main (int argc, char **argv) shell = NULL; } shell = xstrdup (shell ? shell : pw->pw_shell); - modify_environment (pw, shell); + + init_groups (pw); + +#ifdef USE_PAM + create_watching_parent (); + /* Now we're in the child. */ +#endif change_identity (pw); + + /* Set environment after pam_open_session, which may put KRB5CCNAME + into the pam_env, etc. */ + + modify_environment (pw, shell); + if (simulate_login && chdir (pw->pw_dir) != 0) error (0, errno, _("warning: cannot change directory to %s"), pw->pw_dir); ++++++ coreutils-8.6-set-sane-default-path.diff ++++++

From 3c13edc2b9aeab8f24e60a62ab5e8a8db554486f Mon Sep 17 00:00:00 2001 From: Ludwig Nussel Date: Mon, 9 Aug 2010 16:02:30 +0200 Subject: [PATCH 4/7] set sane default path

--- src/su.c | 12 ++---------- 1 files changed, 2 insertions(+), 10 deletions(-) diff --git a/src/su.c b/src/su.c index 2a9e423..0071622 100644 --- a/src/su.c +++ b/src/su.c @@ -112,18 +112,10 @@ #endif /* The default PATH for simulated logins to non-superuser accounts. */ -#ifdef _PATH_DEFPATH -# define DEFAULT_LOGIN_PATH _PATH_DEFPATH -#else -# define DEFAULT_LOGIN_PATH ":/usr/ucb:/bin:/usr/bin" -#endif +#define DEFAULT_LOGIN_PATH "/usr/local/bin:/bin:/usr/bin" /* The default PATH for simulated logins to superuser accounts. */ -#ifdef _PATH_DEFPATH_ROOT -# define DEFAULT_ROOT_LOGIN_PATH _PATH_DEFPATH_ROOT -#else -# define DEFAULT_ROOT_LOGIN_PATH "/usr/ucb:/bin:/usr/bin:/etc" -#endif +#define DEFAULT_ROOT_LOGIN_PATH "/usr/sbin:/bin:/usr/bin:/sbin" /* The shell to run if none is given in the user's passwd entry. */ #define DEFAULT_SHELL "/bin/sh" -- 1.7.1 ++++++ coreutils-8.6-update-man-page-for-pam.diff ++++++

From 13ed7b537ae655c6d67965f1486aa2e3b181e574 Mon Sep 17 00:00:00 2001 From: Ludwig Nussel Date: Tue, 17 Aug 2010 08:59:35 +0200 Subject: [PATCH 2/7] update man page for pam

--- doc/coreutils.texi | 34 +++++----------------------------- 1 files changed, 5 insertions(+), 29 deletions(-) Index: doc/coreutils.texi =================================================================== --- doc/coreutils.texi.orig 2011-01-05 14:27:40.715232991 +0100 +++ doc/coreutils.texi 2011-01-05 14:27:41.929267939 +0100 @@ -15290,8 +15290,11 @@ to certain shells, etc.). @findex syslog @command{su} can optionally be compiled to use @code{syslog} to report failed, and optionally successful, @command{su} attempts. (If the system -supports @code{syslog}.) However, GNU @command{su} does not check if the -user is a member of the @code{wheel} group; see below. +supports @code{syslog}.) + +This version of @command{su} has support for using PAM for +authentication. You can edit @file{/etc/pam.d/su} resp @file{/etc/pam.d/su-l} +to customize its behaviour. The program accepts the following options. Also see @ref{Common options}. @@ -15372,33 +15375,6 @@ Exit status: the exit status of the subshell otherwise @end display -@cindex wheel group, not supported -@cindex group wheel, not supported -@cindex fascism -@subsection Why GNU @command{su} does not support the @samp{wheel} group - -(This section is by Richard Stallman.) - -@cindex Twenex -@cindex MIT AI lab -Sometimes a few of the users try to hold total power over all the -rest. For example, in 1984, a few users at the MIT AI lab decided to -seize power by changing the operator password on the Twenex system and -keeping it secret from everyone else. (I was able to thwart this coup -and give power back to the users by patching the kernel, but I -wouldn't know how to do that in Unix.) - -However, occasionally the rulers do tell someone. Under the usual -@command{su} mechanism, once someone learns the root password who -sympathizes with the ordinary users, he or she can tell the rest. The -``wheel group'' feature would make this impossible, and thus cement the -power of the rulers. - -I'm on the side of the masses, not that of the rulers. If you are -used to supporting the bosses and sysadmins in whatever they do, you -might find this idea strange at first. - - @node timeout invocation @section @command{timeout}: Run a command with a time limit ++++++ coreutils-8.9-singlethreaded-sort.patch ++++++ Index: src/sort.c =================================================================== --- src/sort.c.orig +++ src/sort.c @@ -5288,7 +5288,11 @@ main (int argc, char **argv) { if (!nthreads) { - unsigned long int np = num_processors (NPROC_CURRENT_OVERRIDABLE); + unsigned long int np; + if (getenv("OMP_NUM_THREADS")) + np = num_processors (NPROC_CURRENT_OVERRIDABLE); + else + np = 1; nthreads = MIN (np, DEFAULT_MAX_THREADS); } ++++++ coreutils-acl-nofollow.patch ++++++ commit 