From ca389e42e2fb123112edd26879a49e90154622e0 Mon Sep 17 00:00:00 2001
From: z30023234 <zhengxiaoxiao2@huawei.com>
Date: Sun, 4 Feb 2024 20:15:24 +0800
Subject: [PATCH] backport some patches

(cherry picked from commit 76c1b9426d399c8f9a97f46779db76f409c7fbcc)
---
 backport-src-passwd-add-overflow-check.patch  | 32 ++++++++++
 ...src-passwd.c-Switch-to-day-precision.patch | 61 +++++++++++++++++++
 shadow.spec                                   |  7 ++-
 3 files changed, 99 insertions(+), 1 deletion(-)
 create mode 100644 backport-src-passwd-add-overflow-check.patch
 create mode 100644 backport-src-passwd.c-Switch-to-day-precision.patch

diff --git a/backport-src-passwd-add-overflow-check.patch b/backport-src-passwd-add-overflow-check.patch
new file mode 100644
index 0000000..39ccd9a
--- /dev/null
+++ b/backport-src-passwd-add-overflow-check.patch
@@ -0,0 +1,32 @@
+From 2d188a9987789f019dae2d46c50578a474ab2bdd Mon Sep 17 00:00:00 2001
+From: Tobias Stoeckmann <tobias@stoeckmann.org>
+Date: Wed, 20 Dec 2023 20:48:54 +0100
+Subject: [PATCH] src/passwd.c: Add overflow check
+
+Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
+Link: <https://github.com/shadow-maint/shadow/pull/876>
+Co-developed-by: Alejandro Colomar <alx@kernel.org>
+Signed-off-by: Alejandro Colomar <alx@kernel.org>
+
+Reference: https://github.com/shadow-maint/shadow/commit/2d188a9987789f019dae2d46c50578a474ab2bdd
+Conflict: NA
+---
+ src/passwd.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/passwd.c b/src/passwd.c
+index a24e62dfd..f494a9257 100644
+--- a/src/passwd.c
++++ b/src/passwd.c
+@@ -387,8 +387,9 @@ static void check_password (const struct passwd *pw, const struct spwd *sp)
+ 		long now, ok;
+ 		now = time(NULL) / DAY;
+ 		ok = sp->sp_lstchg;
+-		if (sp->sp_min > 0) {
+-			ok += sp->sp_min;
++		if (   (sp->sp_min > 0)
++		    && __builtin_add_overflow(ok, sp->sp_min, &ok)) {
++			ok = LONG_MAX;
+ 		}
+ 
+ 		if (now < ok) {
diff --git a/backport-src-passwd.c-Switch-to-day-precision.patch b/backport-src-passwd.c-Switch-to-day-precision.patch
new file mode 100644
index 0000000..989192e
--- /dev/null
+++ b/backport-src-passwd.c-Switch-to-day-precision.patch
@@ -0,0 +1,61 @@
+From 3b5ba41d3e9dfc3bf058f0f31529c08201265241 Mon Sep 17 00:00:00 2001
+From: Tobias Stoeckmann <tobias@stoeckmann.org>
+Date: Thu, 14 Dec 2023 11:54:00 +0100
+Subject: [PATCH] src/passwd.c: Switch to day precision
+
+The size of time_t varies across systems, but since data type long is
+more than enough to calculate with days (precision of shadow file),
+use it instead.
+
+Just in case a shadow file contains huge values, check for a possible
+signed integer overflow.
+
+Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
+Link: <https://github.com/shadow-maint/shadow/pull/876>
+Signed-off-by: Alejandro Colomar <alx@kernel.org>
+
+Reference: https://github.com/shadow-maint/shadow/commit/3b5ba41d3e9dfc3bf058f0f31529c08201265241
+Conflict: src/chpasswd.c
+---
+ src/passwd.c | 10 ++++------
+ 1 file changed, 4 insertions(+), 6 deletions(-)
+
+diff --git a/src/passwd.c b/src/passwd.c
+index 336bbc9..d79767a 100644
+--- a/src/passwd.c
++++ b/src/passwd.c
+@@ -390,7 +390,6 @@ static int new_password (const struct passwd *pw)
+  */
+ static void check_password (const struct passwd *pw, const struct spwd *sp)
+ {
+-	time_t now;
+ 	int exp_status;
+ 
+ 	exp_status = isexpired (pw, sp);
+@@ -410,8 +409,6 @@ static void check_password (const struct passwd *pw, const struct spwd *sp)
+ 		return;
+ 	}
+ 
+-	(void) time (&now);
+-
+ 	/*
+ 	 * Expired accounts cannot be changed ever. Passwords which are
+ 	 * locked may not be changed. Passwords where min > max may not be
+@@ -434,10 +431,11 @@ static void check_password (const struct passwd *pw, const struct spwd *sp)
+ 	 * Passwords may only be changed after sp_min time is up.
+ 	 */
+ 	if (sp->sp_lstchg > 0) {
+-		time_t ok;
+-		ok = (time_t) sp->sp_lstchg * SCALE;
++		long now, ok;
++		now = time(NULL) / DAY;
++		ok = sp->sp_lstchg;
+ 		if (sp->sp_min > 0) {
+-			ok += (time_t) sp->sp_min * SCALE;
++			ok += sp->sp_min;
+ 		}
+ 
+ 		if (now < ok) {
+-- 
+2.33.0
+
diff --git a/shadow.spec b/shadow.spec
index 70f71f2..1c9c0e5 100644
--- a/shadow.spec
+++ b/shadow.spec
@@ -1,6 +1,6 @@
 Name: shadow
 Version: 4.9
-Release: 14
+Release: 15
 Epoch: 2
 License: BSD and GPLv2+
 Summary: Tools for managing accounts and shadow password files
@@ -94,6 +94,8 @@ Patch74: backport-newgrp-fix-potential-string-injection.patch
 Patch75: shadow-Remove-encrypted-passwd-for-useradd-gr.patch
 Patch76: backport-shadow-userdel-add-the-adaptation-to-the-busybox-ps-.patch
 Patch77: backport-lib-btrfs-avoid-NULL-dereference.patch
+Patch78: backport-src-passwd.c-Switch-to-day-precision.patch
+Patch79: backport-src-passwd-add-overflow-check.patch 
 
 BuildRequires: gcc, libselinux-devel, audit-libs-devel, libsemanage-devel
 BuildRequires: libacl-devel, libattr-devel
@@ -263,6 +265,9 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.la
 %{_mandir}/*/*
 
 %changelog
+* Sun Feb 4 2024 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 2:4.9-15
+- backport some patches
+
 * Thu Nov 9 2023 wangqingsan <wangqingsan@huawei.com> - 2:4.9-14
 - backport some patches
 
-- 
Gitee