Hello community,
here is the log from the commit of package coreutils.1251 for openSUSE:12.2:Update checked in at 2013-02-04 13:53:27
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.2:Update/coreutils.1251 (Old)
and /work/SRC/openSUSE:12.2:Update/.coreutils.1251.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "coreutils.1251", Maintainer is ""
Changes:
--------
New Changes file:
--- /dev/null 2013-01-09 19:40:42.352580873 +0100
+++ /work/SRC/openSUSE:12.2:Update/.coreutils.1251.new/coreutils.changes 2013-02-04 13:53:29.000000000 +0100
@@ -0,0 +1,2171 @@
+-------------------------------------------------------------------
+Wed Jan 23 12:29:04 UTC 2013 - mail@bernhard-voelker.de
+
+- Avoid segmentation fault in "join -i" with long line input
+ (bnc#798541, VUL-1, CVE-2013-0223)
+
+- Avoid segmentation fault in "uniq" with long line input
+ (bnc#796243, VUL-1, CVE-2013-0222)
+
+- Avoid segmentation fault in "sort -d" and "sort -M" with long line input
+ (bnc#798538, VUL-1, CVE-2013-0221)
+
+-------------------------------------------------------------------
+Tue Nov 6 23:33:47 UTC 2012 - mail@bernhard-voelker.de
+
+- Add coreutils-cp-corrupt-fragmented-sparse.patch from upstream:
+
+ * cp could read from freed memory and could even make corrupt copies.
+ This could happen with a very fragmented and sparse input file,
+ on GNU/Linux file systems supporting fiemap extent scanning.
+ This bug also affects mv when it resorts to copying, and install.
+ [bug introduced in coreutils-8.11]
+ (http://bugs.gnu.org/12656) (bnc#788459, bnc#788461)
+
+-------------------------------------------------------------------
+Fri Sep 21 09:35:45 UTC 2012 - froh@suse.com
+
+- fix coreutils-8.9-singlethreaded-sort.patch to honor
+ OMP_NUM_THREADS again. bnc#781992
+
+-------------------------------------------------------------------
+Tue May 15 22:34:03 UTC 2012 - schwab@linux-m68k.org
+
+- Build factor with gmp support
+
+-------------------------------------------------------------------
+Mon May 7 14:22:29 CEST 2012 - pth@suse.de
+
+- Two new upstream patches:
+
+ * id and groups, when invoked with no user name argument, would
+ print the default group ID listed in the password database, and
+ sometimes that ID would be neither real nor effective. For
+ example, when run set-GID, or in a session for which the default
+ group has just been changed, the new group ID would be listed,
+ even though it is not yet effective.
+
+ * 'cp S D' is no longer subject to a race: if an existing D were
+ removed between the initial stat and subsequent
+ open-without-O_CREAT, cp would fail with a confusing diagnostic
+ saying that the destination, D, was not found. Now, in this
+ unusual case, it retries the open (but with O_CREAT), and hence
+ usually succeeds. With NFS attribute caching, the condition was
+ particularly easy to trigger, since there, the removal of D could
+ precede the initial stat. [This bug was present in "the
+ beginning".] (bnc#760926).
+
+-------------------------------------------------------------------
+Fri Apr 27 12:38:23 CEST 2012 - pth@suse.de
+
+- Make stdbuf binary find libstdbuf.so by looking in the right
+ path (bnc#741241).
+
+-------------------------------------------------------------------
+Mon Apr 16 13:23:56 CEST 2012 - pth@suse.de
+
+- Update to 8.16:
+
+ - Improvements:
+ * As a GNU extension, 'chmod', 'mkdir', and 'install' now accept
+ operators '-', '+', '=' followed by octal modes;
+ * Also, ordinary numeric modes with five or more digits no longer
+ preserve setuid and setgid bits, so that 'chmod 00755 FOO' now
+ clears FOO's setuid and setgid bits.
+ * dd now accepts the count_bytes, skip_bytes iflags and the
+ seek_bytes oflag, to more easily allow processing portions of a
+ file.
+ * dd now accepts the conv=sparse flag to attempt to create sparse
+ output, by seeking rather than writing to the output file.
+ * ln now accepts the --relative option, to generate a relative
+ symbolic link to a target, irrespective of how the target is
+ specified.
+ * split now accepts an optional "from" argument to
+ --numeric-suffixes, which changes the start number from the
+ default of 0.
+ * split now accepts the --additional-suffix option, to append an
+ additional static suffix to output file names.
+ * basename now supports the -a and -s options, which allow
+ processing of more than one argument at a time. Also the
+ complementary -z option was added to delimit output items with
+ the NUL character.
+ * dirname now supports more than one argument. Also the complementary
+ z option was added to delimit output items with the NUL character.
+
+ - Bug fixes
+ * du --one-file-system (-x) would ignore any non-directory
+ specified on the command line. For example, "touch f; du -x f"
+ would print nothing. [bug introduced in coreutils-8.15]
+ * mv now lets you move a symlink onto a same-inode destination
+ file that has two or more hard links.
+ * "mv A B" could succeed, yet A would remain.
+ * realpath no longer mishandles a root directory.
+
+ - Improvements
+ * ls can be much more efficient, especially with large directories
+ on file systems for which getfilecon-, ACL-check- and XATTR-
+ check-induced syscalls fail with ENOTSUP or similar.
+ * 'realpath --relative-base=dir' in isolation now implies
+ '--relative-to=dir' instead of causing a usage failure.
+ * split now supports an unlimited number of split files as default
+ behavior.
+
+ For a detaild list se NEWS in the documentation.
+
+- Add up-to-date german translation.
+
+-------------------------------------------------------------------
+Mon Apr 16 12:00:34 CEST 2012 - pth@suse.de
+
+- Add two upstream patches that speed up ls (bnc#752943):
+ * Cache (l)getfilecon calls to avoid the vast majority of the failing
+ underlying getxattr syscalls.
+ * Avoids always-failing queries for whether a file has a nontrivial
+ ACL and for whether a file has certain "capabilities".
+
+-------------------------------------------------------------------
+Fri Mar 9 17:30:19 CET 2012 - pth@suse.de
+
+- Update to 8.15:
+ ** New programs
+
+ realpath: print resolved file names.
+
+ ** Bug fixes
+
+ du --one-file-system (-x) would ignore any non-directory specified on
+ the command line. For example, "touch f; du -x f" would print nothing.
+ [bug introduced in coreutils-8.14]
+
+ du -x no longer counts root directories of other file systems.
+ [bug introduced in coreutils-5.1.0]
+
+ ls --color many-entry-directory was uninterruptible for too long
+ [bug introduced in coreutils-5.2.1]
+
+ ls's -k option no longer affects how ls -l outputs file sizes.
+ It now affects only the per-directory block counts written by -l,
+ and the sizes written by -s. This is for compatibility with BSD
+ and with POSIX 2008. Because -k is no longer equivalent to
+ --block-size=1KiB, a new long option --kibibyte stands for -k.
+ [bug introduced in coreutils-4.5.4]
+
+ ls -l would leak a little memory (security context string) for each
+ nonempty directory listed on the command line, when using SELinux.
+ [bug probably introduced in coreutils-6.10 with SELinux support]
+
+ split -n 1/2 FILE no longer fails when operating on a growing file, or
+ (on some systems) when operating on a non-regular file like /dev/zero.
+ It would report "/dev/zero: No such file or directory" even though
+ the file obviously exists. Same for -n l/2.
+ [bug introduced in coreutils-8.8, with the addition of the -n option]
+
+ stat -f now recognizes the FhGFS and PipeFS file system types.
+
+ tac no longer fails to handle two or more non-seekable inputs
+ [bug introduced in coreutils-5.3.0]
+
+ tail -f no longer tries to use inotify on GPFS or FhGFS file systems
+ [you might say this was introduced in coreutils-7.5, along with inotify
+ support, but the new magic numbers weren't in the usual places then.]
+
+ ** Changes in behavior
+
+ df avoids long UUID-including file system names in the default listing.
+ With recent enough kernel/tools, these long names would be used, pushing
+ second and subsequent columns far to the right. Now, when a long name
+ refers to a symlink, and no file systems are specified, df prints the
+ usually-short referent instead.
+
+ tail -f now uses polling (not inotify) when any of its file arguments
+ resides on a file system of unknown type. In addition, for each such
+ argument, tail -f prints a warning with the FS type magic number and a
+ request to report it to the bug-reporting address.
+
+- Bring german message catalog up to date.
+- Include upstream fix for du.
+- Include upstream patch fixing basename documentation.
+
+-------------------------------------------------------------------
+Mon Feb 6 17:18:37 UTC 2012 - rschweikert@suse.com
+
+- keep binaries in /usr (UserMerge project)
+
+-------------------------------------------------------------------
+Mon Dec 19 15:09:12 UTC 2011 - lnussel@suse.de
+
+- Adjust license for coreutils-8.6-honor-settings-in-etc-default-su-resp-etc-login.defs.diff
++++ 1974 more lines (skipped)
++++ between /dev/null
++++ and /work/SRC/openSUSE:12.2:Update/.coreutils.1251.new/coreutils.changes
New:
----
baselibs.conf
coreutils-8.16.de.po.xz
coreutils-8.16.tar.xz
coreutils-8.6-compile-su-with-fpie.diff
coreutils-8.6-honor-settings-in-etc-default-su-resp-etc-login.defs.diff
coreutils-8.6-log-all-su-attempts.diff
coreutils-8.6-make-sure-sbin-resp-usr-sbin-are-in-PATH.diff
coreutils-8.6-pam-support-for-su.diff
coreutils-8.6-set-sane-default-path.diff
coreutils-8.6-update-man-page-for-pam.diff
coreutils-8.9-singlethreaded-sort.patch
coreutils-acl-nofollow.patch
coreutils-basename_documentation.patch
coreutils-bnc#697897-setsid.patch
coreutils-cp-corrupt-fragmented-sparse.patch
coreutils-getaddrinfo.patch
coreutils-gl_printf_safe.patch
coreutils-i18n-infloop.patch
coreutils-i18n-no-alloca.patch
coreutils-i18n-uninit.patch
coreutils-i18n.patch
coreutils-id_show_real_groups.patch
coreutils-invalid-ids.patch
coreutils-misc.patch
coreutils-ptr_int_casts.patch
coreutils-race_in_cp.patch
coreutils-remove_hostname_documentation.patch
coreutils-sysinfo.patch
coreutils.changes
coreutils.spec
su.default
su.pamd
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ coreutils.spec ++++++
#
# spec file for package coreutils
#
# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: coreutils
Summary: GNU Core Utilities
License: GPL-3.0+
Group: System/Base
BuildRequires: automake
BuildRequires: gmp-devel
BuildRequires: help2man
BuildRequires: libacl-devel
BuildRequires: libcap-devel
BuildRequires: libselinux-devel
BuildRequires: pam-devel
BuildRequires: xz
Url: http://www.gnu.org/software/coreutils/
Version: 8.16
Release: 0
Provides: fileutils = %{version}
Provides: mktemp = %{version}
Provides: sh-utils = %{version}
Provides: stat = %{version}
Provides: textutils = %{version}
Obsoletes: fileutils < %{version}
Obsoletes: libselinux <= 1.23.11-3
Obsoletes: libselinux-32bit = 9
Obsoletes: libselinux-64bit = 9
Obsoletes: libselinux-x86 = 9
Obsoletes: mktemp < %{version}
Obsoletes: sh-utils < %{version}
Obsoletes: stat < %version}
Obsoletes: textutils < %{version}
PreReq: %{install_info_prereq}
Recommends: %{name}-lang = %version
Requires: pam >= 1.1.1.90
Source: coreutils-%{version}.tar.xz
Source1: su.pamd
Source2: su.default
Source3: baselibs.conf
Source4: coreutils-%{version}.de.po.xz
Patch0: coreutils-misc.patch
Patch1: coreutils-remove_hostname_documentation.patch
Patch2: coreutils-gl_printf_safe.patch
#Remove the bogus coreutils version from the i18n patch name
Patch4: coreutils-i18n.patch
Patch5: coreutils-i18n-uninit.patch
Patch6: coreutils-i18n-infloop.patch
Patch8: coreutils-sysinfo.patch
Patch16: coreutils-invalid-ids.patch
Patch20: coreutils-8.6-pam-support-for-su.diff
Patch21: coreutils-8.6-update-man-page-for-pam.diff
Patch22: coreutils-8.6-log-all-su-attempts.diff
Patch23: coreutils-8.6-set-sane-default-path.diff
Patch24: coreutils-8.6-honor-settings-in-etc-default-su-resp-etc-login.defs.diff
Patch25: coreutils-8.6-make-sure-sbin-resp-usr-sbin-are-in-PATH.diff
#
Patch30: coreutils-8.6-compile-su-with-fpie.diff
Patch31: coreutils-getaddrinfo.patch
Patch32: coreutils-ptr_int_casts.patch
Patch33: coreutils-8.9-singlethreaded-sort.patch
Patch34: coreutils-acl-nofollow.patch
Patch36: coreutils-basename_documentation.patch
Patch37: coreutils-bnc#697897-setsid.patch
#Upstream patch will be included with 8.17
Patch38: coreutils-id_show_real_groups.patch
#Upstream patch, needs to be removed for 8.17
Patch39: coreutils-race_in_cp.patch
#PATCH-FIX-UPSTREAM will be included in 8.20 [bnc#788459, bnc#788461]
Patch40: coreutils-cp-corrupt-fragmented-sparse.patch
#PATCH-FIX-SUSE avoid crashes due to alloca() in SUSE's i18n patch.
