Hello community, here is the log from the commit of package coreutils.490 for openSUSE:12.1:Update checked in at 2012-05-15 15:19:03 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.1:Update/coreutils.490 (Old) and /work/SRC/openSUSE:12.1:Update/.coreutils.490.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "coreutils.490", Maintainer is "" Changes: -------- New Changes file: --- /dev/null 2012-05-03 01:24:41.895590051 +0200 +++ /work/SRC/openSUSE:12.1:Update/.coreutils.490.new/coreutils.changes 2012-05-15 15:19:04.000000000 +0200 @@ -0,0 +1,1972 @@ +------------------------------------------------------------------- +Fri Apr 27 12:54:33 CEST 2012 - pth@suse.de + +- Make stdbuf binary find libstdbuf.so by looking in the right + path (bnc#741241). + +------------------------------------------------------------------- +Tue Mar 27 02:47:16 CEST 2012 - pth@suse.de + +- Add support for environment variable SU_C_SAME_SESSION + that makes -c behave like -C and document it in + coreutils.info and su(1) (bnc#697897). + +------------------------------------------------------------------- +Mon Oct 17 15:25:21 CEST 2011 - pth@suse.de + +- Add upstream patch that fixes three bugs in tac: + - remove sole use of sprintf in favor of stpcpy + - don't misbehave with multiple non-seekable inputs + - don't leak a file descriptor for each non-seekable input + +------------------------------------------------------------------- +Fri Oct 14 16:51:48 CEST 2011 - pth@suse.de + +- Uniformly use german quotes not french ones in german messages. + +------------------------------------------------------------------- +Thu Oct 13 16:07:16 CEST 2011 - pth@suse.de + +- Update to 8.14. Changes since 8.12: + Bug fixes: + + - ls --dereference no longer outputs erroneous "argetm" strings for + dangling symlinks when an 'ln=target' entry is in $LS_COLORS. + [bug introduced in fileutils-4.0] + + - ls -lL symlink once again properly prints "+" when the referent has + an ACL. [bug introduced in coreutils-8.13] + + - sort -g no longer infloops for certain inputs containing NaNs [bug + introduced in coreutils-8.5] + + - chown and chgrp with the -v --from= options, now output the correct + owner. I.E. for skipped files, the original ownership is output, + not the new one. [bug introduced in sh-utils-2.0g] + + - cp -r could mistakenly change the permissions of an existing + destination directory. [bug introduced in coreutils-6.8] + + - cp -u -p would fail to preserve one hard link for each up-to-date + copy of a src-hard-linked name in the destination tree. I.e., if + s/a and s/b are hard-linked and dst/s/a is up to date, "cp -up s + dst" would copy s/b to dst/s/b rather than simply linking dst/s/b + to dst/s/a. [This bug appears to have been present in "the + beginning".] + + - fts-using tools (rm, du, chmod, chgrp, chown, chcon) no longer use + memory proportional to the number of entries in each directory they + process. Before, rm -rf 4-million-entry-directory would consume + about 1GiB of memory. Now, it uses less than 30MB, no matter how + many entries there are. [this bug was inherent in the use of fts: + thus, for rm the bug was introduced in coreutils-8.0. The prior + implementation of rm did not use as much memory. du, chmod, chgrp + and chown started using fts in 6.0. chcon was added in + coreutils-6.9.91 with fts support. ] + + - pr -T no longer ignores a specified LAST_PAGE to stop at. [bug + introduced in textutils-1.19q] + + - printf '%d' '"' no longer accesses out-of-bounds memory in the + diagnostic. [bug introduced in sh-utils-1.16] + + - split --number l/... no longer creates extraneous files in certain + cases. [bug introduced in coreutils-8.8] + + - timeout now sends signals to commands that create their own process + group. timeout is no longer confused when starting off with a + child process. [bugs introduced in coreutils-7.0] + + - unexpand -a now aligns correctly when there are spaces spanning a + tabstop, followed by a tab. In that case a space was dropped, + causing misalignment. We also now ensure