95f7c57ff4090a5dee062044d2c7b99879077808 Author: Kamil Dudka Date: Fri Jul 22 14:48:42 2011 +0200 file-has-acl: use acl_extended_file_nofollow if available * lib/acl-internal.h (HAVE_ACL_EXTENDED_FILE): New macro. (acl_extended_file): New macro. * lib/file-has-acl.c (file_has_acl): Use acl_extended_file_nofollow. * m4/acl.m4 (gl_FUNC_ACL): Check for acl_extended_file_nofollow. This addresses http://bugzilla.redhat.com/692823. Index: lib/acl-internal.h =================================================================== --- lib/acl-internal.h.orig 2011-10-05 17:31:39.000000000 +0200 +++ lib/acl-internal.h 2011-10-13 16:02:40.895813897 +0200 @@ -133,6 +133,12 @@ rpl_acl_set_fd (int fd, acl_t acl) # endif /* Linux-specific */ +# ifndef HAVE_ACL_EXTENDED_FILE_NOFOLLOW +# define HAVE_ACL_EXTENDED_FILE_NOFOLLOW false +# define acl_extended_file_nofollow(name) (-1) +# endif + +/* Linux-specific */ # ifndef HAVE_ACL_FROM_MODE # define HAVE_ACL_FROM_MODE false # define acl_from_mode(mode) (NULL) Index: lib/file-has-acl.c =================================================================== --- lib/file-has-acl.c.orig 2011-10-05 17:31:39.000000000 +0200 +++ lib/file-has-acl.c 2011-10-13 16:02:40.895813897 +0200 @@ -454,12 +454,20 @@ file_has_acl (char const *name, struct s /* Linux, FreeBSD, MacOS X, IRIX, Tru64 */ int ret; - if (HAVE_ACL_EXTENDED_FILE) /* Linux */ + if (HAVE_ACL_EXTENDED_FILE || HAVE_ACL_EXTENDED_FILE_NOFOLLOW) /* Linux */ { +# if HAVE_ACL_EXTENDED_FILE_NOFOLLOW + /* acl_extended_file_nofollow() uses lgetxattr() in order to prevent + unnecessary mounts, but it returns the same result as we already + know that NAME is not a symbolic link at this point (modulo the + TOCTTOU race condition). */ + ret = acl_extended_file_nofollow (name); +# else /* On Linux, acl_extended_file is an optimized function: It only makes two calls to getxattr(), one for ACL_TYPE_ACCESS, one for ACL_TYPE_DEFAULT. */ ret = acl_extended_file (name); +# endif } else /* FreeBSD, MacOS X, IRIX, Tru64 */ { Index: m4/acl.m4 =================================================================== --- m4/acl.m4.orig 2011-10-05 17:31:39.000000000 +0200 +++ m4/acl.m4 2011-10-13 16:02:40.895813897 +0200 @@ -33,7 +33,7 @@ AC_DEFUN([gl_FUNC_ACL], AC_CHECK_FUNCS( [acl_get_file acl_get_fd acl_set_file acl_set_fd \ acl_free acl_from_mode acl_from_text \ - acl_delete_def_file acl_extended_file \ + acl_delete_def_file acl_extended_file acl_extended_file_nofollow \ acl_delete_fd_np acl_delete_file_np \ acl_copy_ext_native acl_create_entry_np \ acl_to_short_text acl_free_text]) Index: ChangeLog =================================================================== --- ChangeLog.orig 2011-10-12 11:56:55.000000000 +0200 +++ ChangeLog 2011-10-13 16:04:55.772001787 +0200 @@ -751,6 +751,14 @@ MacOS X 10.7 has an fdatasync that is not declared, and is rumored to be ineffective. (Bug#9141) +2011-07-22 Kamil Dudka + + file-has-acl: use acl_extended_file_nofollow if available + * lib/acl-internal.h (HAVE_ACL_EXTENDED_FILE): New macro. + (acl_extended_file): New macro. + * lib/file-has-acl.c (file_has_acl): Use acl_extended_file_nofollow. + * m4/acl.m4 (gl_FUNC_ACL): Check for acl_extended_file_nofollow. + 2011-07-20 Mike Frysinger dircolors: add screen.Eterm terminal type ++++++ coreutils-bnc#697897-setsid.patch ++++++ Index: src/su.c =================================================================== --- src/su.c.orig 2012-03-27 03:56:34.823879996 +0200 +++ src/su.c 2012-03-27 03:56:53.452427731 +0200 @@ -141,6 +141,9 @@ static bool simulate_login; /* If true, change some environment vars to indicate the user su'd to. */ static bool change_environment; +/* If true, then don't call setsid() with a command. */ +int same_session = 0; + #ifdef USE_PAM static bool _pam_session_opened; static bool _pam_cred_established; @@ -149,6 +152,7 @@ static bool _pam_cred_established; static struct option const longopts[] = { {"command", required_argument, NULL, 'c'}, + {"session-command", required_argument, NULL, 'C'}, {"fast", no_argument, NULL, 'f'}, {"login", no_argument, NULL, 'l'}, {"preserve-environment", no_argument, NULL, 'p'}, @@ -323,14 +327,29 @@ create_watching_parent (void) sigemptyset (&action.sa_mask); action.sa_flags = 0; sigemptyset (&ourset); - if (sigaddset (&ourset, SIGTERM) - || sigaddset (&ourset, SIGALRM) - || sigaction (SIGTERM, &action, NULL) - || sigprocmask (SIG_UNBLOCK, &ourset, NULL)) - { + + if (!same_session) + { + if (sigaddset(&ourset, SIGINT) || sigaddset(&ourset, SIGQUIT)) + { + error (0, errno, _("cannot set signal handler")); + caught_signal = true; + } + } + if (!caught_signal && (sigaddset(&ourset, SIGTERM) + || sigaddset(&ourset, SIGALRM) + || sigaction(SIGTERM, &action, NULL) + || sigprocmask(SIG_UNBLOCK, &ourset, NULL))) + { error (0, errno, _("cannot set signal handler")); caught_signal = true; } + if (!caught_signal && !same_session && (sigaction(SIGINT, &action, NULL) + || sigaction(SIGQUIT, &action, NULL))) + { + error (0, errno, _("cannot set signal handler")); + caught_signal = true; + } } if (!caught_signal) { @@ -747,7 +766,10 @@ usage (int status) Change the effective user id and group id to that of USER.