Patch41: coreutils-i18n-no-alloca.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
# this will create a cycle, broken up randomly - coreutils is just too core to have other
# prerequires
#PreReq: permissions
%description
Basic file, shell, and text manipulation utilities. The package
contains the following programs:
[ arch base64 basename cat chcon chgrp chmod chown chroot cksum comm cp
csplit cut date dd df dir dircolors dirname du echo env expand expr
factor false fmt fold groups head id install join kill link ln logname
ls md5sum mkdir mkfifo mknod mktemp mv nice nl nohup od paste pathchk
pinky pr printenv printf ptx pwd readlink rm rmdir runcon seq sha1sum
sha224sum sha256sum sha384sum sha512sum shred shuf sleep sort split
stat stty su sum sync tac tail tee test timeout touch tr true tsort tty
uname unexpand uniq unlink uptime users vdir wc who whoami yes
%lang_package
%prep
%setup -q
%patch4
%patch5
%patch6
%patch0
%patch1
%patch2
%patch8
%patch16
%patch20
%patch21
%patch22 -p1
%patch23 -p1
%patch24
%patch25
#
%patch30
%patch31
%patch32
%patch33
%patch34
%patch36
%patch37
%patch38
%patch39
%patch40
%patch41
xz -dc %{S:4} >po/de.po
%build
AUTOPOINT=true autoreconf -fi
export CFLAGS="%optflags -Wall"
%configure --libexecdir=%{_libdir} --without-included-regex \
--enable-install-program=arch,su \
gl_cv_func_printf_directive_n=yes \
gl_cv_func_isnanl_works=yes \
DEFAULT_POSIX2_VERSION=199209
make -C po update-po
make %{?_smp_mflags} V=1
%install
%makeinstall pkglibexecdir=%{_libdir}/%{name}
test -f %{buildroot}%{_bindir}/su || \
install src/su %{buildroot}%{_bindir}/su
#UsrMerge
install -d %{buildroot}/bin
for i in arch basename cat chgrp chmod chown cp date dd df echo false kill ln ls mkdir mknod mktemp mv pwd rm rmdir sleep sort stat stty su sync touch true uname readlink md5sum
do
ln -sf %{_bindir}/$i %{buildroot}/bin/$i
done
#EndUsrMerge
install -d -m 755 %{buildroot}/etc/pam.d
install -m 644 %{S:1} %{buildroot}/etc/pam.d/su
install -m 644 %{S:1} %{buildroot}/etc/pam.d/su-l
install -d -m 755 %{buildroot}/etc/default
install -m 644 %{S:2} %{buildroot}/etc/default/su
echo '.so man1/test.1' > %{buildroot}/%{_mandir}/man1/\[.1
%find_lang %name
%post
%install_info --info-dir=%{_infodir} %{_infodir}/coreutils.info.gz
# may fail if permissions is not there, but there is no way around that
%set_permissions %{_bindir}/su
%postun
%install_info_delete --info-dir=%{_infodir} %{_infodir}/coreutils.info.gz
%verifyscript
%verify_permissions -e %{_bindir}/su
%files
%defattr(-,root,root)
%doc README NEWS
%config %{_sysconfdir}/pam.d/su
%config %{_sysconfdir}/pam.d/su-l
%config(noreplace) %{_sysconfdir}/default/su
%attr(4755,root,root) %{_bindir}/su
%{_bindir}/*
#UsrMerge
/bin/*
#EndUsrMerge
%{_libdir}/%{name}
%doc %{_infodir}/coreutils.info*.gz
%doc %{_mandir}/man1/*.1.gz
%dir %{_prefix}/share/locale/*/LC_TIME
%files lang -f %name.lang
%defattr(-,root,root)
%changelog
++++++ baselibs.conf ++++++
targettype x86 package coreutils
+^/bin/uname$
prereq -glibc-x86
++++++ coreutils-8.6-compile-su-with-fpie.diff ++++++
From d1a49cccf99373293a88f5bce74857d5bb813e46 Mon Sep 17 00:00:00 2001
From: Thorsten Kukuk
Date: Tue, 17 Aug 2010 09:21:22 +0200
Subject: [PATCH 7/7] compile su with -fpie
---
lib/Makefile.am | 2 +-
src/Makefile.am | 5 +++++
2 files changed, 6 insertions(+), 1 deletions(-)
Index: lib/Makefile.am
===================================================================
--- lib/Makefile.am.orig 2012-04-16 13:18:02.444819167 +0200
+++ lib/Makefile.am 2012-04-16 13:18:07.729692419 +0200
@@ -28,7 +28,7 @@ noinst_LIBRARIES =
include gnulib.mk
-AM_CFLAGS += $(GNULIB_WARN_CFLAGS) $(WERROR_CFLAGS)
+AM_CFLAGS += $(GNULIB_WARN_CFLAGS) $(WERROR_CFLAGS) -fpie
libcoreutils_a_SOURCES += \
buffer-lcm.c buffer-lcm.h
Index: src/Makefile.am
===================================================================
--- src/Makefile.am.orig 2012-04-16 13:18:07.714692779 +0200
+++ src/Makefile.am 2012-04-16 13:18:07.730692395 +0200
@@ -361,6 +361,11 @@ uptime_LDADD += $(GETLOADAVG_LIBS)
su_SOURCES = su.c getdef.c
su_LDADD += $(LIB_CRYPT) $(PAM_LIBS)
+su_CFLAGS = -fpie
+su_LDFLAGS = -pie
+timeout_CFLAGS = -fpie
+timeout_LDFLAGS = -pie
+
# for various ACL functions
copy_LDADD += $(LIB_ACL)
ls_LDADD += $(LIB_ACL)
++++++ coreutils-8.6-honor-settings-in-etc-default-su-resp-etc-login.defs.diff ++++++
From d776b1b67eb1bc1b815426fdf22f38b25ef1e2df Mon Sep 17 00:00:00 2001
From: Ludwig Nussel
Date: Mon, 9 Aug 2010 16:03:12 +0200
Subject: [PATCH 5/7] honor settings in /etc/default/su resp /etc/login.defs
---
src/Makefile.am | 1 +
src/getdef.c | 259 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
src/getdef.h | 29 ++++++
src/su.c | 13 +++-
4 files changed, 300 insertions(+), 2 deletions(-)
create mode 100644 src/getdef.c
create mode 100644 src/getdef.h
Index: src/Makefile.am
===================================================================
--- src/Makefile.am.orig 2012-04-16 13:18:07.682693547 +0200
+++ src/Makefile.am 2012-04-16 13:18:34.609047413 +0200
@@ -358,6 +358,7 @@ factor_LDADD += $(LIB_GMP)
uptime_LDADD += $(GETLOADAVG_LIBS)
# for crypt and pam
+su_SOURCES = su.c getdef.c
su_LDADD += $(LIB_CRYPT) $(PAM_LIBS)
# for various ACL functions
Index: src/getdef.c
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ src/getdef.c 2012-04-16 13:18:07.714692779 +0200
@@ -0,0 +1,259 @@
+/* Copyright (C) 2003, 2004, 2005 Thorsten Kukuk
+ Author: Thorsten Kukuk
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License version 2 or
+ later as published by the Free Software Foundation.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation,
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */
+
+#ifdef HAVE_CONFIG_H
+#include
+#endif
+
+#define _GNU_SOURCE
+
+#include
+#include
+#include
+#include
+#include
+#include
+
+#include "getdef.h"
+
+struct item {
+ char *name; /* Name of the option. */
+ char *value; /* Value of the option. */
+ struct item *next; /* Pointer to next option. */
+};
+
+static struct item *list = NULL;
+
+void
+free_getdef_data (void)
+{
+ struct item *ptr;
+
+ ptr = list;
+ while (ptr != NULL)
+ {
+ struct item *tmp;
+ tmp = ptr->next;
+ free (ptr->name);
+ free (ptr->value);
+ free (ptr);
+ ptr = tmp;
+ }
+
+ list = NULL;
+}
+
+/* Add a new entry to the list. */
+static void
+store (const char *name, const char *value)
+{
+ struct item *new = malloc (sizeof (struct item));
+
+ if (new == NULL)
+ abort ();
+
+ if (name == NULL)
+ abort ();
+
+ new->name = strdup (name);
+ new->value = strdup (value ?: "");
+ new->next = list;
+ list = new;
+}
+
+/* Search a special entry in the list and return the value. */
+static const char *
+search (const char *name)
+{
+ struct item *ptr;
+
+ ptr = list;
+ while (ptr != NULL)
+ {
+ if (strcasecmp (name, ptr->name) == 0)
+ return ptr->value;
+ ptr = ptr->next;
+ }
+
+ return NULL;
+}
+
+/* Load the login.defs file (/etc/login.defs). */
+static void
+load_defaults_internal (const char *filename)
+{
+ FILE *fp;
+ char *buf = NULL;
+ size_t buflen = 0;
+
+ fp = fopen (filename, "r");
+ if (NULL == fp)
+ return;
+
+ while (!feof (fp))
+ {
+ char *tmp, *cp;
+#if defined(HAVE_GETLINE)
+ ssize_t n = getline (&buf, &buflen, fp);
+#elif defined (HAVE_GETDELIM)
+ ssize_t n = getdelim (&buf, &buflen, '\n', fp);
+#else
+ ssize_t n;
+
+ if (buf == NULL)
+ {
+ buflen = 8096;
+ buf = malloc (buflen);
+ }
+ buf[0] = '\0';
+ fgets (buf, buflen - 1, fp);
+ if (buf != NULL)
+ n = strlen (buf);
+ else
+ n = 0;
+#endif /* HAVE_GETLINE / HAVE_GETDELIM */
+ cp = buf;
+
+ if (n < 1)
+ break;
+
+ tmp = strchr (cp, '#'); /* remove comments */
+ if (tmp)
+ *tmp = '\0';
+ while (isspace ((unsigned char) *cp)) /* remove spaces and tabs */
+ ++cp;
+ if (*cp == '\0') /* ignore empty lines */
+ continue;
+
+ if (cp[strlen (cp) - 1] == '\n')
+ cp[strlen (cp) - 1] = '\0';
+
+ tmp = strsep (&cp, " \t=");
+ if (cp != NULL)
+ while (isspace ((unsigned char) *cp) || *cp == '=')
+ ++cp;
+
+ store (tmp, cp);
+ }
+ fclose (fp);
+
+ if (buf)
+ free (buf);
+}
+
+static void
+load_defaults (void)
+{
+ load_defaults_internal ("/etc/default/su");
+ load_defaults_internal ("/etc/login.defs");
+}
+
+int
+getdef_bool (const char *name, int dflt)
+{
+ const char *val;
+
+ if (list == NULL)
+ load_defaults ();
+
+ val = search (name);
+
+ if (val == NULL)
+ return dflt;
+
+ return (strcasecmp (val, "yes") == 0);
+}
+
+long
+getdef_num (const char *name, long dflt)
+{
+ const char *val;
+ char *cp;
+ long retval;
+
+ if (list == NULL)
+ load_defaults ();
+
+ val = search (name);
+
+ if (val == NULL)
+ return dflt;
+
+ errno = 0;
+ retval = strtol (val, &cp, 0);
+ if (*cp != '\0'
+ || ((retval == LONG_MAX || retval == LONG_MIN) && errno == ERANGE))
+ {
+ fprintf (stderr,
+ "%s contains invalid numerical value: %s!\n",
+ name, val);
+ retval = dflt;
+ }
+ return retval;
+}
+
+unsigned long