that a space never + precedes a tab. [bug introduced in coreutils-5.3.0] + + New features: + + - date now accepts ISO 8601 date-time strings with "T" as the + separator. It has long parsed dates like "2004-02-29 16:21:42" + with a space between the date and time strings. Now it also parses + "2004-02-29T16:21:42" and fractional-second and time-zone-annotated + variants like "2004-02-29T16:21:42.333-07:00" + - md5sum accepts the new --strict option. With --check, it makes the + tool exit non-zero for any invalid input line, rather than just warning. + This also affects sha1sum, sha224sum, sha384sum and sha512sum. + + - split accepts a new --filter=CMD option. With it, split filters + output through CMD. CMD may use the $FILE environment variable, + which is set to the nominal output file name for each invocation of + CMD. For example, to split a file into 3 approximately equal + parts, which are then compressed: + + split -n3 --filter='xz > $FILE.xz' big + + Note the use of single quotes, not double quotes. That creates + files named xaa.xz, xab.xz and xac.xz. + + - timeout accepts a new --foreground option, to support commands not + started directly from a shell prompt, where the command is + interactive or needs to receive signals initiated from the + terminal. + + Improvements: + + - md5sum --check now supports the -r format from the corresponding + BSD tool. This also affects sha1sum, sha224sum, sha384sum and + sha512sum. + + - pwd now works also on systems without openat. On such systems, pwd + would fail when run from a directory whose absolute name contained + more than PATH_MAX / 3 components. The df, stat and readlink + programs are also affected due to their use of the canonicalize_* + functions. + + - join --check-order now prints "join: FILE:LINE_NUMBER: bad_line" + for an unsorted input, rather than e.g., "join: file 1 is not in + sorted order". + + - shuf outputs small subsets of large permutations much more + efficiently. For example `shuf -i1-$((2**32-1)) -n2` no longer + exhausts memory. + + - stat -f now recognizes the GPFS, MQUEUE and PSTOREFS file system + types. + + - timeout now supports sub-second timeouts. + + Changes in behavior: + + - chmod, chown and chgrp now output the original attributes in + messages, when -v or -c specified. + + - cp -au (where --preserve=links is implicit) may now replace newer + files in the destination, to mirror hard links from the source. + +------------------------------------------------------------------- +Sat Sep 17 23:29:33 UTC 2011 - jengelh@medozas.de + +- Remove redundant tags/sections from specfile + +------------------------------------------------------------------- +Tue Aug 2 00:26:05 UTC 2011 - lchiquitto@suse.com + +- file-has-acl: use acl_extended_file_nofollow if available to + avoid triggering unwanted AutoFS mounts (bnc#701659). + +------------------------------------------------------------------- +Tue May 3 16:42:41 CEST 2011 - pth@suse.de + +- Remove services. + +------------------------------------------------------------------- +Tue May 3 14:28:01 CEST 2011 - ro@suse.de + +- delete coreutils-testsuite.spec + +------------------------------------------------------------------- +Thu Apr 28 15:35:59 CEST 2011 - pth@suse.de + +- Update to 8.12: + * Bug fixes + + tail's --follow=name option no longer implies --retry on systems + with inotify support. [bug introduced in coreutils-7.5] + + * Changes in behavior + + cp's extent-based (FIEMAP) copying code is more reliable in the face + of varying and undocumented file system semantics: + - it no longer treats unwritten extents specially + - a FIEMAP-based extent copy always uses the FIEMAP_FLAG_SYNC flag. + Before, it would incur the performance penalty of that sync only + for 2.6.38 and older kernels. We thought all problems would be + resolved for 2.6.39. + - it now attempts a FIEMAP copy only on a file that appears sparse. + Sparse files are relatively unusual, and the copying code incurs + the performance penalty of the now-mandatory sync only for them. +- Add complete