\n\ \n\ -, -l, --login make the shell a login shell\n\ - -c, --command=COMMAND pass a single COMMAND to the shell with -c\n\ + -c, --commmand=COMMAND pass a single COMMAND to the shell with -c\n\ + and start a new session for it\n\ + -C, --session-command=COMMAND pass a single COMMAND to the shell with -c\n\ + and do not create a new session\n\ -f, --fast pass -f to the shell (for csh or tcsh)\n\ -m, --preserve-environment do not reset environment variables\n\ -p same as -m\n\ @@ -770,6 +792,7 @@ main (int argc, char **argv) int optc; const char *new_user = DEFAULT_USER; char *command = NULL; + int request_same_session = 0; char *shell = NULL; struct passwd *pw; struct passwd pw_copy; @@ -787,12 +810,19 @@ main (int argc, char **argv) simulate_login = false; change_environment = true; - while ((optc = getopt_long (argc, argv, "c:flmps:", longopts, NULL)) != -1) + while ((optc = getopt_long (argc, argv, "c:C:flmps:", longopts, NULL)) != -1) { switch (optc) { case 'c': command = optarg; + if (NULL != getenv("SU_C_SAME_SESSION")) + request_same_session = 1; + break; + + case 'C': + command = optarg; + request_same_session = 1; break; case 'f': @@ -865,6 +895,9 @@ main (int argc, char **argv) } #endif + if (request_same_session || !command || !pw->pw_uid) + same_session = 1; + if (!shell && !change_environment) shell = getenv ("SHELL"); if (shell && getuid () != 0 && restricted_shell (pw->pw_shell)) @@ -886,6 +919,8 @@ main (int argc, char **argv) #endif change_identity (pw); + if (!same_session) + setsid (); /* Set environment after pam_open_session, which may put KRB5CCNAME into the pam_env, etc. */ Index: doc/coreutils.texi =================================================================== --- doc/coreutils.texi.orig 2012-03-27 03:56:34.792880749 +0200 +++ doc/coreutils.texi 2012-03-27 03:56:34.864879002 +0200 @@ -15501,6 +15501,10 @@ This version of @command{su} has support authentication. You can edit @file{/etc/pam.d/su} resp @file{/etc/pam.d/su-l} to customize its behaviour. + If the environment variable SU_C_SAME_SESSION is set, su will +not open a new session for running a command so that @option{-c} behaves +just like @option{-C}. + The program accepts the following options. Also see @ref{Common options}. @table @samp @@ -15509,7 +15513,16 @@ The program accepts the following option @opindex -c @opindex --command Pass @var{command}, a single command line to run, to the shell with -a @option{-c} option instead of starting an interactive shell. +a @option{-c} option instead of starting an interactive shell. Unless +SU_C_SAME_SESSION is set, the shell is started in its own session. + +@item -C @var{command} +@itemx --same-session=@var{command} +@opindex -C +@opindex --same-session +Pass COMMAND, a single command line to run, to the shell with a +@option{-c} option instead of starting an interactive and do not create +a new session for it. @item -f @itemx --fast ++++++ coreutils-cp-corrupt-fragmented-sparse.patch ++++++ commit 64aef5fb9afecc023a6e719da161dbbf450908b8 Author: Jim Meyering Date: Tue Oct 16 17:43:49 2012 +0200 cp: avoid data-corrupting free-memory-read NEWS entry: cp could read from freed memory and could even make corrupt copies. This could happen with a very fragmented and sparse input file, on GNU/Linux file systems supporting fiemap extent scanning. This bug also affects mv when it resorts to copying, and install. [bug introduced in coreutils-8.11] * src/extent-scan.c (extent_scan_read): Reset our last_ei pointer whenever the parent buffer might have just been freed. * tests/cp/fiemap-extent-FMR.sh: New test. * tests/local.mk (all_tests): Add it. * NEWS (Bug fixes): Mention it. Reported by Mike Gerth in http://bugs.gnu.org/12656, and with help from Alan Curry. Bug introduced in commit v8.10-60-g18f5a85. Index: src/extent-scan.c =================================================================== --- src/extent-scan.c.orig +++ src/extent-scan.c @@ -89,7 +89,7 @@ extern bool extent_scan_read (struct extent_scan *scan) { unsigned int si = 0; - struct extent_info *last_ei IF_LINT ( = scan->ext_info); + struct extent_info *last_ei = scan->ext_info; while (true) { @@ -127,8 +127,14 @@ extent_scan_read (struct extent_scan *sc assert (scan->ei_count <= SIZE_MAX - fiemap->fm_mapped_extents); scan->ei_count += fiemap->fm_mapped_extents; - scan->ext_info = xnrealloc (scan->ext_info, scan->ei_count, - sizeof (struct extent_info)); + { + /* last_ei points into a buffer that may be freed via xnrealloc. + Record its offset and adjust after allocation. */ + size_t prev_idx = last_ei - scan->ext_info; + scan->ext_info = xnrealloc (scan->ext_info, scan->ei_count, + sizeof (struct extent_info)); + last_ei = scan->ext_info + prev_idx; + } unsigned int i = 0; for (i = 0; i < fiemap->fm_mapped_extents; i++) Index: tests/cp/fiemap-FMR =================================================================== --- /dev/null +++ tests/cp/fiemap-FMR @@ -0,0 +1,31 @@ +#!/bin/sh +# Trigger a free-memory read bug in cp from coreutils-[8.11..8.19] + +# Copyright (C) 2012 Free Software Foundation, Inc. + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. + +. "${srcdir=.}/init.sh"; path_prepend_ ./src +print_ver_ cp + +require_valgrind_ +require_perl_ +: ${PERL=perl} + +$PERL -e 'for (1..600) { sysseek (*STDOUT, 4096, 1)' \ + -e '&& syswrite (*STDOUT, "a" x 1024) or die "$!"}' > j || fail=1 +valgrind --quiet --error-exitcode=3 cp j j2 || fail=1 +cmp j j2 || fail=1 + +Exit $fail Index: tests/Makefile.am =================================================================== --- tests/Makefile.am.orig +++ tests/Makefile.am @@ -331,6 +331,7 @@ TESTS = \ cp/existing-perm-race \ cp/fail-perm \ cp/fiemap-empty \ + cp/fiemap-FMR \ cp/fiemap-perf \ cp/fiemap-2 \ cp/file-perm-race \ ++++++ coreutils-fix_tac.patch ++++++

From cdd328f232a93fb40aec25d0681ef191eaeba2da Mon Sep 17 00:00:00 2001 From: Jim Meyering Date: Sun, 16 Oct 2011 10:35:56 +0200 Subject: [PATCH 1/3] maint: tac: remove sole use of sprintf in favor of stpcpy

* src/tac.c (copy_to_temp): Use stpcpy rather than sprintf. Move some declarations "down" to point of initialization. --- src/tac.c | 17 +++++++---------- 1 files changed, 7 insertions(+), 10 deletions(-) Index: src/tac.c =================================================================== --- src/tac.c.orig 2011-02-19 18:17:03.000000000 +0100 +++ src/tac.c 2011-10-17 15:46:27.879485098 +0200 @@ -426,20 +426,17 @@ copy_to_temp (FILE **g_tmp, char **g_tem { static char *template = NULL; static char const *tempdir; - char *tempfile; - FILE *tmp; - int fd; if (template == NULL) { - char const * const Template = "%s/tacXXXXXX"; + char const * const Template = "tacXXXXXX"; tempdir = getenv ("TMPDIR"); if (tempdir == NULL) tempdir = DEFAULT_TMPDIR; - /* Subtract 2 for `%s' and add 1 for the trailing NUL byte. */ - template = xmalloc (strlen (tempdir) + strlen (Template) - 2 + 1); - sprintf (template, Template, tempdir); + /* Add 1 for the slash and one for the trailing NUL byte. */ + template = xmalloc (strlen (tempdir) + strlen (Template) + 1 + 1); + stpcpy (stpcpy (stpcpy (template, tempdir), "/"), Template); } /* FIXME: there's a small window between a successful mkstemp call @@ -451,21 +448,23 @@ copy_to_temp (FILE **g_tmp, char **g_tem FIXME: clean up upon fatal signal. Don't block them, in case $TMPFILE is a remote file system. */ - tempfile = template; - fd = mkstemp (template); + char *tempfile = xstrdup (template); + int fd = mkstemp (tempfile); if (fd < 0) { error (0, errno, _("cannot create temporary file in %s"), quote (tempdir)); + free (tempfile); return false; } - tmp = fdopen (fd, (O_BINARY ? "w+b" : "w+")); + FILE *tmp = fdopen (fd, (O_BINARY ? "w+b" : "w+")); if (! tmp) { error (0, errno, _("cannot open %s for writing"), quote (tempfile)); close (fd); unlink (tempfile); + free (tempfile); return false; } @@ -501,6 +500,7 @@ copy_to_temp (FILE **g_tmp, char **g_tem Fail: fclose (tmp); + free (tempfile); return false; } @@ -512,8 +512,14 @@ tac_nonseekable (int input_fd, const cha { FILE *tmp_stream; char *tmp_file; - return (copy_to_temp (&tmp_stream, &tmp_file, input_fd, file) - && tac_seekable (fileno (tmp_stream), tmp_file)); + + if (!copy_to_temp (&tmp_stream, &tmp_file, input_fd, file)) + return false; + + bool ok = tac_seekable (fileno (tmp_stream), tmp_file); + fclose (tmp_stream); + free (tmp_file); + return ok; } /* Print FILE in reverse, copying it to a temporary Index: tests/Makefile.am =================================================================== --- tests/Makefile.am.orig 2011-10-17 15:40:44.533154336 +0200 +++ tests/Makefile.am 2011-10-17 15:40:44.882149592 +0200 @@ -270,6 +270,7 @@ TESTS = \ misc/sum-sysv \ misc/tac \ misc/tac-continue \ + misc/tac-2-nonseekable \ misc/tail \ misc/tee \ misc/tee-dash \ Index: tests/misc/tac-2-nonseekable =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ tests/misc/tac-2-nonseekable 2011-10-17 15:40:44.883149578 +0200 @@ -0,0 +1,27 @@ +#!