+getdef_unum (const char *name, unsigned long dflt)
+{
+ const char *val;
+ char *cp;
+ unsigned long retval;
+
+ if (list == NULL)
+ load_defaults ();
+
+ val = search (name);
+
+ if (val == NULL)
+ return dflt;
+
+ errno = 0;
+ retval = strtoul (val, &cp, 0);
+ if (*cp != '\0' || (retval == ULONG_MAX && errno == ERANGE))
+ {
+ fprintf (stderr,
+ "%s contains invalid numerical value: %s!\n",
+ name, val);
+ retval = dflt;
+ }
+ return retval;
+}
+
+const char *
+getdef_str (const char *name, const char *dflt)
+{
+ const char *retval;
+
+ if (list == NULL)
+ load_defaults ();
+
+ retval = search (name);
+
+ return retval ?: dflt;
+}
+
+#if defined(TEST)
+
+int
+main ()
+{
+ printf ("CYPT=%s\n", getdef_str ("cRypt", "no"));
+ printf ("LOG_UNKFAIL_ENAB=%s\n", getdef_str ("log_unkfail_enab",""));
+ printf ("DOESNOTEXIST=%s\n", getdef_str ("DOESNOTEXIST","yes"));
+ return 0;
+}
+
+#endif
Index: src/getdef.h
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ src/getdef.h 2012-04-16 13:18:07.714692779 +0200
@@ -0,0 +1,29 @@
+/* Copyright (C) 2003, 2005 Thorsten Kukuk
+ Author: Thorsten Kukuk
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License version 2 or
+ later published by the Free Software Foundation.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation,
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */
+
+#ifndef _GETDEF_H_
+
+#define _GETDEF_H_ 1
+
+extern int getdef_bool (const char *name, int dflt);
+extern long getdef_num (const char *name, long dflt);
+extern unsigned long getdef_unum (const char *name, unsigned long dflt);
+extern const char *getdef_str (const char *name, const char *dflt);
+
+/* Free all data allocated by getdef_* calls before. */
+extern void free_getdef_data (void);
+
+#endif /* _GETDEF_H_ */
Index: src/su.c
===================================================================
--- src/su.c.orig 2012-04-16 13:18:07.706692971 +0200
+++ src/su.c 2012-04-16 13:18:34.630046909 +0200
@@ -111,6 +111,8 @@
# include
#endif
+#include "getdef.h"
+
/* The default PATH for simulated logins to non-superuser accounts. */
#define DEFAULT_LOGIN_PATH "/usr/local/bin:/bin:/usr/bin"
@@ -478,8 +480,8 @@ modify_environment (const struct passwd
xsetenv ("USER", pw->pw_name);
xsetenv ("LOGNAME", pw->pw_name);
xsetenv ("PATH", (pw->pw_uid
- ? DEFAULT_LOGIN_PATH
- : DEFAULT_ROOT_LOGIN_PATH));
+ ? getdef_str ("PATH", DEFAULT_LOGIN_PATH)
+ : getdef_str ("SUPATH", DEFAULT_ROOT_LOGIN_PATH)));
}
else
{
@@ -489,6 +491,12 @@ modify_environment (const struct passwd
{
xsetenv ("HOME", pw->pw_dir);
xsetenv ("SHELL", shell);
+ if (getdef_bool ("ALWAYS_SET_PATH", 0))
+ xsetenv ("PATH", (pw->pw_uid
+ ? getdef_str ("PATH",
+ DEFAULT_LOGIN_PATH)
+ : getdef_str ("SUPATH",
+ DEFAULT_ROOT_LOGIN_PATH)));
if (pw->pw_uid)
{
xsetenv ("USER", pw->pw_name);
@@ -722,6 +730,7 @@ main (int argc, char **argv)
#ifdef SYSLOG_FAILURE
log_su (pw, false);
#endif
+ sleep (getdef_num ("FAIL_DELAY", 1));
error (EXIT_CANCELED, 0, _("incorrect password"));
}
#ifdef SYSLOG_SUCCESS
++++++ coreutils-8.6-log-all-su-attempts.diff ++++++
From f2ea0c33d8c25ee40e7fe7a16d0994c8069bc120 Mon Sep 17 00:00:00 2001
From: Ludwig Nussel
Date: Tue, 17 Aug 2010 13:22:01 +0200
Subject: [PATCH 3/7] log all su attempts
---
src/su.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/src/su.c b/src/su.c
index 1d3d007..2a9e423 100644
--- a/src/su.c
+++ b/src/su.c
@@ -75,6 +75,9 @@
#if HAVE_SYSLOG_H && HAVE_SYSLOG
# include
+# define SYSLOG_SUCCESS 1
+# define SYSLOG_FAILURE 1
+# define SYSLOG_NON_ROOT 1
#else
# undef SYSLOG_SUCCESS
# undef SYSLOG_FAILURE
--
1.7.1
++++++ coreutils-8.6-make-sure-sbin-resp-usr-sbin-are-in-PATH.diff ++++++
From b43728c1f0c7abe90e73369542564d3ad4704963 Mon Sep 17 00:00:00 2001
From: Werner Fink
Date: Tue, 17 Aug 2010 09:09:55 +0200
Subject: [PATCH 6/7] make sure /sbin resp /usr/sbin are in PATH
---
src/su.c | 127 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 127 insertions(+), 0 deletions(-)
Index: src/su.c
===================================================================
--- src/su.c.orig 2012-04-16 13:00:25.489424170 +0200
+++ src/su.c 2012-04-16 13:01:12.161193827 +0200
@@ -458,6 +458,117 @@ correct_password (const struct passwd *p
#endif /* !USE_PAM */
}
+/* Add or clear /sbin and /usr/sbin for the su command
+ used without `-'. */
+
+/* Set if /sbin is found in path. */
+#define SBIN_MASK 0x01
+/* Set if /usr/sbin is found in path. */
+#define USBIN_MASK 0x02
+
+static char *
+addsbin (const char *const path)
+{
+ unsigned char smask = 0;
+ char *ptr, *tmp, *cur, *ret = NULL;
+ size_t len;
+
+ if (!path || *path == 0)
+ return NULL;
+
+ tmp = xstrdup (path);
+ cur = tmp;
+ for (ptr = strsep (&cur, ":"); ptr != NULL; ptr = strsep (&cur, ":"))
+ {
+ if (!strcmp (ptr, "/sbin"))
+ smask |= SBIN_MASK;
+ if (!strcmp (ptr, "/usr/sbin"))
+ smask |= USBIN_MASK;
+ }
+
+ if ((smask & (USBIN_MASK|SBIN_MASK)) == (USBIN_MASK|SBIN_MASK))
+ {
+ free (tmp);
+ return NULL;
+ }
+
+ len = strlen (path);
+ if (!(smask & USBIN_MASK))
+ len += strlen ("/usr/sbin:");
+
+ if (!(smask & SBIN_MASK))
+ len += strlen (":/sbin");
+
+ ret = xmalloc (len + 1);
+ strcpy (tmp, path);
+
+ *ret = 0;
+ cur = tmp;
+ for (ptr = strsep (&cur, ":"); ptr; ptr = strsep (&cur, ":"))
+ {
+ if (!strcmp (ptr, "."))
+ continue;
+ if (*ret)
+ strcat (ret, ":");
+ if (!(smask & USBIN_MASK) && !strcmp (ptr, "/bin"))
+ {
+ strcat (ret, "/usr/sbin:");
+ strcat (ret, ptr);
+ smask |= USBIN_MASK;
+ continue;
+ }
+ if (!(smask & SBIN_MASK) && !strcmp (ptr, "/usr/bin"))
+ {
+ strcat (ret, ptr);
+ strcat (ret, ":/sbin");
+ smask |= SBIN_MASK;
+ continue;
+ }
+ strcat (ret, ptr);
+ }
+ free (tmp);
+
+ if (!(smask & USBIN_MASK))
+ strcat (ret, ":/usr/sbin");
+
+ if (!(smask & SBIN_MASK))
+ strcat (ret, ":/sbin");
+
+ return ret;
+}
+
+static char *
+clearsbin (const char *const path)
+{
+ char *ptr, *tmp, *cur, *ret = NULL;
+
+ if (!path || *path == 0)
+ return NULL;
+
+ tmp = strdup (path);
+ if (!tmp)
+ return NULL;
+
+ ret = xmalloc (strlen (path) + 1);
+ *ret = 0;
+ cur = tmp;
+ for (ptr = strsep (&cur, ":"); ptr; ptr = strsep (&cur, ":"))
+ {
+ if (!strcmp (ptr, "/sbin"))
+ continue;
+ if (!strcmp (ptr, "/usr/sbin"))
+ continue;
+ if (!strcmp (ptr, "/usr/local/sbin"))
+ continue;
+ if (*ret)
+ strcat (ret, ":");
+ strcat (ret, ptr);
+ }
+ free (tmp);
+
+ return ret;
+}
+
/* Update 'environ' for the new shell based on PW, with SHELL being
the value for the SHELL environment variable. */
@@ -497,6 +608,22 @@ modify_environment (const struct passwd
DEFAULT_LOGIN_PATH)
: getdef_str ("SUPATH",
DEFAULT_ROOT_LOGIN_PATH)));
+ else
+ {
+ char const *path = getenv ("PATH");
+ char *new = NULL;
+
+ if (pw->pw_uid)
+ new = clearsbin (path);
+ else
+ new = addsbin (path);
+
+ if (new)
+ {
+ xsetenv ("PATH", new);
+ free (new);
+ }
+ }
if (pw->pw_uid)
{
xsetenv ("USER", pw->pw_name);
++++++ coreutils-8.6-pam-support-for-su.diff ++++++
From 8b1e75c55ea6be5c8639c98b73ecfa0cf15226ce Mon Sep 17 00:00:00 2001
From: Ludwig Nussel
Date: Tue, 17 Aug 2010 13:21:44 +0200
Subject: [PATCH 1/7] pam support for su
---
configure.ac | 14 +++
src/Makefile.am | 4 +-
src/su.c | 266 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-
3 files changed, 278 insertions(+), 6 deletions(-)
Index: configure.ac
===================================================================
--- configure.ac.orig 2012-03-24 19:22:13.000000000 +0100
+++ configure.ac 2012-04-16 12:59:28.737919405 +0200
@@ -185,6 +185,20 @@ fi
AC_FUNC_FORK
+AC_ARG_ENABLE(pam, AS_HELP_STRING([--disable-pam],
+ [Enable PAM support in su (default=auto)]), , [enable_pam=yes])
+if test "x$enable_pam" != xno; then
+ AC_CHECK_LIB([pam], [pam_start], [enable_pam=yes], [enable_pam=no])
+ AC_CHECK_LIB([pam_misc], [misc_conv], [:], [enable_pam=no])
+ if test "x$enable_pam" != xno; then
+ AC_DEFINE(USE_PAM, 1, [Define if you want to use PAM])
+ PAM_LIBS="-lpam -lpam_misc"
+ AC_SUBST(PAM_LIBS)
+ fi
+fi
+AC_MSG_CHECKING([whether to enable PAM support in su])
+AC_MSG_RESULT([$enable_pam])
+
optional_bin_progs=
AC_CHECK_FUNCS([chroot],
gl_ADD_PROG([optional_bin_progs], [chroot]))
Index: src/Makefile.am
===================================================================
--- src/Makefile.am.orig 2012-03-24 19:22:13.000000000 +0100
+++ src/Makefile.am 2012-04-16 12:59:28.737919405 +0200
@@ -357,8 +357,8 @@ factor_LDADD += $(LIB_GMP)
# for getloadavg
uptime_LDADD += $(GETLOADAVG_LIBS)
-# for crypt
-su_LDADD += $(LIB_CRYPT)
+# for crypt and pam
+su_LDADD += $(LIB_CRYPT) $(PAM_LIBS)
# for various ACL functions
copy_LDADD += $(LIB_ACL)
Index: src/su.c
===================================================================
--- src/su.c.orig 2012-03-24 19:22:13.000000000 +0100
+++ src/su.c 2012-04-16 13:00:06.496924665 +0200
@@ -37,6 +37,16 @@
restricts who can su to UID 0 accounts. RMS considers that to
be fascist.