german meesage catalogue. + +------------------------------------------------------------------- +Thu Apr 14 14:46:41 CEST 2011 - pth@suse.de + +- Update to 8.11: + + * Bug fixes + + cp -a --link would not create a hardlink to a symlink, instead + copying the symlink and then not preserving its timestamp. ++++ 1775 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.1:Update/.coreutils.490.new/coreutils.changes New: ---- baselibs.conf coreutils-8.14.de.po.xz coreutils-8.14.tar.xz coreutils-8.6-compile-su-with-fpie.diff coreutils-8.6-honor-settings-in-etc-default-su-resp-etc-login.defs.diff coreutils-8.6-i18n.patch coreutils-8.6-log-all-su-attempts.diff coreutils-8.6-make-sure-sbin-resp-usr-sbin-are-in-PATH.diff coreutils-8.6-pam-support-for-su.diff coreutils-8.6-set-sane-default-path.diff coreutils-8.6-update-man-page-for-pam.diff coreutils-8.9-singlethreaded-sort.patch coreutils-acl-nofollow.patch coreutils-bnc#697897-setsid.patch coreutils-fix_tac.patch coreutils-getaddrinfo.patch coreutils-gl_printf_safe.patch coreutils-i18n-infloop.patch coreutils-i18n-uninit.patch coreutils-invalid-ids.patch coreutils-misc.patch coreutils-ptr_int_casts.patch coreutils-remove_hostname_documentation.patch coreutils-sysinfo.patch coreutils.changes coreutils.spec su.default su.pamd ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ coreutils.spec ++++++ # # spec file for package coreutils # # Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: coreutils Summary: GNU Core Utilities License: GFDL-1.2 ; GPL-2.0+ ; GPL-3.0+ Group: System/Base BuildRequires: help2man BuildRequires: libacl-devel BuildRequires: libcap-devel BuildRequires: libselinux-devel BuildRequires: pam-devel BuildRequires: xz Url: http://www.gnu.org/software/coreutils/ Version: 8.14 Release: 0 Provides: fileutils = %{version} Provides: mktemp = %{version} Provides: sh-utils = %{version} Provides: stat = %version} Provides: textutils = %{version} Obsoletes: fileutils < %{version} Obsoletes: libselinux <= 1.23.11-3 Obsoletes: libselinux-32bit = 9 Obsoletes: libselinux-64bit = 9 Obsoletes: libselinux-x86 = 9 Obsoletes: mktemp < %{version} Obsoletes: sh-utils < %{version} Obsoletes: stat < %version} Obsoletes: textutils < %{version} PreReq: %{install_info_prereq} Recommends: %{name}-lang = %version Requires: pam >= 1.1.1.90 Source: coreutils-%{version}.tar.xz Source1: su.pamd Source2: su.default Source3: baselibs.conf Source4: coreutils-8.14.de.po.xz Patch0: coreutils-misc.patch Patch1: coreutils-remove_hostname_documentation.patch Patch2: coreutils-gl_printf_safe.patch Patch4: coreutils-8.6-i18n.patch Patch5: coreutils-i18n-uninit.patch Patch6: coreutils-i18n-infloop.patch Patch8: coreutils-sysinfo.patch Patch16: coreutils-invalid-ids.patch Patch20: coreutils-8.6-pam-support-for-su.diff Patch21: coreutils-8.6-update-man-page-for-pam.diff Patch22: coreutils-8.6-log-all-su-attempts.diff Patch23: coreutils-8.6-set-sane-default-path.diff Patch24: coreutils-8.6-honor-settings-in-etc-default-su-resp-etc-login.defs.diff Patch25: coreutils-8.6-make-sure-sbin-resp-usr-sbin-are-in-PATH.diff # Patch30: coreutils-8.6-compile-su-with-fpie.diff Patch31: coreutils-getaddrinfo.patch Patch32: coreutils-ptr_int_casts.patch Patch33: coreutils-8.9-singlethreaded-sort.patch Patch34: coreutils-bnc#697897-setsid.patch Patch35: coreutils-acl-nofollow.patch Patch36: coreutils-fix_tac.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build # this will create a cycle, broken up randomly - coreutils is just too core to have other # prerequires #PreReq: permissions %description Basic file, shell, and text manipulation utilities. The package contains the following programs: [ arch base64 basename cat chcon chgrp chmod chown chroot cksum comm cp csplit cut date dd df dir dircolors dirname du echo env expand expr factor false fmt fold groups head id install join kill link ln logname ls md5sum mkdir mkfifo mknod mktemp mv nice nl nohup od paste pathchk pinky pr printenv printf ptx pwd readlink rm rmdir runcon seq sha1sum sha224sum sha256sum sha384sum sha512sum shred