diff --git a/backport-lib-idmapping.c--Use-long-constants-in-prctl-2.patch b/backport-lib-idmapping.c--Use-long-constants-in-prctl-2.patch new file mode 100644 index 0000000000000000000000000000000000000000..2950a89df35c249f07a4bd64d6886d7f7c76440e --- /dev/null +++ b/backport-lib-idmapping.c--Use-long-constants-in-prctl-2.patch @@ -0,0 +1,37 @@ +From 80efeebaf296dc4814e15d67977726b3ee93c048 Mon Sep 17 00:00:00 2001 +From: Alejandro Colomar +Date: Fri, 31 May 2024 18:30:16 +0200 +Subject: [PATCH] lib/idmapping.c: Use long constants in prctl(2), and remove + 0s + +The prctl(2) system-call wrapper is implemented as a variadic function. +This makes it important to pass arguments to it of the right type (and +more importantly of the right width), to avoid undefined behavior. + +While at it, check errors with ==-1, not <0, which is more explicit. + +Also, PR_SET_KEEPCAPS(2const) doesn't need all arguments, so it can be +called with just two of them; remove unnecessary 0s. + +See-also: prctl(2), PR_SET_KEEPCAPS(2const) +Link: +Cc: Xi Ruoyao +Cc: Lukas Slebodnik +Signed-off-by: Alejandro Colomar +--- + lib/idmapping.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/idmapping.c b/lib/idmapping.c +index fe3ccdfe3..5cbb6fefc 100644 +--- a/lib/idmapping.c ++++ b/lib/idmapping.c +@@ -159,7 +159,7 @@ void write_mapping(int proc_dir_fd, int ranges, const struct map_range *mappings + + /* Align setuid- and fscaps-based new{g,u}idmap behavior. */ + if (geteuid() == 0 && geteuid() != ruid) { +- if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) < 0) { ++ if (prctl(PR_SET_KEEPCAPS, 1L) == -1) { + fprintf(log_get_logfd(), _("%s: Could not prctl(PR_SET_KEEPCAPS)\n"), log_get_progname()); + exit(EXIT_FAILURE); + } diff --git a/backport-libsubid-Dealocate-memory-on-exit.patch b/backport-libsubid-Dealocate-memory-on-exit.patch new file mode 100644 index 0000000000000000000000000000000000000000..2217a3fb55c8399caee5c1794dfcb124671861b0 --- /dev/null +++ b/backport-libsubid-Dealocate-memory-on-exit.patch @@ -0,0 +1,20 @@ +From 7949f2f026f0123467cdaad1e1992d5dc905872c Mon Sep 17 00:00:00 2001 +From: Daniel Bershatsky +Date: Wed, 12 Jun 2024 19:26:45 +0300 +Subject: [PATCH] libsubid: Dealocate memory on exit + +--- + src/getsubids.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/getsubids.c b/src/getsubids.c +index fb645b194..0753abd7a 100644 +--- a/src/getsubids.c ++++ b/src/getsubids.c +@@ -44,5 +44,6 @@ int main(int argc, char *argv[]) + printf("%d: %s %lu %lu\n", i, owner, + ranges[i].start, ranges[i].count); + } ++ free(ranges); + return 0; + } diff --git a/backport-man-lastlog-remove-wrong-use-of-keyword-term.patch b/backport-man-lastlog-remove-wrong-use-of-keyword-term.patch new file mode 100644 index 0000000000000000000000000000000000000000..275dd2292d26f8c7f0e532f3b0e7c17f3ba28440 --- /dev/null +++ b/backport-man-lastlog-remove-wrong-use-of-keyword-term.patch @@ -0,0 +1,30 @@ +From 9f57beb31ade241aeda412a8ada4912bab83bd40 Mon Sep 17 00:00:00 2001 +From: Serge Hallyn +Date: Wed, 5 Jun 2024 08:02:27 -0500 +Subject: [PATCH] man/lastlog: remove wrong use of keyword term + +Per https://tdg.docbook.org/tdg/4.5/term, term is a word being +defined in a varlistentry. The 'high uid' description is not a +varlistentry, so and show up in the processed +manpage. See debian Bug#1072297. + +Signed-off-by: Serge Hallyn +--- + man/lastlog.8.xml | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/man/lastlog.8.xml b/man/lastlog.8.xml +index 7a4ba967f..6700791c1 100644 +--- a/man/lastlog.8.xml ++++ b/man/lastlog.8.xml +@@ -211,8 +211,8 @@ + to hang as it processes entries with UIDs 171-799). + + +- Having high UIDs can create problems when handling the +- /var/log/lastlog with external tools. Although the ++ Having high UIDs can create problems when handling the ++ /var/log/lastlog with external tools. Although the + actual file is sparse and does not use too much space, certain + applications are not designed to identify sparse files by default and may + require a specific option to handle them. diff --git a/shadow.spec b/shadow.spec index daee21aed7af30cda6b0f59982dc948ef0197c52..3aa0070a6e3d0d2156dcc4dea3d71874e057cb40 100644 --- a/shadow.spec +++ b/shadow.spec @@ -1,6 +1,6 @@ Name: shadow Version: 4.14.3 -Release: 2 +Release: 3 Epoch: 2 License: BSD and GPLv2+ Summary: Tools for managing accounts and shadow password files @@ -24,6 +24,11 @@ Patch4: backport-src-usermod.c-update_group_file-Fix-RESOURCE_LEAK-CW.patch Patch5: backport-src-usermod.c-update_gshadow_file-Fix-RESOURCE_LEAK-.patch Patch6: backport-src-groupmod.c-delete-gr_free_members-grp-to-avoid-d.patch +Patch7: backport-lib-idmapping.c--Use-long-constants-in-prctl-2.patch +Patch8: backport-libsubid-Dealocate-memory-on-exit.patch +Patch9: backport-man-lastlog-remove-wrong-use-of-keyword-term.patch + + BuildRequires: gcc, libselinux-devel, audit-libs-devel, libsemanage-devel BuildRequires: libacl-devel, libattr-devel BuildRequires: bison, flex, gnome-doc-utils, docbook-style-xsl, docbook-dtds @@ -192,6 +197,11 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.{la,a} %{_mandir}/*/* %changelog +* Thu Sep 26 2024 zhangxingrong - 2:4.14.3-3 +- lib/idmapping.c: Use long constants in prctl(2) +- libsubid: Dealocate memory on exit +- man/lastlog: remove wrong use of keyword term + * Mon Jul 15 2024 wangziliang - 2:4.14.3-2 - backport patches from upstream