+#ifdef USE_PAM
+
+ Actually, with PAM, su has nothing to do with whether or not a
+ wheel group is enforced by su. RMS tries to restrict your access
+ to a su which implements the wheel group, but PAM considers that
+ to be fascist, and gives the user/sysadmin the opportunity to
+ enforce a wheel group by proper editing of /etc/pam.d/su
+
+#endif
+
Compile-time options:
-DSYSLOG_SUCCESS Log successful su's (by default, to root) with syslog.
-DSYSLOG_FAILURE Log failed su's (by default, to root) with syslog.
@@ -52,6 +62,13 @@
#include
#include
#include
+#ifdef USE_PAM
+#include
+#include
+#include
+#include
+#include
+#endif
#include "system.h"
#include "getpass.h"
@@ -111,7 +128,9 @@
/* The user to become if none is specified. */
#define DEFAULT_USER "root"
+#ifndef USE_PAM
char *crypt (char const *key, char const *salt);
+#endif
static void run_shell (char const *, char const *, char **, size_t)
ATTRIBUTE_NORETURN;
@@ -125,6 +144,11 @@ static bool simulate_login;
/* If true, change some environment vars to indicate the user su'd to. */
static bool change_environment;
+#ifdef USE_PAM
+static bool _pam_session_opened;
+static bool _pam_cred_established;
+#endif
+
static struct option const longopts[] =
{
{"command", required_argument, NULL, 'c'},
@@ -203,7 +227,164 @@ log_su (struct passwd const *pw, bool su
}
#endif
+#ifdef USE_PAM
+#define PAM_SERVICE_NAME PROGRAM_NAME
+#define PAM_SERVICE_NAME_L PROGRAM_NAME "-l"
+static sig_atomic_t volatile caught_signal = false;
+static pam_handle_t *pamh = NULL;
+static int retval;
+static struct pam_conv conv =
+{
+ misc_conv,
+ NULL
+};
+
+#define PAM_BAIL_P(a) \
+ if (retval) \
+ { \
+ pam_end (pamh, retval); \
+ a; \
+ }
+
+static void
+cleanup_pam (int retcode)
+{
+ if (_pam_session_opened)
+ pam_close_session (pamh, 0);
+
+ if (_pam_cred_established)
+ pam_setcred (pamh, PAM_DELETE_CRED | PAM_SILENT);
+
+ pam_end(pamh, retcode);
+}
+
+/* Signal handler for parent process. */
+static void
+su_catch_sig (int sig)
+{
+ caught_signal = true;
+}
+
+/* Export env variables declared by PAM modules. */
+static void
+export_pamenv (void)
+{
+ char **env;
+
+ /* This is a copy but don't care to free as we exec later anyways. */
+ env = pam_getenvlist (pamh);
+ while (env && *env)
+ {
+ if (putenv (*env) != 0)
+ xalloc_die ();
+ env++;
+ }
+}
+
+static void
+create_watching_parent (void)
+{
+ pid_t child;
+ sigset_t ourset;
+ int status = 0;
+
+ retval = pam_open_session (pamh, 0);
+ if (retval != PAM_SUCCESS)
+ {
+ cleanup_pam (retval);
+ error (EXIT_FAILURE, 0, _("cannot not open session: %s"),
+ pam_strerror (pamh, retval));
+ }
+ else
+ _pam_session_opened = 1;
+
+ child = fork ();
+ if (child == (pid_t) -1)
+ {
+ cleanup_pam (PAM_ABORT);
+ error (EXIT_FAILURE, errno, _("cannot create child process"));
+ }
+
+ /* the child proceeds to run the shell */
+ if (child == 0)
+ return;
+
+ /* In the parent watch the child. */
+
+ /* su without pam support does not have a helper that keeps
+ sitting on any directory so let's go to /. */
+ if (chdir ("/") != 0)
+ error (0, errno, _("warning: cannot change directory to %s"), "/");
+
+ sigfillset (&ourset);
+ if (sigprocmask (SIG_BLOCK, &ourset, NULL))
+ {
+ error (0, errno, _("cannot block signals"));
+ caught_signal = true;
+ }
+ if (!caught_signal)
+ {
+ struct sigaction action;
+ action.sa_handler = su_catch_sig;
+ sigemptyset (&action.sa_mask);
+ action.sa_flags = 0;
+ sigemptyset (&ourset);
+ if (sigaddset (&ourset, SIGTERM)
+ || sigaddset (&ourset, SIGALRM)
+ || sigaction (SIGTERM, &action, NULL)
+ || sigprocmask (SIG_UNBLOCK, &ourset, NULL))
+ {
+ error (0, errno, _("cannot set signal handler"));
+ caught_signal = true;
+ }
+ }
+ if (!caught_signal)
+ {
+ pid_t pid;
+ for (;;)
+ {
+ pid = waitpid (child, &status, WUNTRACED);
+
+ if (pid != (pid_t)-1 && WIFSTOPPED (status))
+ {
+ kill (getpid (), SIGSTOP);
+ /* once we get here, we must have resumed */
+ kill (pid, SIGCONT);
+ }
+ else
+ break;
+ }
+ if (pid != (pid_t)-1)
+ if (WIFSIGNALED (status))
+ status = WTERMSIG (status) + 128;
+ else
+ status = WEXITSTATUS (status);
+ else
+ status = 1;
+ }
+ else
+ status = 1;
+
+ if (caught_signal)
+ {
+ fprintf (stderr, _("\nSession terminated, killing shell..."));
+ kill (child, SIGTERM);
+ }
+
+ cleanup_pam (PAM_SUCCESS);
+
+ if (caught_signal)
+ {
+ sleep (2);
+ kill (child, SIGKILL);
+ fprintf (stderr, _(" ...killed.\n"));
+ }
+ exit (status);
+}
+#endif
+
/* Ask the user for a password.
+ If PAM is in use, let PAM ask for the password if necessary.
Return true if the user gives the correct password for entry PW,
false if not. Return true without asking for a password if run by UID 0
or if PW has an empty password. */
@@ -211,10 +392,52 @@ log_su (struct passwd const *pw, bool su
static bool
correct_password (const struct passwd *pw)
{
+#ifdef USE_PAM
+ const struct passwd *lpw;
+ const char *cp;
+
+ retval = pam_start (simulate_login ? PAM_SERVICE_NAME_L : PAM_SERVICE_NAME,
+ pw->pw_name, &conv, &pamh);
+ PAM_BAIL_P (return false);
+
+ if (isatty (0) && (cp = ttyname (0)) != NULL)
+ {
+ const char *tty;
+
+ if (strncmp (cp, "/dev/", 5) == 0)
+ tty = cp + 5;
+ else
+ tty = cp;
+ retval = pam_set_item (pamh, PAM_TTY, tty);
+ PAM_BAIL_P (return false);
+ }
+#if 0 /* Manpage discourages use of getlogin. */
+ cp = getlogin ();
+ if (!(cp && *cp && (lpw = getpwnam (cp)) != NULL && lpw->pw_uid == getuid ()))
+#endif
+ lpw = getpwuid (getuid ());
+ if (lpw && lpw->pw_name)
+ {
+ retval = pam_set_item (pamh, PAM_RUSER, (const void *) lpw->pw_name);
+ PAM_BAIL_P (return false);
+ }
+ retval = pam_authenticate (pamh, 0);
+ PAM_BAIL_P (return false);
+ retval = pam_acct_mgmt (pamh, 0);
+ if (retval == PAM_NEW_AUTHTOK_REQD)
+ {
+ /* Password has expired. Offer option to change it. */
+ retval = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
+ PAM_BAIL_P (return false);
+ }
+ PAM_BAIL_P (return false);
+ /* Must be authenticated if this point was reached. */
+ return true;
+#else /* !USE_PAM */
char *unencrypted, *encrypted, *correct;
#if HAVE_GETSPNAM && HAVE_STRUCT_SPWD_SP_PWDP
/* Shadow passwd stuff for SVR3 and maybe other systems. */
- struct spwd *sp = getspnam (pw->pw_name);
+ const struct spwd *sp = getspnam (pw->pw_name);
endspent ();
if (sp)
@@ -235,6 +458,7 @@ correct_password (const struct passwd *p
encrypted = crypt (unencrypted, correct);
memset (unencrypted, 0, strlen (unencrypted));
return STREQ (encrypted, correct);
+#endif /* !USE_PAM */
}
/* Update 'environ' for the new shell based on PW, with SHELL being
@@ -277,19 +501,41 @@ modify_environment (const struct passwd
}
}
}
+
+#ifdef USE_PAM
+ export_pamenv ();
+#endif
}
/* Become the user and group(s) specified by PW. */
static void
-change_identity (const struct passwd *pw)
+init_groups (const struct passwd *pw)
{
#ifdef HAVE_INITGROUPS
errno = 0;
if (initgroups (pw->pw_name, pw->pw_gid) == -1)
- error (EXIT_CANCELED, errno, _("cannot set groups"));
+ {
+#ifdef USE_PAM
+ cleanup_pam (PAM_ABORT);
+#endif
+ error (EXIT_FAILURE, errno, _("cannot set groups"));
+ }
endgrent ();
#endif
+
+#ifdef USE_PAM
+ retval = pam_setcred (pamh, PAM_ESTABLISH_CRED);
+ if (retval != PAM_SUCCESS)
+ error (EXIT_FAILURE, 0, "%s", pam_strerror (pamh, retval));
+ else
+ _pam_cred_established = 1;
+#endif
+}
+
+static void
+change_identity (const struct passwd *pw)
+{
if (setgid (pw->pw_gid))
error (EXIT_CANCELED, errno, _("cannot set group id"));
if (setuid (pw->pw_uid))
@@ -502,9 +748,21 @@ main (int argc, char **argv)
shell = NULL;
}
shell = xstrdup (shell ? shell : pw->pw_shell);
- modify_environment (pw, shell);
+
+ init_groups (pw);
+
+#ifdef USE_PAM
+ create_watching_parent ();
+ /* Now we're in the child. */
+#endif
change_identity (pw);
+
+ /* Set environment after pam_open_session, which may put KRB5CCNAME
+ into the pam_env, etc. */
+
+ modify_environment (pw, shell);
+
if (simulate_login && chdir (pw->pw_dir) != 0)
error (0, errno, _("warning: cannot change directory to %s"), pw->pw_dir);
++++++ coreutils-8.6-set-sane-default-path.diff ++++++
From 3c13edc2b9aeab8f24e60a62ab5e8a8db554486f Mon Sep 17 00:00:00 2001
From: Ludwig Nussel
Date: Mon, 9 Aug 2010 16:02:30 +0200
Subject: [PATCH 4/7] set sane default path
---
src/su.c | 12 ++----------
1 files changed, 2 insertions(+), 10 deletions(-)
diff --git a/src/su.c b/src/su.c
index 2a9e423..0071622 100644
--- a/src/su.c
+++ b/src/su.c
@@ -112,18 +112,10 @@
#endif
/* The default PATH for simulated logins to non-superuser accounts. */
-#ifdef _PATH_DEFPATH
-# define DEFAULT_LOGIN_PATH _PATH_DEFPATH
-#else
-# define DEFAULT_LOGIN_PATH ":/usr/ucb:/bin:/usr/bin"
-#endif
+#define DEFAULT_LOGIN_PATH "/usr/local/bin:/bin:/usr/bin"
/* The default PATH for simulated logins to superuser accounts. */
-#ifdef _PATH_DEFPATH_ROOT
-# define DEFAULT_ROOT_LOGIN_PATH _PATH_DEFPATH_ROOT
-#else
-# define DEFAULT_ROOT_LOGIN_PATH "/usr/ucb:/bin:/usr/bin:/etc"
-#endif
+#define DEFAULT_ROOT_LOGIN_PATH "/usr/sbin:/bin:/usr/bin:/sbin"
/* The shell to run if none is given in the user's passwd entry. */
#define DEFAULT_SHELL "/bin/sh"
--
1.7.1
++++++ coreutils-8.6-update-man-page-for-pam.diff ++++++
From 13ed7b537ae655c6d67965f1486aa2e3b181e574 Mon Sep 17 00:00:00 2001
From: Ludwig Nussel
Date: Tue, 17 Aug 2010 08:59:35 +0200
Subject: [PATCH 2/7] update man page for pam
---
doc/coreutils.texi | 34 +++++-----------------------------
1 files changed, 5 insertions(+), 29 deletions(-)
Index: doc/coreutils.texi
===================================================================
--- doc/coreutils.texi.orig 2012-04-16 13:18:07.651694291 +0200
+++ doc/coreutils.texi 2012-04-16 13:18:14.825522204 +0200
@@ -15796,8 +15796,11 @@ to certain shells, etc.).