/bin/sh +# ensure that tac works with two or more non-seekable inputs + +# Copyright (C) 2011 Free Software Foundation, Inc. + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. + +. "${srcdir=.}/init.sh"; path_prepend_ ../src +print_ver_ tac + +echo x | tac - - > out 2> err || fail=1 +echo x > exp || fail=1 +compare out exp || fail=1 +compare err /dev/null || fail=1 + +Exit $fail ++++++ coreutils-getaddrinfo.patch ++++++ Index: gnulib-tests/test-getaddrinfo.c =================================================================== --- gnulib-tests/test-getaddrinfo.c.orig 2010-03-13 16:21:08.000000000 +0100 +++ gnulib-tests/test-getaddrinfo.c 2010-05-05 14:51:40.343025353 +0200 @@ -88,11 +88,7 @@ simple (char const *host, char const *se the test merely because someone is down the country on their in-law's farm. */ if (res == EAI_AGAIN) - { - skip++; - fprintf (stderr, "skipping getaddrinfo test: no network?\n"); - return 77; - } + return 0; /* IRIX reports EAI_NONAME for "https". Don't fail the test merely because of this. */ if (res == EAI_NONAME) ++++++ coreutils-gl_printf_safe.patch ++++++ Index: configure =================================================================== --- configure.orig 2011-10-12 11:45:49.000000000 +0200 +++ configure 2011-10-13 16:01:35.584691275 +0200 @@ -3641,7 +3641,6 @@ as_fn_append ac_func_list " alarm" as_fn_append ac_header_list " sys/statvfs.h" as_fn_append ac_header_list " sys/select.h" as_fn_append ac_func_list " nl_langinfo" -gl_printf_safe=yes as_fn_append ac_header_list " priv.h" as_fn_append ac_header_list " pthread.h" as_fn_append ac_header_list " utmp.h" Index: m4/gnulib-comp.m4 =================================================================== --- m4/gnulib-comp.m4.orig 2011-10-09 19:02:39.000000000 +0200 +++ m4/gnulib-comp.m4 2011-10-13 16:02:07.582261432 +0200 @@ -1417,7 +1417,6 @@ gl_POSIXTM gl_POSIXVER gl_FUNC_PRINTF_FREXP gl_FUNC_PRINTF_FREXPL -m4_divert_text([INIT_PREPARE], [gl_printf_safe=yes]) gl_PRIV_SET AC_CHECK_DECLS([program_invocation_name], [], [], [#include ]) AC_CHECK_DECLS([program_invocation_short_name], [], [], [#include ]) ++++++ coreutils-i18n-infloop.patch ++++++ Index: src/sort.c =================================================================== --- src/sort.c.orig 2011-01-05 14:27:40.227218942 +0100 +++ src/sort.c 2011-01-05 14:27:40.574228931 +0100 @@ -3134,7 +3134,8 @@ keycompare_mb (const struct line *a, con if (MBLENGTH == (size_t)-2 || MBLENGTH == (size_t)-1) \ STATE = state_bak; \ if (!ignore) \ - COPY[NEW_LEN++] = TEXT[i++]; \ + COPY[NEW_LEN++] = TEXT[i]; \ + i++; \ continue; \ } \ \ ++++++ coreutils-i18n-no-alloca.patch ++++++ From: Bernhard Voelker Subject: sort, join, uniq: avoid segmentation fault with long input lines The i18n patches used to make use of the alloca function which cannot guarantee success, and the result can not be tested for success/failure. From `man alloca`: "If the allocation causes stack overflow, program behavior is undefined." Simply replace all uses of alloca by xmalloc. - Avoid segmentation fault in "join -i" with long line input (bnc#798541, VUL-1) Test case: $ perl -e 'print "1","A"x50000000,"\r\n\r\n"' > /tmp/test.txt $ join -i /tmp/test.txt /tmp/test.txt * src/join.c: Instead of usig unreliable alloca() stack allocation, use heap allocation via xmalloc()+free(). (coreutils-i18n.patch, from Philipp Thomas ) - Avoid segmentation fault in "sort -d" and "sort -M" with long line input (bnc#798538, VUL-1) Test cases: $ perl -e 'print "1","A"x50000000,"\r\n\r\n"' | sort -d $ perl -e 'print "1","A"x50000000,"\r\n\r\n"' | sort -M * src/sort.c: Instead of usig unreliable alloca() stack allocation, use heap allocation via xmalloc()+free(). (coreutils-i18n.patch, from Philipp Thomas ) - Avoid segmentation fault in "uniq" with long line input (bnc#796243, VUL-1) Test case: $ perl -e 'print "1","\0"x50000000,"\r\n\r\n"' | uniq * src/cut.c: Instead of usig unreliable alloca() stack allocation, use heap allocation via xmalloc()+free(). (coreutils-i18n.patch) --- src/join.c | 21 ++++++++++++++++++--- src/sort.c | 13 +++++++++---- src/uniq.c | 16 ++++++++++++---- 3 files changed, 39 insertions(+), 11 deletions(-) Index: src/join.c =================================================================== --- src/join.c.orig +++ src/join.c @@ -478,6 +478,7 @@ keycmp (struct line const *line1, struct size_t len[2]; /* Length of fields to compare. */ int diff; int i, j; + int mallocd = 0; if (jf_1 < line1->nfields) { @@ -519,7 +520,8 @@ keycmp (struct line const *line1, struct for (i = 0; i < 2; i++) { - copy[i] = alloca (len[i] + 1); + mallocd = 1; + copy[i] = xmalloc (len[i] + 1); for (j = 0; j < MIN (len[0], len[1]);) { @@ -559,7 +561,8 @@ keycmp (struct line const *line1, struct { for (i = 0; i < 2; i++) { - copy[i] = alloca (len[i] + 1); + mallocd = 1; + copy[i] = xmalloc (len[i] + 1); for (j = 0; j < MIN (len[0], len[1]); j++) copy[i][j] = toupper (beg[i][j]); @@ -575,9 +578,21 @@ keycmp (struct line const *line1, struct } if (hard_LC_COLLATE) - return xmemcoll ((char *) copy[0], len[0], (char *) copy[1], len[1]); + { + diff = xmemcoll ((char *) copy[0], len[0], (char *) copy[1], len[1]); + + if (mallocd) + for (i = 0; i < 2; i++) + free (copy[i]); + + return diff; + } + diff = memcmp (copy[0], copy[1], MIN (len[0], len[1])); + if (mallocd) + for (i = 0; i < 2; i++) + free (copy[i]); if (diff) return diff; Index: src/sort.c =================================================================== --- src/sort.c.orig +++ src/sort.c @@ -2830,13 +2830,13 @@ getmonth_mb (const char *s, size_t len, if (len == 0) return 0; - month = (char *) alloca (len + 1); + month = (char *) xmalloc (len + 1); - tmp = (char *) alloca (len + 1); + tmp = (char *) xmalloc (len + 1); memcpy (tmp, s, len); tmp[len] = '\0'; pp = (const char **)&tmp; - month_wcs = (wchar_t *) alloca ((len + 1) * sizeof (wchar_t)); + month_wcs = (wchar_t *) xmalloc ((len + 1) * sizeof (wchar_t)); memset (&state, '\0', sizeof(mbstate_t)); wclength = mbsrtowcs (month_wcs, pp, len + 1, &state); @@ -2875,6 +2875,10 @@ getmonth_mb (const char *s, size_t len, result = (!strncmp (month, monthtab[lo].name, strlen (monthtab[lo].name)) ? monthtab[lo].val : 0); + free (month); + free (tmp); + free (month_wcs); + return result; } #endif @@ -3136,7 +3140,7 @@ keycompare_mb (const struct line *a, con { if (ignore || translate) { - char *copy_a = (char *) alloca (lena + 1 + lenb + 1); + char *copy_a = xmalloc (lena + 1 + lenb + 1); char *copy_b = copy_a + lena + 1; size_t new_len_a, new_len_b; size_t i, j; @@ -3212,6 +3216,7 @@ keycompare_mb (const struct line *a, con IGNORE_CHARS (new_len_b, lenb, textb, copy_b, wc_b, mblength_b, state_b); diff = xmemcoll (copy_a, new_len_a, copy_b, new_len_b); + free(copy_a); } else if (lena == 0) diff = - NONZERO (lenb); Index: src/uniq.c =================================================================== --- src/uniq.c.orig +++ src/uniq.c @@ -349,14 +349,19 @@ different (char *old, char *new, size_t { size_t i; - copy_old = alloca (oldlen + 1); - copy_new = alloca (oldlen + 1); + copy_old = xmalloc (sizeof(char) * (oldlen + 1)); + copy_new = xmalloc (sizeof(char) * (oldlen + 1)); for (i = 0; i < oldlen; i++) { copy_old[i] = toupper (old[i]); copy_new[i] = toupper (new[i]); } + + bool rc = xmemcoll (copy_old, oldlen, copy_new, newlen); + free (copy_old); + free (copy_new); + return rc; } else { @@ -389,7 +394,7 @@ different_multi (const char *old, const for (i = 0; i < 2; i++) { - copy[i] = alloca (len[i] + 1); + copy[i] = xmalloc (len[i] + 1); for (j = 0, chars = 0; j < len[i] && chars < check_chars; chars++) { @@ -430,7 +435,10 @@ different_multi (const char *old, const len[i] = j; } - return xmemcoll (copy[0], len[0], copy[1], len[1]); + int rc = xmemcoll (copy[0], len[0], copy[1], len[1]); + free (copy[0]); + free (copy[1]); + return rc; } #endif ++++++ coreutils-i18n-uninit.patch ++++++ Index: src/cut.c =================================================================== --- src/cut.c.orig 2010-11-11 16:28:46.581137538 +0100 +++ src/cut.c 2010-11-11 16:30:04.886974551 +0100 @@ -868,7 +868,10 @@ cut_fields_mb (FILE *stream) c = getc (stream); empty_input = (c == EOF); if (c != EOF) - ungetc (c, stream); + { + ungetc (c, stream); + wc = 0; + } else wc = WEOF; ++++++ coreutils-invalid-ids.patch ++++++ While uid_t and gid_t are both unsigned, the values (uid_t) -1 and (gid_t) -1 are reserved. A uid or gid argument of -1 to the chown(2) system call means to leave the uid/gid unchanged. Catch this case so that trying to set a uid or gid to -1 will result in an error. Test cases: chown 4294967295 file chown :4294967295 file chgrp 4294967295 file Andreas Gruenbacher Index: src/chgrp.c =================================================================== --- src/chgrp.c.orig 2010-01-01 14:06:47.000000000 +0100 +++ src/chgrp.c 2010-05-05 14:03:28.279359192 +0200 @@ -89,7 +89,7 @@ parse_group (const char *name) { unsigned long int tmp; if (! (xstrtoul (name, NULL, 10, &tmp, "") == LONGINT_OK - && tmp <= GID_T_MAX)) + && tmp <= GID_T_MAX && (gid_t) tmp != (gid_t) -1)) error (EXIT_FAILURE, 0, _("invalid group: %s"), quote (name)); gid = tmp; } ++++++ coreutils-misc.patch ++++++ Index: gnulib-tests/test-isnanl.h =================================================================== --- gnulib-tests/test-isnanl.h.orig 2011-10-09 19:02:27.000000000 +0200 +++ gnulib-tests/test-isnanl.h 2011-10-13 15:58:39.627054718 +0200 @@ -49,7 +49,7 @@ main () /* Quiet NaN. */ ASSERT (isnanl (NaNl ())); -#if defined LDBL_EXPBIT0_WORD && defined LDBL_EXPBIT0_BIT +#if defined LDBL_EXPBIT0_WORD && defined LDBL_EXPBIT0_BIT && 0 /* A bit pattern that is different from a Quiet NaN. With a bit of luck, it's a Signalling NaN. */ { @@ -91,6 +91,7 @@ main () { LDBL80_WORDS (0xFFFF, 0x83333333, 0x00000000) }; ASSERT (isnanl (x.value)); } +#if 0 /* The isnanl function should recognize Pseudo-NaNs, Pseudo-Infinities, Pseudo-Zeroes, Unnormalized Numbers, and Pseudo-Denormals, as defined in Intel IA-64 Architecture Software Developer's Manual, Volume 1: @@ -124,6 +125,7 @@ main () ASSERT (isnanl (x.value)); } #endif +#endif return 0; } Index: tests/misc/help-version =================================================================== --- tests/misc/help-version.orig 2011-07-28 12:38:27.000000000 +0200 +++ tests/misc/help-version 2011-10-13 15:58:39.628054705 +0200 @@ -250,6 +250,7 @@ parted_setup () { args="-s $tmp_in mklab for i in $built_programs; do # Skip these. case $i in chroot|stty|tty|false|chcon|runcon) continue;; esac + case $i in df) continue;; esac rm -rf $tmp_in $tmp_in2 $tmp_dir $tmp_out $bigZ_in $zin $zin2 echo z |gzip > $zin Index: tests/other-fs-tmpdir =================================================================== --- tests/other-fs-tmpdir.orig 2011-07-28 12:38:27.000000000 +0200 +++ tests/other-fs-tmpdir 2011-10-13 16:01:02.181139986 +0200 @@ -44,6 +44,9 @@ for d in $CANDIDATE_TMP_DIRS; do done +# Autobuild hack +test -f /bin/uname.bin && other_partition_tmpdir= + if test -z "$other_partition_tmpdir"; then skip_ \ "requires a writable directory on a different disk partition, ++++++ coreutils-ptr_int_casts.patch ++++++ Index: src/join.c =================================================================== --- src/join.c.orig 2010-11-11 16:29:37.000000000 +0100 +++ src/join.c 2010-11-11 17:04:33.776501344 +0100 @@ -1273,7 +1273,7 @@ main (int argc, char **argv) case 't': { - char *newtab; + char *newtab = NULL; size_t newtablen; newtab = xstrdup (optarg); #if HAVE_MBRTOWC @@ -1295,7 +1295,7 @@ main (int argc, char **argv) newtablen = 1; if (! newtab) { - newtab = '\n'; /* '' => process the whole line. */ + newtab = "\n"; /* '' => process the whole line. */ } else if (optarg[1]) { ++++++ coreutils-remove_hostname_documentation.patch ++++++ Index: doc/coreutils.texi =================================================================== --- doc/coreutils.texi.orig 2011-04-04 13:43:03.000000000 +0200 +++ doc/coreutils.texi 2011-04-04 13:47:21.655051052 +0200 @@ -66,7 +66,6 @@ * groups: (coreutils)groups invocation. Print group names a user is in. * head: (coreutils)head invocation. Output the first part of files. * hostid: (coreutils)hostid invocation. Print numeric host identifier. -* hostname: (coreutils)hostname invocation. Print or set system name. * id: (coreutils)id invocation. Print user identity. * install: (coreutils)install invocation. Copy and change attributes. * join: (coreutils)join invocation. Join lines on a common field. @@ -197,7 +196,7 @@ Free Documentation License''. * File name manipulation:: dirname basename pathchk mktemp * Working context:: pwd stty printenv tty * User information:: id logname whoami groups users who -* System context:: date arch nproc uname hostname hostid uptime +* System context:: date arch nproc uname hostid uptime * SELinux context:: chcon runcon * Modified command invocation:: chroot env nice nohup stdbuf su timeout * Process control:: kill @@ -414,7 +413,6 @@ System context * date invocation:: Print or set system date and time * nproc invocation:: Print the number of processors * uname invocation:: Print system information -* hostname invocation:: Print or set system name * hostid invocation:: Print numeric host identifier * uptime invocation:: Print system uptime and load @@ -13761,7 +13759,6 @@ information. * arch invocation:: Print machine hardware name. * nproc invocation:: Print the number of processors. * uname invocation:: Print system information. -* hostname invocation:: Print or set system name. * hostid