shuf sleep sort split stat stty su sum sync tac tail tee test timeout touch tr true tsort tty uname unexpand uniq unlink uptime users vdir wc who whoami yes %lang_package %prep %setup -q %patch4 %patch5 %patch6 %patch0 %patch1 %patch2 %patch8 %patch16 %patch20 %patch21 %patch22 -p1 %patch23 -p1 %patch24 -p1 %patch25 -p1 # %patch30 -p1 %patch31 %patch32 %patch33 %patch34 %patch35 %patch36 xz -dc %{S:4} >po/de.po %build AUTOPOINT=true autoreconf -fi export CFLAGS="%optflags -Wall" %configure --libexecdir=%{_libdir} \ --without-included-regex \ --enable-install-program=arch,su \ gl_cv_func_printf_directive_n=yes \ gl_cv_func_isnanl_works=yes \ DEFAULT_POSIX2_VERSION=199209 make -C po update-po make %{?_smp_mflags} V=1 %install %makeinstall pkglibexecdir=%{_libdir}/%{name} test -f %{buildroot}%{_bindir}/su || \ install src/su %{buildroot}%{_bindir}/su install -d %{buildroot}/bin for i in arch basename cat chgrp chmod chown cp date dd df echo false kill ln ls mkdir mknod mktemp mv pwd rm rmdir sleep sort stat stty su sync touch true uname readlink md5sum do mv %{buildroot}%{_bindir}/$i %{buildroot}/bin/$i test $i = su && echo -n '%%attr(4755,root,root) ' echo /bin/$i done > bin.files ln -sf ../../bin/{basename,sort,stat,touch,readlink,md5sum} %{buildroot}%{_bindir} install -d -m 755 %{buildroot}/etc/pam.d install -m 644 %{S:1} %{buildroot}/etc/pam.d/su install -m 644 %{S:1} %{buildroot}/etc/pam.d/su-l install -d -m 755 %{buildroot}/etc/default install -m 644 %{S:2} %{buildroot}/etc/default/su echo '.so man1/test.1' > %{buildroot}/%{_mandir}/man1/\[.1 %find_lang %name %post %install_info --info-dir=%{_infodir} %{_infodir}/coreutils.info.gz # may fail if permissions is not there, but there is no way around that %set_permissions %{_bindir}/su %postun %install_info_delete --info-dir=%{_infodir} %{_infodir}/coreutils.info.gz %verifyscript %verify_permissions -e /bin/su %files -f bin.files %defattr(-,root,root) %doc README NEWS %config %{_sysconfdir}/pam.d/su %config %{_sysconfdir}/pam.d/su-l %config(noreplace) %{_sysconfdir}/default/su %{_bindir}/* %{_libdir}/%{name} %doc %{_infodir}/coreutils.info*.gz %doc %{_mandir}/man1/*.1.gz %dir %{_prefix}/share/locale/*/LC_TIME %files lang -f %name.lang %defattr(-,root,root) %changelog ++++++ baselibs.conf ++++++ targettype x86 package coreutils +^/bin/uname$ prereq -glibc-x86 ++++++ coreutils-8.6-compile-su-with-fpie.diff ++++++
From d1a49cccf99373293a88f5bce74857d5bb813e46 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk
Date: Tue, 17 Aug 2010 09:21:22 +0200 Subject: [PATCH 7/7] compile su with -fpie
--- lib/Makefile.am | 2 +- src/Makefile.am | 5 +++++ 2 files changed, 6 insertions(+), 1 deletions(-) diff --git a/lib/Makefile.am b/lib/Makefile.am index b4a591b..059928e 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -17,7 +17,7 @@ include gnulib.mk -AM_CFLAGS += $(GNULIB_WARN_CFLAGS) $(WERROR_CFLAGS) +AM_CFLAGS += $(GNULIB_WARN_CFLAGS) $(WERROR_CFLAGS) -fpie libcoreutils_a_SOURCES += \ buffer-lcm.c buffer-lcm.h diff --git a/src/Makefile.am b/src/Makefile.am index 484f6c2..17600af 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -355,6 +355,11 @@ uptime_LDADD += $(GETLOADAVG_LIBS) su_SOURCES = su.c getdef.c su_LDADD += $(LIB_CRYPT) $(PAM_LIBS) +su_CFLAGS = -fpie +su_LDFLAGS = -pie +timeout_CFLAGS = -fpie +timeout_LDFLAGS = -pie + # for various ACL functions copy_LDADD += $(LIB_ACL) ls_LDADD += $(LIB_ACL) -- 1.7.1 ++++++ coreutils-8.6-honor-settings-in-etc-default-su-resp-etc-login.defs.diff ++++++
From d776b1b67eb1bc1b815426fdf22f38b25ef1e2df Mon Sep 17 00:00:00 2001 From: Ludwig Nussel
Date: Mon, 9 Aug 2010 16:03:12 +0200 Subject: [PATCH 5/7] honor settings in /etc/default/su resp /etc/login.defs
---
src/Makefile.am | 1 +
src/getdef.c | 259 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
src/getdef.h | 29 ++++++
src/su.c | 13 +++-
4 files changed, 300 insertions(+), 2 deletions(-)
create mode 100644 src/getdef.c
create mode 100644 src/getdef.h
diff --git a/src/Makefile.am b/src/Makefile.am