@findex syslog
@command{su} can optionally be compiled to use @code{syslog} to report
failed, and optionally successful, @command{su} attempts. (If the system
-supports @code{syslog}.) However, GNU @command{su} does not check if the
-user is a member of the @code{wheel} group; see below.
+supports @code{syslog}.)
+
+This version of @command{su} has support for using PAM for
+authentication. You can edit @file{/etc/pam.d/su} resp @file{/etc/pam.d/su-l}
+to customize its behaviour.
The program accepts the following options. Also see @ref{Common options}.
@@ -15878,33 +15881,6 @@ Exit status:
the exit status of the subshell otherwise
@end display
-@cindex wheel group, not supported
-@cindex group wheel, not supported
-@cindex fascism
-@subsection Why GNU @command{su} does not support the @samp{wheel} group
-
-(This section is by Richard Stallman.)
-
-@cindex Twenex
-@cindex MIT AI lab
-Sometimes a few of the users try to hold total power over all the
-rest. For example, in 1984, a few users at the MIT AI lab decided to
-seize power by changing the operator password on the Twenex system and
-keeping it secret from everyone else. (I was able to thwart this coup
-and give power back to the users by patching the kernel, but I
-wouldn't know how to do that in Unix.)
-
-However, occasionally the rulers do tell someone. Under the usual
-@command{su} mechanism, once someone learns the root password who
-sympathizes with the ordinary users, he or she can tell the rest. The
-``wheel group'' feature would make this impossible, and thus cement the
-power of the rulers.
-
-I'm on the side of the masses, not that of the rulers. If you are
-used to supporting the bosses and sysadmins in whatever they do, you
-might find this idea strange at first.
-
-
@node timeout invocation
@section @command{timeout}: Run a command with a time limit
++++++ coreutils-8.9-singlethreaded-sort.patch ++++++
Index: src/sort.c
===================================================================
--- src/sort.c.orig
+++ src/sort.c
@@ -5288,7 +5288,11 @@ main (int argc, char **argv)
{
if (!nthreads)
{
- unsigned long int np = num_processors (NPROC_CURRENT_OVERRIDABLE);
+ unsigned long int np;
+ if (getenv("OMP_NUM_THREADS"))
+ np = num_processors (NPROC_CURRENT_OVERRIDABLE);
+ else
+ np = 1;
nthreads = MIN (np, DEFAULT_MAX_THREADS);
}
++++++ coreutils-acl-nofollow.patch ++++++
commit 95f7c57ff4090a5dee062044d2c7b99879077808
Author: Kamil Dudka
Date: Fri Jul 22 14:48:42 2011 +0200
file-has-acl: use acl_extended_file_nofollow if available
* lib/acl-internal.h (HAVE_ACL_EXTENDED_FILE): New macro.
(acl_extended_file): New macro.
* lib/file-has-acl.c (file_has_acl): Use acl_extended_file_nofollow.
* m4/acl.m4 (gl_FUNC_ACL): Check for acl_extended_file_nofollow.
This addresses http://bugzilla.redhat.com/692823.
Index: lib/acl-internal.h
===================================================================
--- lib/acl-internal.h.orig 2012-03-09 08:31:00.000000000 +0100
+++ lib/acl-internal.h 2012-04-16 13:17:12.470016537 +0200
@@ -142,6 +142,12 @@ rpl_acl_set_fd (int fd, acl_t acl)
# endif
/* Linux-specific */
+# ifndef HAVE_ACL_EXTENDED_FILE_NOFOLLOW
+# define HAVE_ACL_EXTENDED_FILE_NOFOLLOW false
+# define acl_extended_file_nofollow(name) (-1)
+# endif
+
+/* Linux-specific */
# ifndef HAVE_ACL_FROM_MODE
# define HAVE_ACL_FROM_MODE false
# define acl_from_mode(mode) (NULL)
Index: lib/file-has-acl.c
===================================================================
--- lib/file-has-acl.c.orig 2012-03-09 08:31:00.000000000 +0100
+++ lib/file-has-acl.c 2012-04-16 13:17:12.471016513 +0200
@@ -492,12 +492,20 @@ file_has_acl (char const *name, struct s
/* Linux, FreeBSD, MacOS X, IRIX, Tru64 */
int ret;
- if (HAVE_ACL_EXTENDED_FILE) /* Linux */
+ if (HAVE_ACL_EXTENDED_FILE || HAVE_ACL_EXTENDED_FILE_NOFOLLOW) /* Linux */
{
+# if HAVE_ACL_EXTENDED_FILE_NOFOLLOW
+ /* acl_extended_file_nofollow() uses lgetxattr() in order to prevent
+ unnecessary mounts, but it returns the same result as we already
+ know that NAME is not a symbolic link at this point (modulo the
+ TOCTTOU race condition). */
+ ret = acl_extended_file_nofollow (name);
+# else
/* On Linux, acl_extended_file is an optimized function: It only
makes two calls to getxattr(), one for ACL_TYPE_ACCESS, one for
ACL_TYPE_DEFAULT. */
ret = acl_extended_file (name);
+# endif
}
else /* FreeBSD, MacOS X, IRIX, Tru64 */
{
Index: m4/acl.m4
===================================================================
--- m4/acl.m4.orig 2012-01-06 10:14:31.000000000 +0100
+++ m4/acl.m4 2012-04-16 13:17:12.471016513 +0200
@@ -33,7 +33,7 @@ AC_DEFUN([gl_FUNC_ACL],
AC_CHECK_FUNCS(
[acl_get_file acl_get_fd acl_set_file acl_set_fd \
acl_free acl_from_mode acl_from_text \
- acl_delete_def_file acl_extended_file \
+ acl_delete_def_file acl_extended_file acl_extended_file_nofollow \
acl_delete_fd_np acl_delete_file_np \
acl_copy_ext_native acl_create_entry_np \
acl_to_short_text acl_free_text])
Index: ChangeLog
===================================================================
--- ChangeLog.orig 2012-03-26 14:15:03.000000000 +0200
+++ ChangeLog 2012-04-16 13:17:12.474016441 +0200
@@ -2815,6 +2815,14 @@
MacOS X 10.7 has an fdatasync that is not declared, and is rumored to
be ineffective. (Bug#9141)
+2011-07-22 Kamil Dudka
+
+ file-has-acl: use acl_extended_file_nofollow if available
+ * lib/acl-internal.h (HAVE_ACL_EXTENDED_FILE): New macro.
+ (acl_extended_file): New macro.
+ * lib/file-has-acl.c (file_has_acl): Use acl_extended_file_nofollow.
+ * m4/acl.m4 (gl_FUNC_ACL): Check for acl_extended_file_nofollow.
+
2011-07-20 Mike Frysinger
dircolors: add screen.Eterm terminal type
++++++ coreutils-basename_documentation.patch ++++++
Index: doc/coreutils.texi
===================================================================
--- doc/coreutils.texi.orig 2012-04-16 13:12:04.624344318 +0200
+++ doc/coreutils.texi 2012-04-16 13:13:08.231837183 +0200
@@ -12447,6 +12447,16 @@ This section describes commands that man
@command{basename} removes any leading directory components from
@var{name}. Synopsis:
+@table @samp
+
+@item -z
+@itemx --zero
+@opindex -z
+@opindex --zero
+Separate output items with @sc{nul} characters.
+
+@end table
+
@example
basename @var{name} [@var{suffix}]
basename @var{option}... @var{name}...
++++++ coreutils-bnc#697897-setsid.patch ++++++
Index: doc/coreutils.info
===================================================================
--- doc/coreutils.info.orig 2012-03-26 14:08:30.000000000 +0200
+++ doc/coreutils.info 2012-04-18 11:17:09.917545246 +0200
@@ -12788,6 +12788,10 @@ and optionally successful, `su' attempts
`syslog'.) However, GNU `su' does not check if the user is a member of
the `wheel' group; see below.
+ If the environment variable SU_COMMAND_SAME_SESSION is set, su will
+not open a new session for running a command thus making -c behaves just
+like -C.
+
The program accepts the following options. Also see *note Common
options::.
@@ -12796,6 +12800,12 @@ options::.
Pass COMMAND, a single command line to run, to the shell with a
`-c' option instead of starting an interactive shell.
+`-C COMMAND'
+`--session-command=COMMAND'
+ Pass COMMAND, a single command line to run, to the shell with a
+ `-c' option instead of starting an interactive and do not create
+ a new session for it.
+
`-f'
`--fast'
Pass the `-f' option to the shell. This probably only makes sense
Index: src/su.c
===================================================================
--- src/su.c.orig 2012-04-18 11:17:09.856546407 +0200
+++ src/su.c 2012-04-18 11:17:09.917545246 +0200
@@ -141,6 +141,9 @@ static bool simulate_login;
/* If true, change some environment vars to indicate the user su'd to. */
static bool change_environment;
+/* If true, then don't call setsid() with a command. */
+int same_session = 0;
+
#ifdef USE_PAM
static bool _pam_session_opened;
static bool _pam_cred_established;
@@ -149,6 +152,7 @@ static bool _pam_cred_established;
static struct option const longopts[] =
{
{"command", required_argument, NULL, 'c'},
+ {"session-command", required_argument, NULL, 'C'},
{"fast", no_argument, NULL, 'f'},
{"login", no_argument, NULL, 'l'},
{"preserve-environment", no_argument, NULL, 'p'},
@@ -326,14 +330,29 @@ create_watching_parent (void)
sigemptyset (&action.sa_mask);
action.sa_flags = 0;
sigemptyset (&ourset);
- if (sigaddset (&ourset, SIGTERM)
- || sigaddset (&ourset, SIGALRM)
- || sigaction (SIGTERM, &action, NULL)
- || sigprocmask (SIG_UNBLOCK, &ourset, NULL))
- {
+
+ if (!same_session)
+ {
+ if (sigaddset(&ourset, SIGINT) || sigaddset(&ourset, SIGQUIT))
+ {
+ error (0, errno, _("cannot set signal handler"));
+ caught_signal = true;
+ }
+ }
+ if (!caught_signal && (sigaddset(&ourset, SIGTERM)
+ || sigaddset(&ourset, SIGALRM)
+ || sigaction(SIGTERM, &action, NULL)
+ || sigprocmask(SIG_UNBLOCK, &ourset, NULL)))
+ {
error (0, errno, _("cannot set signal handler"));
caught_signal = true;
}
+ if (!caught_signal && !same_session && (sigaction(SIGINT, &action, NULL)
+ || sigaction(SIGQUIT, &action, NULL)))
+ {
+ error (0, errno, _("cannot set signal handler"));
+ caught_signal = true;
+ }
}
if (!caught_signal)
{
@@ -750,6 +769,8 @@ Change the effective user id and group i
\n\
-, -l, --login make the shell a login shell\n\
-c, --command=COMMAND pass a single COMMAND to the shell with -c\n\
+ --session-command=COMMAND pass a single COMMAND to the shell with -c\n\
+ and do not create a new session\n\
-f, --fast pass -f to the shell (for csh or tcsh)\n\
-m, --preserve-environment do not reset environment variables\n\
-p same as -m\n\
@@ -772,6 +793,7 @@ main (int argc, char **argv)
int optc;
const char *new_user = DEFAULT_USER;
char *command = NULL;
+ int request_same_session = 0;
char *shell = NULL;
struct passwd *pw;
struct passwd pw_copy;
@@ -795,6 +817,14 @@ main (int argc, char **argv)
{
case 'c':
command = optarg;
+ if (NULL != getenv ("SU_COMMAND_SAME_SESSION") ||
+ NULL != getenv ("SU_COMMAND_OPENS_SESSION"))
+ request_same_session = 1;
+ break;
+
+ case 'C':
+ command = optarg;
+ request_same_session = 1;
break;
case 'f':
@@ -867,6 +897,9 @@ main (int argc, char **argv)
}
#endif
+ if (request_same_session || !command || !pw->pw_uid)
+ same_session = 1;
+
if (!shell && !change_environment)
shell = getenv ("SHELL");
if (shell && getuid () != 0 && restricted_shell (pw->pw_shell))
@@ -889,6 +922,9 @@ main (int argc, char **argv)
change_identity (pw);
+ if (!same_session)
+ setsid ();
+
/* Set environment after pam_open_session, which may put KRB5CCNAME
into the pam_env, etc. */
++++++ coreutils-cp-corrupt-fragmented-sparse.patch ++++++
commit 64aef5fb9afecc023a6e719da161dbbf450908b8
Author: Jim Meyering
Date: Tue Oct 16 17:43:49 2012 +0200
cp: avoid data-corrupting free-memory-read
NEWS entry:
cp could read from freed memory and could even make corrupt copies.