invocation:: Print numeric host identifier. * uptime invocation:: Print system uptime and load. @end menu @@ -14523,15 +14520,6 @@ easily available, as is the case with Li Print the machine hardware name (sometimes called the hardware class or hardware type). -@item -n -@itemx --nodename -@opindex -n -@opindex --nodename -@cindex hostname -@cindex node name -@cindex network node name -Print the network node hostname. - @item -p @itemx --processor @opindex -p @@ -14585,30 +14573,6 @@ Print the kernel version. @exitstatus - -@node hostname invocation -@section @command{hostname}: Print or set system name - -@pindex hostname -@cindex setting the hostname -@cindex printing the hostname -@cindex system name, printing -@cindex appropriate privileges - -With no arguments, @command{hostname} prints the name of the current host -system. With one argument, it sets the current host name to the -specified string. You must have appropriate privileges to set the host -name. Synopsis: - -@example -hostname [@var{name}] -@end example - -The only options are @option{--help} and @option{--version}. @xref{Common -options}. - -@exitstatus - @node hostid invocation @section @command{hostid}: Print numeric host identifier Index: man/Makefile.am =================================================================== --- man/Makefile.am.orig 2011-01-01 22:19:23.000000000 +0100 +++ man/Makefile.am 2011-01-05 14:27:40.742233767 +0100 @@ -197,7 +197,7 @@ check-x-vs-1: @PATH=../src$(PATH_SEPARATOR)$$PATH; export PATH; \ t=$@-t; \ (cd $(srcdir) && ls -1 *.x) | sed 's/\.x$$//' | $(ASSORT) > $$t;\ - (echo $(dist_man1_MANS) $(NO_INSTALL_PROGS_DEFAULT) \ + (echo $(dist_man1_MANS) $(NO_INSTALL_PROGS_DEFAULT) hostid \ | tr -s ' ' '\n' | sed 's/\.1$$//') \ | $(ASSORT) -u | diff - $$t || { rm $$t; exit 1; }; \ rm $$t Index: man/Makefile.in =================================================================== --- man/Makefile.in.orig 2011-01-04 12:23:07.000000000 +0100 +++ man/Makefile.in 2011-01-05 14:27:40.768234515 +0100 @@ -1641,7 +1641,7 @@ check-x-vs-1: @PATH=../src$(PATH_SEPARATOR)$$PATH; export PATH; \ t=$@-t; \ (cd $(srcdir) && ls -1 *.x) | sed 's/\.x$$//' | $(ASSORT) > $$t;\ - (echo $(dist_man1_MANS) $(NO_INSTALL_PROGS_DEFAULT) \ + (echo $(dist_man1_MANS) $(NO_INSTALL_PROGS_DEFAULT) hostid \ | tr -s ' ' '\n' | sed 's/\.1$$//') \ | $(ASSORT) -u | diff - $$t || { rm $$t; exit 1; }; \ rm $$t ++++++ coreutils-sysinfo.patch ++++++ Index: src/uname.c =================================================================== --- src/uname.c.orig 2010-01-01 14:06:47.000000000 +0100 +++ src/uname.c 2010-05-05 13:58:03.471359120 +0200 @@ -339,6 +339,36 @@ main (int argc, char **argv) # endif } #endif + if (element == unknown) + { + struct utsname name; + static char processor[sizeof (name.machine)]; + if (uname (&name) != 0) + error (EXIT_FAILURE, errno, _("cannot get system name")); + strcpy (processor, name.machine); + element = processor; +#ifdef __linux__ + if (!strcmp (element, "i686")) + { + /* Check for Athlon */ + char line[1024]; + FILE *f = fopen ("/proc/cpuinfo", "r"); + if (f) + { + while (fgets (line, sizeof (line), f) > 0) + { + if (strncmp (line, "vendor_id", 9) == 0) + { + if (strstr (line, "AuthenticAMD")) + element = "athlon"; + break; + } + } + fclose (f); + } + } +#endif + } if (! (toprint == UINT_MAX && element == unknown)) print_element (element); } @@ -364,6 +394,18 @@ main (int argc, char **argv) element = hardware_platform; } #endif + if (element == unknown) + { + struct utsname name; + static char hardware_platform[sizeof (name.machine)]; + if (uname (&name) != 0) + error (EXIT_FAILURE, errno, _("cannot get system name")); + strcpy (hardware_platform, name.machine); + if (hardware_platform[0] == 'i' && hardware_platform[2] == '8' + && hardware_platform[3] == '6' && hardware_platform[4] == 0) + hardware_platform[1] = '3'; + element = hardware_platform; + } if (! (toprint == UINT_MAX && element == unknown)) print_element (element); } ++++++ su.default ++++++ # Per default, only "su -" will set a new PATH. # If this variable is changed to "yes" (default is "no"), # every su call will overwrite the PATH variable. ALWAYS_SET_PATH=no # Default path. PATH=/usr/local/bin:/bin:/usr/bin # Default path for a user invoking su to root. SUPATH=/usr/sbin:/bin:/usr/bin:/sbin ++++++ su.pamd ++++++ #%PAM-1.0 auth sufficient pam_rootok.so auth include common-auth account sufficient pam_rootok.so account include common-account password include common-password session include common-session session optional pam_xauth.so -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org