index bc27274..484f6c2 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -352,6 +352,7 @@ factor_LDADD += $(LIB_GMP)
uptime_LDADD += $(GETLOADAVG_LIBS)
# for crypt and pam
+su_SOURCES = su.c getdef.c
su_LDADD += $(LIB_CRYPT) $(PAM_LIBS)
# for various ACL functions
diff --git a/src/getdef.c b/src/getdef.c
new file mode 100644
index 0000000..e1872cf
--- /dev/null
+++ b/src/getdef.c
@@ -0,0 +1,259 @@
+/* Copyright (C) 2003, 2004, 2005 Thorsten Kukuk
+ Author: Thorsten Kukuk
From f2ea0c33d8c25ee40e7fe7a16d0994c8069bc120 Mon Sep 17 00:00:00 2001 From: Ludwig Nussel
Date: Tue, 17 Aug 2010 13:22:01 +0200 Subject: [PATCH 3/7] log all su attempts
---
src/su.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/src/su.c b/src/su.c
index 1d3d007..2a9e423 100644
--- a/src/su.c
+++ b/src/su.c
@@ -75,6 +75,9 @@
#if HAVE_SYSLOG_H && HAVE_SYSLOG
# include
From b43728c1f0c7abe90e73369542564d3ad4704963 Mon Sep 17 00:00:00 2001 From: Werner Fink
Date: Tue, 17 Aug 2010 09:09:55 +0200 Subject: [PATCH 6/7] make sure /sbin resp /usr/sbin are in PATH
--- src/su.c | 127 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 files changed, 127 insertions(+), 0 deletions(-) diff --git a/src/su.c b/src/su.c index eaef195..d78f968 100644 --- a/src/su.c +++ b/src/su.c @@ -455,6 +455,117 @@ correct_password (const struct passwd *pw) #endif /* !USE_PAM */ } +/* Add or clear /sbin and /usr/sbin for the su command + used without `-'. */ + +/* Set if /sbin is found in path. */ +#define SBIN_MASK 0x01 +/* Set if /usr/sbin is found in path. */ +#define USBIN_MASK 0x02 + +static char * +addsbin (const char *const path) +{ + unsigned char smask = 0; + char *ptr, *tmp, *cur, *ret = NULL; + size_t len; + + if (!path || *path == 0) + return NULL; + + tmp = xstrdup (path); + cur = tmp; + for (ptr = strsep (&cur, ":"); ptr != NULL; ptr = strsep (&cur, ":")) + { + if (!strcmp (ptr, "/sbin")) + smask |= SBIN_MASK; + if (!strcmp (ptr, "/usr/sbin")) + smask |= USBIN_MASK; + } + + if ((smask & (USBIN_MASK|SBIN_MASK)) == (USBIN_MASK|SBIN_MASK)) + { + free (tmp); + return NULL; + } + + len = strlen (path); + if (!(smask & USBIN_MASK)) + len += strlen ("/usr/sbin:"); + + if (!(smask & SBIN_MASK)) + len += strlen (":/sbin"); + + ret = xmalloc (len + 1); + strcpy (tmp, path); + + *ret = 0; + cur = tmp; + for (ptr = strsep (&cur, ":"); ptr; ptr = strsep (&cur, ":")) + { + if (!strcmp (ptr, ".")) + continue; + if (*ret) + strcat (ret, ":"); + if (!(smask & USBIN_MASK) && !strcmp (ptr, "/bin")) + { + strcat (ret, "/usr/sbin:"); + strcat (ret, ptr); + smask |= USBIN_MASK; + continue; + } + if (!(smask & SBIN_MASK) && !strcmp (ptr, "/usr/bin")) + { + strcat (ret, ptr); + strcat (ret, ":/sbin"); + smask |= SBIN_MASK; + continue; + } + strcat (ret, ptr); + } + free (tmp); + + if (!(smask & USBIN_MASK)) + strcat (ret, ":/usr/sbin"); + + if (!(smask & SBIN_MASK)) + strcat (ret, ":/sbin"); + + return ret; +} + +static char * +clearsbin (const char *const path) +{ + char *ptr, *tmp, *cur, *ret = NULL; + + if (!path || *path == 0) + return NULL; + + tmp = strdup (path); + if (!tmp) + return NULL; + + ret = xmalloc (strlen (path) + 1); + *ret = 0; + cur = tmp; + for (ptr = strsep (&cur, ":"); ptr; ptr = strsep (&cur, ":")) + { + if (!strcmp (ptr, "/sbin")) + continue; + if (!strcmp (ptr, "/usr/sbin")) + continue; + if (!strcmp (ptr, "/usr/local/sbin")) + continue; + if (*ret) + strcat (ret, ":"); + strcat (ret, ptr); + } + free (tmp); + + return ret; +} + /* Update `environ' for the new shell based on PW, with SHELL being the value for the SHELL environment variable. */ @@ -494,6 +605,22 @@ modify_environment (const struct passwd *pw, const char *shell) DEFAULT_LOGIN_PATH) : getdef_str ("SUPATH", DEFAULT_ROOT_LOGIN_PATH))); + else + { + char const *path = getenv ("PATH"); + char *new = NULL; + + if (pw->pw_uid) + new = clearsbin (path); + else + new = addsbin (path); + + if (new) + { + xsetenv ("PATH", new); + free (new); + } + } if (pw->pw_uid) { xsetenv ("USER", pw->pw_name); -- 1.7.1 ++++++ coreutils-8.6-pam-support-for-su.diff ++++++
From 8b1e75c55ea6be5c8639c98b73ecfa0cf15226ce Mon Sep 17 00:00:00 2001 From: Ludwig Nussel