This could happen with a very fragmented and sparse input file,
on GNU/Linux file systems supporting fiemap extent scanning.
This bug also affects mv when it resorts to copying, and install.
[bug introduced in coreutils-8.11]
* src/extent-scan.c (extent_scan_read): Reset our last_ei
pointer whenever the parent buffer might have just been freed.
* tests/cp/fiemap-extent-FMR.sh: New test.
* tests/local.mk (all_tests): Add it.
* NEWS (Bug fixes): Mention it.
Reported by Mike Gerth in http://bugs.gnu.org/12656, and with
help from Alan Curry. Bug introduced in commit v8.10-60-g18f5a85.
Index: src/extent-scan.c
===================================================================
--- src/extent-scan.c.orig
+++ src/extent-scan.c
@@ -89,7 +89,7 @@ extern bool
extent_scan_read (struct extent_scan *scan)
{
unsigned int si = 0;
- struct extent_info *last_ei IF_LINT ( = scan->ext_info);
+ struct extent_info *last_ei = scan->ext_info;
while (true)
{
@@ -127,8 +127,14 @@ extent_scan_read (struct extent_scan *sc
assert (scan->ei_count <= SIZE_MAX - fiemap->fm_mapped_extents);
scan->ei_count += fiemap->fm_mapped_extents;
- scan->ext_info = xnrealloc (scan->ext_info, scan->ei_count,
- sizeof (struct extent_info));
+ {
+ /* last_ei points into a buffer that may be freed via xnrealloc.
+ Record its offset and adjust after allocation. */
+ size_t prev_idx = last_ei - scan->ext_info;
+ scan->ext_info = xnrealloc (scan->ext_info, scan->ei_count,
+ sizeof (struct extent_info));
+ last_ei = scan->ext_info + prev_idx;
+ }
unsigned int i = 0;
for (i = 0; i < fiemap->fm_mapped_extents; i++)
Index: tests/cp/fiemap-FMR
===================================================================
--- /dev/null
+++ tests/cp/fiemap-FMR
@@ -0,0 +1,31 @@
+#!/bin/sh
+# Trigger a free-memory read bug in cp from coreutils-[8.11..8.19]
+
+# Copyright (C) 2012 Free Software Foundation, Inc.
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see http://www.gnu.org/licenses/.
+
+. "${srcdir=.}/init.sh"; path_prepend_ ./src
+print_ver_ cp
+
+require_valgrind_
+require_perl_
+: ${PERL=perl}
+
+$PERL -e 'for (1..600) { sysseek (*STDOUT, 4096, 1)' \
+ -e '&& syswrite (*STDOUT, "a" x 1024) or die "$!"}' > j || fail=1
+valgrind --quiet --error-exitcode=3 cp j j2 || fail=1
+cmp j j2 || fail=1
+
+Exit $fail
Index: tests/Makefile.am
===================================================================
--- tests/Makefile.am.orig
+++ tests/Makefile.am
@@ -339,6 +339,7 @@ TESTS = \
cp/existing-perm-race \
cp/fail-perm \
cp/fiemap-empty \
+ cp/fiemap-FMR \
cp/fiemap-perf \
cp/fiemap-2 \
cp/file-perm-race \
++++++ coreutils-getaddrinfo.patch ++++++
Index: gnulib-tests/test-getaddrinfo.c
===================================================================
--- gnulib-tests/test-getaddrinfo.c.orig 2012-04-16 13:18:02.424819645 +0200
+++ gnulib-tests/test-getaddrinfo.c 2012-04-16 13:18:07.737692228 +0200
@@ -86,11 +86,7 @@ simple (char const *host, char const *se
the test merely because someone is down the country on their
in-law's farm. */
if (res == EAI_AGAIN)
- {
- skip++;
- fprintf (stderr, "skipping getaddrinfo test: no network?\n");
- return 77;
- }
+ return 0;
/* IRIX reports EAI_NONAME for "https". Don't fail the test
merely because of this. */
if (res == EAI_NONAME)
++++++ coreutils-gl_printf_safe.patch ++++++
Index: m4/gnulib-comp.m4
===================================================================
--- m4/gnulib-comp.m4.orig 2012-03-20 23:34:39.000000000 +0100
+++ m4/gnulib-comp.m4 2012-04-16 12:57:23.373219154 +0200
@@ -1584,7 +1584,6 @@ gl_POSIXTM
gl_POSIXVER
gl_FUNC_PRINTF_FREXP
gl_FUNC_PRINTF_FREXPL
-m4_divert_text([INIT_PREPARE], [gl_printf_safe=yes])
gl_PRIV_SET
AC_CHECK_DECLS([program_invocation_name], [], [], [#include ])
AC_CHECK_DECLS([program_invocation_short_name], [], [], [#include ])
++++++ coreutils-i18n-infloop.patch ++++++
Index: src/sort.c
===================================================================
--- src/sort.c.orig 2012-04-16 13:23:11.726363043 +0200
+++ src/sort.c 2012-04-16 13:23:20.474151036 +0200
@@ -3161,7 +3161,8 @@ keycompare_mb (const struct line *a, con
if (MBLENGTH == (size_t)-2 || MBLENGTH == (size_t)-1) \
STATE = state_bak; \
if (!ignore) \
- COPY[NEW_LEN++] = TEXT[i++]; \
+ COPY[NEW_LEN++] = TEXT[i]; \
+ i++; \
continue; \
} \
\
++++++ coreutils-i18n-no-alloca.patch ++++++
From: Bernhard Voelker
Subject: sort, join, uniq: avoid segmentation fault with long input lines
The i18n patches used to make use of the alloca function which cannot
guarantee success, and the result can not be tested for success/failure.
From `man alloca`:
"If the allocation causes stack overflow, program behavior is undefined."
Simply replace all uses of alloca by xmalloc.
- Avoid segmentation fault in "join -i" with long line input
(bnc#798541, VUL-1)
Test case:
$ perl -e 'print "1","A"x50000000,"\r\n\r\n"' > /tmp/test.txt
$ join -i /tmp/test.txt /tmp/test.txt
* src/join.c: Instead of usig unreliable alloca() stack allocation,
use heap allocation via xmalloc()+free().
(coreutils-i18n.patch, from Philipp Thomas )
- Avoid segmentation fault in "sort -d" and "sort -M" with long line input
(bnc#798538, VUL-1)
Test cases:
$ perl -e 'print "1","A"x50000000,"\r\n\r\n"' | sort -d
$ perl -e 'print "1","A"x50000000,"\r\n\r\n"' | sort -M
* src/sort.c: Instead of usig unreliable alloca() stack allocation,
use heap allocation via xmalloc()+free().
(coreutils-i18n.patch, from Philipp Thomas )
- Avoid segmentation fault in "uniq" with long line input
(bnc#796243, VUL-1)
Test case:
$ perl -e 'print "1","\0"x50000000,"\r\n\r\n"' | uniq
* src/cut.c: Instead of usig unreliable alloca() stack allocation,
use heap allocation via xmalloc()+free().
(coreutils-i18n.patch)
---
src/join.c | 21 ++++++++++++++++++---
src/sort.c | 13 +++++++++----
src/uniq.c | 16 ++++++++++++----
3 files changed, 39 insertions(+), 11 deletions(-)
Index: src/join.c
===================================================================
--- src/join.c.orig
+++ src/join.c
@@ -477,6 +477,7 @@ keycmp (struct line const *line1, struct
size_t len[2]; /* Length of fields to compare. */
int diff;
int i, j;
+ int mallocd = 0;
if (jf_1 < line1->nfields)
{
@@ -518,7 +519,8 @@ keycmp (struct line const *line1, struct
for (i = 0; i < 2; i++)
{
- copy[i] = alloca (len[i] + 1);
+ mallocd = 1;
+ copy[i] = xmalloc (len[i] + 1);
for (j = 0; j < MIN (len[0], len[1]);)
{
@@ -558,7 +560,8 @@ keycmp (struct line const *line1, struct
{
for (i = 0; i < 2; i++)
{
- copy[i] = alloca (len[i] + 1);
+ mallocd = 1;
+ copy[i] = xmalloc (len[i] + 1);
for (j = 0; j < MIN (len[0], len[1]); j++)
copy[i][j] = toupper (beg[i][j]);
@@ -574,9 +577,21 @@ keycmp (struct line const *line1, struct
}
if (hard_LC_COLLATE)
- return xmemcoll ((char *) copy[0], len[0], (char *) copy[1], len[1]);
+ {
+ diff = xmemcoll ((char *) copy[0], len[0], (char *) copy[1], len[1]);
+
+ if (mallocd)
+ for (i = 0; i < 2; i++)
+ free (copy[i]);
+
+ return diff;
+ }
+
diff = memcmp (copy[0], copy[1], MIN (len[0], len[1]));
+ if (mallocd)
+ for (i = 0; i < 2; i++)
+ free (copy[i]);
if (diff)
return diff;
Index: src/sort.c
===================================================================
--- src/sort.c.orig
+++ src/sort.c
@@ -2829,13 +2829,13 @@ getmonth_mb (const char *s, size_t len,
if (len == 0)
return 0;
- month = (char *) alloca (len + 1);
+ month = (char *) xmalloc (len + 1);
- tmp = (char *) alloca (len + 1);
+ tmp = (char *) xmalloc (len + 1);
memcpy (tmp, s, len);
tmp[len] = '\0';
pp = (const char **)&tmp;
- month_wcs = (wchar_t *) alloca ((len + 1) * sizeof (wchar_t));
+ month_wcs = (wchar_t *) xmalloc ((len + 1) * sizeof (wchar_t));
memset (&state, '\0', sizeof(mbstate_t));
wclength = mbsrtowcs (month_wcs, pp, len + 1, &state);
@@ -2874,6 +2874,10 @@ getmonth_mb (const char *s, size_t len,
result = (!strncmp (month, monthtab[lo].name, strlen (monthtab[lo].name))
? monthtab[lo].val : 0);
+ free (month);
+ free (tmp);
+ free (month_wcs);
+
return result;
}
#endif
@@ -3135,7 +3139,7 @@ keycompare_mb (const struct line *a, con
{
if (ignore || translate)
{
- char *copy_a = (char *) alloca (lena + 1 + lenb + 1);
+ char *copy_a = xmalloc (lena + 1 + lenb + 1);
char *copy_b = copy_a + lena + 1;
size_t new_len_a, new_len_b;
size_t i, j;
@@ -3211,6 +3215,7 @@ keycompare_mb (const struct line *a, con
IGNORE_CHARS (new_len_b, lenb, textb, copy_b,
wc_b, mblength_b, state_b);
diff = xmemcoll (copy_a, new_len_a, copy_b, new_len_b);
+ free(copy_a);
}
else if (lena == 0)
diff = - NONZERO (lenb);
Index: src/uniq.c
===================================================================
--- src/uniq.c.orig
+++ src/uniq.c
@@ -348,8 +348,8 @@ different (char *old, char *new, size_t
{
size_t i;
- copy_old = alloca (oldlen + 1);
- copy_new = alloca (oldlen + 1);
+ copy_old = xmalloc (sizeof(char) * (oldlen + 1));
+ copy_new = xmalloc (sizeof(char) * (oldlen + 1));
for (i = 0; i < oldlen; i++)
{
@@ -357,6 +357,11 @@ different (char *old, char *new, size_t
copy_new[i] = toupper (new[i]);
}
+
+ bool rc = xmemcoll (copy_old, oldlen, copy_new, newlen);
+ free (copy_old);
+ free (copy_new);
+ return rc;
}
else
{
copy_old = (char *)old;
@@ -388,7 +393,7 @@ different_multi (const char *old, const
for (i = 0; i < 2; i++)
{
- copy[i] = alloca (len[i] + 1);
+ copy[i] = xmalloc (len[i] + 1);
for (j = 0, chars = 0; j < len[i] && chars < check_chars; chars++)
{
@@ -429,7 +434,10 @@ different_multi (const char *old, const
len[i] = j;
}
- return xmemcoll (copy[0], len[0], copy[1], len[1]);
+ int rc = xmemcoll (copy[0], len[0], copy[1], len[1]);
+ free (copy[0]);
+ free (copy[1]);
+ return rc;
}
#endif
++++++ coreutils-i18n-uninit.patch ++++++
Index: src/cut.c
===================================================================
--- src/cut.c.orig 2012-04-16 13:17:12.321020103 +0200
+++ src/cut.c 2012-04-16 13:17:12.333019817 +0200
@@ -869,7 +869,10 @@ cut_fields_mb (FILE *stream)
c = getc (stream);
empty_input = (c == EOF);
if (c != EOF)
- ungetc (c, stream);
+ {
+ ungetc (c, stream);
+ wc = 0;
+ }
else
wc = WEOF;
++++++ coreutils-i18n.patch ++++++
++++ 4160 lines (skipped)
++++++ coreutils-id_show_real_groups.patch ++++++
commit 032a549481444395558286b433296c97c09c721d
Author: Jim Meyering
Date: Fri Apr 27 13:28:32 2012 +0200
id,groups: with no user name, print only real and/or effective IDs,
... i.e., don't use the getpw* functions.
Before this change, running groups or id with no user name argument
would include a group name or ID from /etc/passwd. Thus, under unusual
circumstances (default group is changed, but has not taken effect for a
given session), those programs could print a name or ID that is neither
real nor effective.
To demonstrate, run this:
echo 'for i in 1 2; do id -G; sleep 1.5; done' \
|su -s /bin/sh ftp - &
sleep 1; perl -pi -e 's/^(ftp:x:\d+):(\d+)/$1:9876/' /etc/passwd
Those id -G commands printed the following:
50
50 9876
With this change, they print this:
50
50
Similarly, running those programs set-GID could make them
print one ID too many.
* src/group-list.c (print_group_list): When username is NULL, pass
egid, not getpwuid(ruid)->pw_gid), to xgetgroups, per the API
requirements of xgetgroups callee, mgetgroups.
When not using the password database, don't call getpwuid.
* NEWS (Bug fixes): Mention it.
* tests/misc/id-setgid: New file.
* tests/Makefile.am (TESTS): Add it.
(root_tests): It's a root-only test, so add it here, too.
Originally reported by Brynnen Owen as http://bugs.gnu.org/7320.
Raised again by Marc Mengel in http://bugzilla.redhat.com/816708.
Index: NEWS
===================================================================
--- NEWS.orig 2012-03-26 14:06:43.000000000 +0200
+++ NEWS 2012-05-07 14:20:23.431517270 +0200
@@ -1,5 +1,15 @@
GNU coreutils NEWS -*- outline -*-
+** Bug fixes
+
+ id and groups, when invoked with no user name argument, would print
+ the default group ID listed in the password database, and sometimes
+ that ID would be neither real nor effective. For example, when run
+ set-GID, or in a session for which the default group has just been
+ changed, the new group ID would be listed, even though it is not
+ yet effective.
+
+
* Noteworthy changes in release 8.16 (2012-03-26) [stable]
** New features
Index: THANKS.in
===================================================================
--- THANKS.in.orig 2012-03-24 19:22:13.000000000 +0100
+++ THANKS.in 2012-05-07 14:19:38.953620833 +0200
@@ -98,6 +98,7 @@ Brian Silverman bsil
Brian Youmans 3diff@gnu.org
Britton Leo Kerin fsblk@aurora.uaf.edu
Bruce Robertson brucer@theodolite.dyndns.org
+Brynnen Owen owen@illinois.edu
Carl Johnson carlj@cjlinux.home.org
Carl Lowenstein cdl@mpl.UCSD.EDU
Carl Roth roth@urs.us
@@ -355,6 +356,7 @@ Manfred Hollstein manf
Марк Коренберг socketpair@gmail.com
Marc Boucher marc@mbsi.ca
Marc Haber mh+debian-bugs@zugschlus.de
+Marc Mengel mengel@fnal.gov
Marc Lehman schmorp@schmorp.de
Marc Olzheim marcolz@stack.nl
Marco Franzen Marco.Franzen@Thyron.com
Index: src/group-list.c
===================================================================
--- src/group-list.c.orig 2012-02-03 14:16:13.000000000 +0100
+++ src/group-list.c 2012-05-07 14:19:38.953620833 +0200
@@ -38,11 +38,14 @@ print_group_list (const char *username,
bool use_names)
{
bool ok = true;
- struct passwd *pwd;
+ struct passwd *pwd = NULL;
- pwd = getpwuid (ruid);
- if (pwd == NULL)
- ok = false;
+ if (username)
+ {
+ pwd = getpwuid (ruid);
+ if (pwd == NULL)
+ ok = false;
+ }
if (!print_group (rgid, use_names))
ok = false;
@@ -58,8 +61,7 @@ print_group_list (const char *username,
gid_t *groups;
int i;
- int n_groups = xgetgroups (username, (pwd ? pwd->pw_gid : (gid_t) -1),
- &groups);
+ int n_groups = xgetgroups (username, (pwd ? pwd->pw_gid : egid), &groups);
if (n_groups < 0)
{
if (username)
Index: tests/Makefile.am
===================================================================
--- tests/Makefile.am.orig 2012-05-07 14:19:38.807624454 +0200
+++ tests/Makefile.am 2012-05-07 14:19:38.953620833 +0200
@@ -36,6 +36,7 @@ root_tests = \
ls/nameless-uid \
misc/chcon \
misc/chroot-credentials \
+ misc/id-setgid \
misc/selinux \
misc/truncate-owned-by-other \
mkdir/writable-under-readonly \
@@ -197,6 +198,7 @@ TESTS = \
misc/head-pos \
misc/id-context \
misc/id-groups \
+ misc/id-setgid \
misc/md5sum \
misc/md5sum-bsd \
misc/md5sum-newline \
Index: tests/misc/id-setgid
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ tests/misc/id-setgid 2012-05-07 14:19:38.953620833 +0200
@@ -0,0 +1,34 @@
+#!/bin/sh
+# Verify that id -G prints the right group when run set-GID.
+
+# Copyright (C) 2012 Free Software Foundation, Inc.
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see http://www.gnu.org/licenses/.
+
+. "${srcdir=.}/init.sh"; path_prepend_ ../src
+print_ver_ id
+require_root_
+
+g=$(id -u $NON_ROOT_USERNAME) || framework_failure_
+
+# Construct a different group number.
+gp1=$(expr $g + 1)
+
+echo $gp1 > exp || framework_failure_
+
+setuidgid -g $gp1 $NON_ROOT_USERNAME env PATH="$PATH" id -G > out || fail=1
+compare exp out || fail=1
+# With coreutils-8.16 and earlier, id -G would print both: $gp1 $g
+
+Exit $fail
++++++ coreutils-invalid-ids.patch ++++++
While uid_t and gid_t are both unsigned, the values (uid_t) -1 and
(gid_t) -1 are reserved. A uid or gid argument of -1 to the chown(2)
system call means to leave the uid/gid unchanged. Catch this case
so that trying to set a uid or gid to -1 will result in an error.
Test cases:
chown 4294967295 file
chown :4294967295 file
chgrp 4294967295 file
Andreas Gruenbacher
Index: src/chgrp.c
===================================================================
--- src/chgrp.c.orig 2012-03-24 19:22:13.000000000 +0100
+++ src/chgrp.c 2012-04-16 13:22:03.004026462 +0200
@@ -88,7 +88,7 @@ parse_group (const char *name)
{
unsigned long int tmp;
if (! (xstrtoul (name, NULL, 10, &tmp, "") == LONGINT_OK
- && tmp <= GID_T_MAX))
+ && tmp <= GID_T_MAX && (gid_t) tmp != (gid_t) -1))
error (EXIT_FAILURE, 0, _("invalid group: %s"), quote (name));
gid = tmp;
}
++++++ coreutils-misc.patch ++++++
Index: gnulib-tests/test-isnanl.h
===================================================================
--- gnulib-tests/test-isnanl.h.orig 2012-01-06 08:20:50.000000000 +0100
+++ gnulib-tests/test-isnanl.h 2012-04-16 13:22:02.969027310 +0200
@@ -47,7 +47,7 @@ main ()
/* Quiet NaN. */
ASSERT (isnanl (NaNl ()));
-#if defined LDBL_EXPBIT0_WORD && defined LDBL_EXPBIT0_BIT
+#if defined LDBL_EXPBIT0_WORD && defined LDBL_EXPBIT0_BIT && 0
/* A bit pattern that is different from a Quiet NaN. With a bit of luck,
it's a Signalling NaN. */
{
@@ -89,6 +89,7 @@ main ()
{ LDBL80_WORDS (0xFFFF, 0x83333333, 0x00000000) };
ASSERT (isnanl (x.value));
}
+#if 0
/* The isnanl function should recognize Pseudo-NaNs, Pseudo-Infinities,
Pseudo-Zeroes, Unnormalized Numbers, and Pseudo-Denormals, as defined in
Intel IA-64 Architecture Software Developer's Manual, Volume 1:
@@ -122,6 +123,7 @@ main ()
ASSERT (isnanl (x.value));
}
#endif
+#endif
return 0;
}
Index: tests/misc/help-version
===================================================================
--- tests/misc/help-version.orig 2012-03-24 19:22:13.000000000 +0100
+++ tests/misc/help-version 2012-04-16 13:22:02.970027285 +0200
@@ -251,6 +251,7 @@ parted_setup () { args="-s $tmp_in mklab
for i in $built_programs; do
# Skip these.
case $i in chroot|stty|tty|false|chcon|runcon) continue;; esac
+ case $i in df) continue;; esac
rm -rf $tmp_in $tmp_in2 $tmp_dir $tmp_out $bigZ_in $zin $zin2
echo z |gzip > $zin
Index: tests/other-fs-tmpdir
===================================================================
--- tests/other-fs-tmpdir.orig 2012-03-24 19:22:13.000000000 +0100
+++ tests/other-fs-tmpdir 2012-04-16 13:22:02.970027285 +0200
@@ -43,6 +43,9 @@ for d in $CANDIDATE_TMP_DIRS; do
done
+# Autobuild hack
+test -f /bin/uname.bin && other_partition_tmpdir=
+
if test -z "$other_partition_tmpdir"; then
skip_ \
"requires a writable directory on a different disk partition,
++++++ coreutils-ptr_int_casts.patch ++++++
Index: src/join.c
===================================================================
--- src/join.c.orig 2012-04-16 16:54:22.032279169 +0200
+++ src/join.c 2012-04-16 16:54:22.163275636 +0200
@@ -1320,7 +1320,7 @@ main (int argc, char **argv)
case 't':
{
- char *newtab;
+ char *newtab = NULL;
size_t newtablen;
newtab = xstrdup (optarg);
#if HAVE_MBRTOWC
@@ -1342,7 +1342,7 @@ main (int argc, char **argv)
newtablen = 1;
if (! newtab)
{
- newtab = '\n'; /* '' => process the whole line. */
+ newtab = "\n"; /* '' => process the whole line. */
}
else if (optarg[1])
{
++++++ coreutils-race_in_cp.patch ++++++
commit ee9e43460f366406edff96b5abfb3ff33587e062
Author: Jim Meyering
Date: Fri May 4 16:42:31 2012 +0200
cp: handle a race condition more sensibly
* src/copy.c (copy_reg): In a narrow race (stat sees dest, yet
open-without-O_CREAT fails with ENOENT), retry the open with O_CREAT.
* tests/cp/nfs-removal-race: New file.
* tests/Makefile.am (TESTS): Add it.
* NEWS (Bug fixes): Mention it.
Reported by Philipp Thomas and Neil F. Brown in
http://bugs.gnu.org/11100
Index: NEWS
===================================================================
--- NEWS.orig 2012-05-07 14:20:52.079810454 +0200
+++ NEWS 2012-05-07 14:21:35.566738140 +0200
@@ -9,6 +9,14 @@ GNU coreutils NEWS
changed, the new group ID would be listed, even though it is not
yet effective.
+ 'cp S D' is no longer subject to a race: if an existing D were removed
+ between the initial stat and subsequent open-without-O_CREAT, cp would
+ fail with a confusing diagnostic saying that the destination, D, was not
+ found. Now, in this unusual case, it retries the open (but with O_CREAT),
+ and hence usually succeeds. With NFS attribute caching, the condition
+ was particularly easy to trigger, since there, the removal of D could
+ precede the initial stat. [This bug was present in "the beginning".]