Date: Tue, 17 Aug 2010 13:21:44 +0200 Subject: [PATCH 1/7] pam support for su
---
configure.ac | 14 +++
src/Makefile.am | 4 +-
src/su.c | 266 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-
3 files changed, 278 insertions(+), 6 deletions(-)
Index: configure.ac
===================================================================
--- configure.ac.orig 2011-01-03 13:27:37.268088087 +0100
+++ configure.ac 2011-01-03 13:28:05.256895209 +0100
@@ -134,6 +134,20 @@ fi
AC_FUNC_FORK
+AC_ARG_ENABLE(pam, AS_HELP_STRING([--disable-pam],
+ [Enable PAM support in su (default=auto)]), , [enable_pam=yes])
+if test "x$enable_pam" != xno; then
+ AC_CHECK_LIB([pam], [pam_start], [enable_pam=yes], [enable_pam=no])
+ AC_CHECK_LIB([pam_misc], [misc_conv], [:], [enable_pam=no])
+ if test "x$enable_pam" != xno; then
+ AC_DEFINE(USE_PAM, 1, [Define if you want to use PAM])
+ PAM_LIBS="-lpam -lpam_misc"
+ AC_SUBST(PAM_LIBS)
+ fi
+fi
+AC_MSG_CHECKING([whether to enable PAM support in su])
+AC_MSG_RESULT([$enable_pam])
+
optional_bin_progs=
AC_CHECK_FUNCS([chroot],
gl_ADD_PROG([optional_bin_progs], [chroot]))
Index: src/Makefile.am
===================================================================
--- src/Makefile.am.orig 2011-01-03 13:27:37.268088087 +0100
+++ src/Makefile.am 2011-01-03 13:28:16.038206110 +0100
@@ -351,8 +351,8 @@ factor_LDADD += $(LIB_GMP)
# for getloadavg
uptime_LDADD += $(GETLOADAVG_LIBS)
-# for crypt
-su_LDADD += $(LIB_CRYPT)
+# for crypt and pam
+su_LDADD += $(LIB_CRYPT) $(PAM_LIBS)
# for various ACL functions
copy_LDADD += $(LIB_ACL)
Index: src/su.c
===================================================================
--- src/su.c.orig 2011-01-03 13:27:37.268088087 +0100
+++ src/su.c 2011-01-03 13:28:16.177210120 +0100
@@ -37,6 +37,16 @@
restricts who can su to UID 0 accounts. RMS considers that to
be fascist.
+#ifdef USE_PAM
+
+ Actually, with PAM, su has nothing to do with whether or not a
+ wheel group is enforced by su. RMS tries to restrict your access
+ to a su which implements the wheel group, but PAM considers that
+ to be fascist, and gives the user/sysadmin the opportunity to
+ enforce a wheel group by proper editing of /etc/pam.d/su
+
+#endif
+
Compile-time options:
-DSYSLOG_SUCCESS Log successful su's (by default, to root) with syslog.
-DSYSLOG_FAILURE Log failed su's (by default, to root) with syslog.
@@ -52,6 +62,13 @@
#include
From 3c13edc2b9aeab8f24e60a62ab5e8a8db554486f Mon Sep 17 00:00:00 2001 From: Ludwig Nussel
Date: Mon, 9 Aug 2010 16:02:30 +0200 Subject: [PATCH 4/7] set sane default path
--- src/su.c | 12 ++---------- 1 files changed, 2 insertions(+), 10 deletions(-) diff --git a/src/su.c b/src/su.c index 2a9e423..0071622 100644 --- a/src/su.c +++ b/src/su.c @@ -112,18 +112,10 @@ #endif /* The default PATH for simulated logins to non-superuser accounts. */ -#ifdef _PATH_DEFPATH -# define DEFAULT_LOGIN_PATH _PATH_DEFPATH -#else -# define DEFAULT_LOGIN_PATH ":/usr/ucb:/bin:/usr/bin" -#endif +#define DEFAULT_LOGIN_PATH "/usr/local/bin:/bin:/usr/bin" /* The default PATH for simulated logins to superuser accounts. */ -#ifdef _PATH_DEFPATH_ROOT -# define DEFAULT_ROOT_LOGIN_PATH _PATH_DEFPATH_ROOT -#else -# define DEFAULT_ROOT_LOGIN_PATH "/usr/ucb:/bin:/usr/bin:/etc" -#endif +#define DEFAULT_ROOT_LOGIN_PATH "/usr/sbin:/bin:/usr/bin:/sbin" /* The shell to run if none is given in the user's passwd entry. */ #define DEFAULT_SHELL "/bin/sh" -- 1.7.1 ++++++ coreutils-8.6-update-man-page-for-pam.diff ++++++
From 13ed7b537ae655c6d67965f1486aa2e3b181e574 Mon Sep 17 00:00:00 2001 From: Ludwig Nussel
Date: Tue, 17 Aug 2010 08:59:35 +0200 Subject: [PATCH 2/7] update man page for pam
---
doc/coreutils.texi | 34 +++++-----------------------------
1 files changed, 5 insertions(+), 29 deletions(-)
Index: doc/coreutils.texi
===================================================================
--- doc/coreutils.texi.orig 2011-01-05 14:27:40.715232991 +0100
+++ doc/coreutils.texi 2011-01-05 14:27:41.929267939 +0100
@@ -15290,8 +15290,11 @@ to certain shells, etc.).
@findex syslog
@command{su} can optionally be compiled to use @code{syslog} to report
failed, and optionally successful, @command{su} attempts. (If the system
-supports @code{syslog}.) However, GNU @command{su} does not check if the
-user is a member of the @code{wheel} group; see below.
+supports @code{syslog}.)
+
+This version of @command{su} has support for using PAM for
+authentication. You can edit @file{/etc/pam.d/su} resp @file{/etc/pam.d/su-l}
+to customize its behaviour.
The program accepts the following options. Also see @ref{Common options}.
@@ -15372,33 +15375,6 @@ Exit status:
the exit status of the subshell otherwise
@end display
-@cindex wheel group, not supported
-@cindex group wheel, not supported
-@cindex fascism
-@subsection Why GNU @command{su} does not support the @samp{wheel} group
-
-(This section is by Richard Stallman.)
-
-@cindex Twenex
-@cindex MIT AI lab
-Sometimes a few of the users try to hold total power over all the
-rest. For example, in 1984, a few users at the MIT AI lab decided to
-seize power by changing the operator password on the Twenex system and
-keeping it secret from everyone else. (I was able to thwart this coup
-and give power back to the users by patching the kernel, but I
-wouldn't know how to do that in Unix.)
-
-However, occasionally the rulers do tell someone. Under the usual
-@command{su} mechanism, once someone learns the root password who
-sympathizes with the ordinary users, he or she can tell the rest. The
-``wheel group'' feature would make this impossible, and thus cement the
-power of the rulers.
-
-I'm on the side of the masses, not that of the rulers. If you are
-used to supporting the bosses and sysadmins in whatever they do, you
-might find this idea strange at first.
-
-
@node timeout invocation
@section @command{timeout}: Run a command with a time limit
++++++ coreutils-8.9-singlethreaded-sort.patch ++++++
Index: src/sort.c
===================================================================
--- src/sort.c.orig
+++ src/sort.c
@@ -5263,8 +5263,8 @@ main (int argc, char **argv)
{
if (!nthreads)
{
- unsigned long int np = num_processors (NPROC_CURRENT_OVERRIDABLE);
- nthreads = MIN (np, DEFAULT_MAX_THREADS);
+ //unsigned long int np = num_processors (NPROC_CURRENT_OVERRIDABLE);
+ nthreads = 1; //MIN (np, DEFAULT_MAX_THREADS);
}
/* Avoid integer overflow later. */
++++++ coreutils-acl-nofollow.patch ++++++
commit 95f7c57ff4090a5dee062044d2c7b99879077808
Author: Kamil Dudka
From cdd328f232a93fb40aec25d0681ef191eaeba2da Mon Sep 17 00:00:00 2001 From: Jim Meyering
Date: Sun, 16 Oct 2011 10:35:56 +0200 Subject: [PATCH 1/3] maint: tac: remove sole use of sprintf in favor of stpcpy
* src/tac.c (copy_to_temp): Use stpcpy rather than sprintf.
Move some declarations "down" to point of initialization.
---
src/tac.c | 17 +++++++----------
1 files changed, 7 insertions(+), 10 deletions(-)
Index: src/tac.c
===================================================================
--- src/tac.c.orig 2011-02-19 18:17:03.000000000 +0100
+++ src/tac.c 2011-10-17 15:46:27.879485098 +0200
@@ -426,20 +426,17 @@ copy_to_temp (FILE **g_tmp, char **g_tem
{
static char *template = NULL;
static char const *tempdir;
- char *tempfile;
- FILE *tmp;
- int fd;
if (template == NULL)
{
- char const * const Template = "%s/tacXXXXXX";
+ char const * const Template = "tacXXXXXX";
tempdir = getenv ("TMPDIR");
if (tempdir == NULL)
tempdir = DEFAULT_TMPDIR;
- /* Subtract 2 for `%s' and add 1 for the trailing NUL byte. */
- template = xmalloc (strlen (tempdir) + strlen (Template) - 2 + 1);
- sprintf (template, Template, tempdir);
+ /* Add 1 for the slash and one for the trailing NUL byte. */
+ template = xmalloc (strlen (tempdir) + strlen (Template) + 1 + 1);
+ stpcpy (stpcpy (stpcpy (template, tempdir), "/"), Template);
}
/* FIXME: there's a small window between a successful mkstemp call