+
* Noteworthy changes in release 8.16 (2012-03-26) [stable]
Index: THANKS.in
===================================================================
--- THANKS.in.orig 2012-05-07 14:20:52.079810454 +0200
+++ THANKS.in 2012-05-07 14:20:52.087810257 +0200
@@ -439,7 +439,7 @@ Minh Tran-Le tran
Morten Welinder terra@diku.dk
Nao Nishijima nao.nishijima.xt@hitachi.com
Neal H Walfield neal@cs.uml.edu
-Neil Brown neilb@cse.unsw.edu.au
+Neil F. Brown neilb@suse.de
Nelson H. F. Beebe beebe@math.utah.edu
Nick Estes debian@nickstoys.com
Nick Graham nick.d.graham@gmail.com
@@ -489,6 +489,7 @@ Phil Richards phil
Philippe De Muyter phdm@macqel.be
Philippe Schnoebelen Philippe.Schnoebelen@imag.fr
Phillip Jones mouse@datastacks.com
+Philipp Thomas pth@suse.de
Piergiorgio Sartor sartor@sony.de
Pieter Bowman bowman@math.utah.edu
Piotr Gackiewicz gacek@intertele.pl
Index: src/copy.c
===================================================================
--- src/copy.c.orig 2012-03-24 21:26:51.000000000 +0100
+++ src/copy.c 2012-05-07 14:20:52.087810257 +0200
@@ -889,6 +889,8 @@ copy_reg (char const *src_name, char con
if (*new_dst)
{
+ open_with_O_CREAT:;
+
int open_flags = O_WRONLY | O_CREAT | O_BINARY;
dest_desc = open (dst_name, open_flags | O_EXCL,
dst_mode & ~omitted_permissions);
@@ -939,6 +941,23 @@ copy_reg (char const *src_name, char con
if (dest_desc < 0)
{
+ /* If we've just failed due to ENOENT for an ostensibly preexisting
+ destination (*new_dst was 0), that's a bit of a contradiction/race:
+ the prior stat/lstat said the file existed (*new_dst was 0), yet
+ the subsequent open-existing-file failed with ENOENT. With NFS,
+ the race window is wider still, since its meta-data caching tends
+ to make the stat succeed for a just-removed remote file, while the
+ more-definitive initial open call will fail with ENOENT. When this
+ situation arises, we attempt to open again, but this time with
+ O_CREAT. Do this only when not in move-mode, since when handling
+ a cross-device move, we must never open an existing destination. */
+ if (dest_errno == ENOENT && ! *new_dst && ! x->move_mode)
+ {
+ *new_dst = 1;
+ goto open_with_O_CREAT;
+ }
+
+ /* Otherwise, it's an error. */
error (0, dest_errno, _("cannot create regular file %s"),
quote (dst_name));
return_val = false;
Index: tests/Makefile.am
===================================================================
--- tests/Makefile.am.orig 2012-05-07 14:20:52.080810429 +0200
+++ tests/Makefile.am 2012-05-07 14:20:52.087810257 +0200
@@ -347,6 +347,7 @@ TESTS = \
cp/link-no-deref \
cp/link-preserve \
cp/link-symlink \
+ cp/nfs-removal-race \
cp/no-deref-link1 \
cp/no-deref-link2 \
cp/no-deref-link3 \
Index: tests/cp/nfs-removal-race
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ tests/cp/nfs-removal-race 2012-05-07 14:20:52.087810257 +0200
@@ -0,0 +1,70 @@
+#!/bin/sh
+# Running cp S D on an NFS client while another client has just removed D
+# would lead (w/coreutils-8.16 and earlier) to cp's initial stat call
+# seeing (via stale NFS cache) that D exists, so that cp would then call
+# open without the O_CREAT flag. Yet, the open must actually consult
+# the server, which confesses that D has been deleted, thus causing the
+# open call to fail with ENOENT.
+#
+# This test simulates that situation by intercepting stat for a nonexistent
+# destination, D, and making the stat fill in the result struct for another
+# file and return 0.
+#
+# This test is skipped on systems that lack LD_PRELOAD support; that's fine.
+# Similarly, on a system that lacks or __xstat, skipping it is fine.
+
+# Copyright (C) 2012 Free Software Foundation, Inc.
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see http://www.gnu.org/licenses/.
+
+. "${srcdir=.}/init.sh"; path_prepend_ ../src
+print_ver_ cp
+
+# Replace each stat call with a call to this wrapper.
+cat > k.c <<'EOF' || framework_failure_
+#define _GNU_SOURCE
+#include
+#include
+
+#define __xstat __xstat_orig
+
+#include
+#include
+
+#undef __xstat
+
+int
+__xstat (int ver, const char *path, struct stat *st)
+{
+ static int (*real_stat)(int ver, const char *path, struct stat *st) = NULL;
+ if (!real_stat)
+ real_stat = dlsym (RTLD_NEXT, "__xstat");
+ /* When asked to stat nonexistent "d",
+ return results suggesting it exists. */
+ return real_stat (ver, *path == 'd' && path[1] == 0 ? "d2" : path, st);
+}
+EOF
+
+# Then compile/link it:
+$CC -shared -fPIC -O2 k.c -o k.so \
+ || framework_failure_ 'failed to compile with -shared -fPIC'
+
+touch d2 || framework_failure_
+echo xyz > src || framework_failure_
+
+# Finally, run the test:
+LD_PRELOAD=./k.so cp src d || fail=1
+
+compare src d || fail=1
+Exit $fail
++++++ coreutils-remove_hostname_documentation.patch ++++++
Index: doc/coreutils.texi
===================================================================
--- doc/coreutils.texi.orig 2012-03-26 07:38:37.000000000 +0200
+++ doc/coreutils.texi 2012-04-16 13:22:12.487797130 +0200
@@ -66,7 +66,6 @@
* groups: (coreutils)groups invocation. Print group names a user is in.
* head: (coreutils)head invocation. Output the first part of files.
* hostid: (coreutils)hostid invocation. Print numeric host identifier.
-* hostname: (coreutils)hostname invocation. Print or set system name.
* id: (coreutils)id invocation. Print user identity.
* install: (coreutils)install invocation. Copy and change attributes.
* join: (coreutils)join invocation. Join lines on a common field.
@@ -198,7 +197,7 @@ Free Documentation License''.
* File name manipulation:: dirname basename pathchk mktemp realpath
* Working context:: pwd stty printenv tty
* User information:: id logname whoami groups users who
-* System context:: date arch nproc uname hostname hostid uptime
+* System context:: date arch nproc uname hostid uptime
* SELinux context:: chcon runcon
* Modified command invocation:: chroot env nice nohup stdbuf su timeout
* Process control:: kill
@@ -416,7 +415,6 @@ System context
* date invocation:: Print or set system date and time
* nproc invocation:: Print the number of processors
* uname invocation:: Print system information
-* hostname invocation:: Print or set system name
* hostid invocation:: Print numeric host identifier
* uptime invocation:: Print system uptime and load
@@ -14135,7 +14133,6 @@ information.
* arch invocation:: Print machine hardware name.
* nproc invocation:: Print the number of processors.
* uname invocation:: Print system information.
-* hostname invocation:: Print or set system name.
* hostid invocation:: Print numeric host identifier.
* uptime invocation:: Print system uptime and load.
@end menu
@@ -14922,15 +14919,6 @@ easily available, as is the case with Li
Print the machine hardware name (sometimes called the hardware class
or hardware type).
-@item -n
-@itemx --nodename
-@opindex -n
-@opindex --nodename
-@cindex hostname
-@cindex node name
-@cindex network node name
-Print the network node hostname.
-
@item -p
@itemx --processor
@opindex -p
@@ -14984,30 +14972,6 @@ Print the kernel version.
@exitstatus
-
-@node hostname invocation
-@section @command{hostname}: Print or set system name
-
-@pindex hostname
-@cindex setting the hostname
-@cindex printing the hostname
-@cindex system name, printing
-@cindex appropriate privileges
-
-With no arguments, @command{hostname} prints the name of the current host
-system. With one argument, it sets the current host name to the
-specified string. You must have appropriate privileges to set the host
-name. Synopsis:
-
-@example
-hostname [@var{name}]
-@end example
-
-The only options are @option{--help} and @option{--version}. @xref{Common
-options}.
-
-@exitstatus
-
@node hostid invocation
@section @command{hostid}: Print numeric host identifier
Index: man/Makefile.am
===================================================================
--- man/Makefile.am.orig 2012-03-26 11:50:41.000000000 +0200
+++ man/Makefile.am 2012-04-16 13:22:02.980027043 +0200
@@ -199,7 +199,7 @@ check-x-vs-1:
@PATH=../src$(PATH_SEPARATOR)$$PATH; export PATH; \
t=$@-t; \
(cd $(srcdir) && ls -1 *.x) | sed 's/\.x$$//' | $(ASSORT) > $$t;\
- (echo $(dist_man1_MANS) $(NO_INSTALL_PROGS_DEFAULT) \
+ (echo $(dist_man1_MANS) $(NO_INSTALL_PROGS_DEFAULT) hostid \
| tr -s ' ' '\n' | sed 's/\.1$$//') \
| $(ASSORT) -u | diff - $$t || { rm $$t; exit 1; }; \
rm $$t
Index: man/Makefile.in
===================================================================
--- man/Makefile.in.orig 2012-03-26 11:50:44.000000000 +0200
+++ man/Makefile.in 2012-04-16 13:22:02.980027043 +0200
@@ -2030,7 +2030,7 @@ check-x-vs-1:
@PATH=../src$(PATH_SEPARATOR)$$PATH; export PATH; \
t=$@-t; \
(cd $(srcdir) && ls -1 *.x) | sed 's/\.x$$//' | $(ASSORT) > $$t;\
- (echo $(dist_man1_MANS) $(NO_INSTALL_PROGS_DEFAULT) \
+ (echo $(dist_man1_MANS) $(NO_INSTALL_PROGS_DEFAULT) hostid \
| tr -s ' ' '\n' | sed 's/\.1$$//') \
| $(ASSORT) -u | diff - $$t || { rm $$t; exit 1; }; \
rm $$t
++++++ coreutils-sysinfo.patch ++++++
Index: src/uname.c
===================================================================
--- src/uname.c.orig 2012-03-24 21:26:51.000000000 +0100
+++ src/uname.c 2012-04-16 13:22:02.996026656 +0200
@@ -337,6 +337,36 @@ main (int argc, char **argv)
# endif
}
#endif
+ if (element == unknown)
+ {
+ struct utsname name;
+ static char processor[sizeof (name.machine)];
+ if (uname (&name) != 0)
+ error (EXIT_FAILURE, errno, _("cannot get system name"));
+ strcpy (processor, name.machine);
+ element = processor;
+#ifdef __linux__
+ if (!strcmp (element, "i686"))
+ {
+ /* Check for Athlon */
+ char line[1024];
+ FILE *f = fopen ("/proc/cpuinfo", "r");
+ if (f)
+ {
+ while (fgets (line, sizeof (line), f) > 0)
+ {
+ if (strncmp (line, "vendor_id", 9) == 0)
+ {
+ if (strstr (line, "AuthenticAMD"))
+ element = "athlon";
+ break;
+ }
+ }
+ fclose (f);
+ }
+ }
+#endif
+ }
if (! (toprint == UINT_MAX && element == unknown))
print_element (element);
}
@@ -362,6 +392,18 @@ main (int argc, char **argv)
element = hardware_platform;
}
#endif
+ if (element == unknown)
+ {
+ struct utsname name;
+ static char hardware_platform[sizeof (name.machine)];
+ if (uname (&name) != 0)
+ error (EXIT_FAILURE, errno, _("cannot get system name"));
+ strcpy (hardware_platform, name.machine);
+ if (hardware_platform[0] == 'i' && hardware_platform[2] == '8'
+ && hardware_platform[3] == '6' && hardware_platform[4] == 0)
+ hardware_platform[1] = '3';
+ element = hardware_platform;
+ }
if (! (toprint == UINT_MAX && element == unknown))
print_element (element);
}
++++++ su.default ++++++
# Per default, only "su -" will set a new PATH.
# If this variable is changed to "yes" (default is "no"),
# every su call will overwrite the PATH variable.
ALWAYS_SET_PATH=no
# Default path.
PATH=/usr/local/bin:/bin:/usr/bin
# Default path for a user invoking su to root.
SUPATH=/usr/sbin:/bin:/usr/bin:/sbin
++++++ su.pamd ++++++
#%PAM-1.0
auth sufficient pam_rootok.so
auth include common-auth
account sufficient pam_rootok.so
account include common-account
password include common-password
session include common-session
session optional pam_xauth.so
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org