@@ -451,21 +448,23 @@ copy_to_temp (FILE **g_tmp, char **g_tem
FIXME: clean up upon fatal signal. Don't block them, in case
$TMPFILE is a remote file system. */
- tempfile = template;
- fd = mkstemp (template);
+ char *tempfile = xstrdup (template);
+ int fd = mkstemp (tempfile);
if (fd < 0)
{
error (0, errno, _("cannot create temporary file in %s"),
quote (tempdir));
+ free (tempfile);
return false;
}
- tmp = fdopen (fd, (O_BINARY ? "w+b" : "w+"));
+ FILE *tmp = fdopen (fd, (O_BINARY ? "w+b" : "w+"));
if (! tmp)
{
error (0, errno, _("cannot open %s for writing"), quote (tempfile));
close (fd);
unlink (tempfile);
+ free (tempfile);
return false;
}
@@ -501,6 +500,7 @@ copy_to_temp (FILE **g_tmp, char **g_tem
Fail:
fclose (tmp);
+ free (tempfile);
return false;
}
@@ -512,8 +512,14 @@ tac_nonseekable (int input_fd, const cha
{
FILE *tmp_stream;
char *tmp_file;
- return (copy_to_temp (&tmp_stream, &tmp_file, input_fd, file)
- && tac_seekable (fileno (tmp_stream), tmp_file));
+
+ if (!copy_to_temp (&tmp_stream, &tmp_file, input_fd, file))
+ return false;
+
+ bool ok = tac_seekable (fileno (tmp_stream), tmp_file);
+ fclose (tmp_stream);
+ free (tmp_file);
+ return ok;
}
/* Print FILE in reverse, copying it to a temporary
Index: tests/Makefile.am
===================================================================
--- tests/Makefile.am.orig 2011-10-17 15:40:44.533154336 +0200
+++ tests/Makefile.am 2011-10-17 15:40:44.882149592 +0200
@@ -270,6 +270,7 @@ TESTS = \
misc/sum-sysv \
misc/tac \
misc/tac-continue \
+ misc/tac-2-nonseekable \
misc/tail \
misc/tee \
misc/tee-dash \
Index: tests/misc/tac-2-nonseekable
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ tests/misc/tac-2-nonseekable 2011-10-17 15:40:44.883149578 +0200
@@ -0,0 +1,27 @@
+#!/bin/sh
+# ensure that tac works with two or more non-seekable inputs
+
+# Copyright (C) 2011 Free Software Foundation, Inc.
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see http://www.gnu.org/licenses/.
+
+. "${srcdir=.}/init.sh"; path_prepend_ ../src
+print_ver_ tac
+
+echo x | tac - - > out 2> err || fail=1
+echo x > exp || fail=1
+compare out exp || fail=1
+compare err /dev/null || fail=1
+
+Exit $fail
++++++ coreutils-getaddrinfo.patch ++++++
Index: gnulib-tests/test-getaddrinfo.c
===================================================================
--- gnulib-tests/test-getaddrinfo.c.orig 2010-03-13 16:21:08.000000000 +0100
+++ gnulib-tests/test-getaddrinfo.c 2010-05-05 14:51:40.343025353 +0200
@@ -88,11 +88,7 @@ simple (char const *host, char const *se
the test merely because someone is down the country on their
in-law's farm. */
if (res == EAI_AGAIN)
- {
- skip++;
- fprintf (stderr, "skipping getaddrinfo test: no network?\n");
- return 77;
- }
+ return 0;
/* IRIX reports EAI_NONAME for "https". Don't fail the test
merely because of this. */
if (res == EAI_NONAME)
++++++ coreutils-gl_printf_safe.patch ++++++
Index: configure
===================================================================
--- configure.orig 2011-10-12 11:45:49.000000000 +0200
+++ configure 2011-10-13 16:01:35.584691275 +0200
@@ -3641,7 +3641,6 @@ as_fn_append ac_func_list " alarm"
as_fn_append ac_header_list " sys/statvfs.h"
as_fn_append ac_header_list " sys/select.h"
as_fn_append ac_func_list " nl_langinfo"
-gl_printf_safe=yes
as_fn_append ac_header_list " priv.h"
as_fn_append ac_header_list " pthread.h"
as_fn_append ac_header_list " utmp.h"
Index: m4/gnulib-comp.m4
===================================================================
--- m4/gnulib-comp.m4.orig 2011-10-09 19:02:39.000000000 +0200
+++ m4/gnulib-comp.m4 2011-10-13 16:02:07.582261432 +0200
@@ -1417,7 +1417,6 @@ gl_POSIXTM
gl_POSIXVER
gl_FUNC_PRINTF_FREXP
gl_FUNC_PRINTF_FREXPL
-m4_divert_text([INIT_PREPARE], [gl_printf_safe=yes])
gl_PRIV_SET
AC_CHECK_DECLS([program_invocation_name], [], [], [#include