]> granicus.if.org Git - shadow/log
shadow
7 years agoMerge pull request #74 from AdamMajer/upstream
Serge Hallyn [Fri, 16 Jun 2017 03:41:25 +0000 (22:41 -0500)]
Merge pull request #74 from AdamMajer/upstream

support dynamically added users via pam_group

7 years agoMerge pull request #76 from edmorley/fix-changelog-dates
Serge Hallyn [Fri, 16 Jun 2017 03:38:01 +0000 (22:38 -0500)]
Merge pull request #76 from edmorley/fix-changelog-dates

Correct wrong year in ChangeLog dates

7 years agoCorrect wrong year in ChangeLog dates
Ed Morley [Thu, 15 Jun 2017 13:34:46 +0000 (14:34 +0100)]
Correct wrong year in ChangeLog dates

The recently added entries were actually for 2017.

7 years agosupport dynamically added users via pam_group
Adam Majer [Mon, 22 May 2017 11:42:35 +0000 (13:42 +0200)]
support dynamically added users via pam_group

Dynamically added users via pam_group are not listed in groups
databases but are still valid.

7 years agorelease 4.5 4.5
Serge Hallyn [Wed, 17 May 2017 19:33:02 +0000 (14:33 -0500)]
release 4.5

7 years agoupdate Changelog
Serge Hallyn [Wed, 17 May 2017 19:27:48 +0000 (14:27 -0500)]
update Changelog

7 years agoMerge pull request #72 from stoeckmann/su-regression
Serge Hallyn [Sun, 14 May 2017 16:41:40 +0000 (11:41 -0500)]
Merge pull request #72 from stoeckmann/su-regression

Reset pid_child only if waitpid was successful.

7 years agoReset pid_child only if waitpid was successful.
Tobias Stoeckmann [Sun, 14 May 2017 15:58:10 +0000 (17:58 +0200)]
Reset pid_child only if waitpid was successful.

Do not reset the pid_child to 0 if the child process is still
running. This else-condition can be reached with pid being -1,
therefore explicitly test this condition.

This is a regression fix for CVE-2017-2616. If su receives a
signal like SIGTERM, it is not propagated to the child.

Reported-by: Radu Duta <raduduta@gmail.com>
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
7 years agoMerge pull request #71 from lamby/sp_lstchg-reproducible-857803
Serge Hallyn [Wed, 19 Apr 2017 22:11:32 +0000 (17:11 -0500)]
Merge pull request #71 from lamby/sp_lstchg-reproducible-857803

Make the sp_lstchg shadow field reproducible.

7 years agoMake the sp_lstchg shadow field reproducible.
Chris Lamb [Wed, 15 Mar 2017 10:36:21 +0000 (10:36 +0000)]
Make the sp_lstchg shadow field reproducible.

The third field in the /etc/shadow file (sp_lstchg) contains the date of
the last password change expressed as the number of days since Jan 1, 1970.
As this is a relative time, creating a user today will result in:

   username:17238:0:99999:7:::

whilst creating the same user tomorrow will result in:

    username:17239:0:99999:7:::

This has an impact for the Reproducible Builds[0] project where we aim to
be independent of as many elements the build environment as possible,
including the current date.

This patch changes the behaviour to use the SOURCE_DATE_EPOCH[1]
environment variable (instead of Jan 1, 1970) if valid.

 [0] https://reproducible-builds.org/
 [1] https://reproducible-builds.org/specs/source-date-epoch/

Signed-off-by: Chris Lamb <lamby@debian.org>
7 years agoMerge pull request #70 from t8m/master
Serge Hallyn [Sat, 1 Apr 2017 20:46:05 +0000 (15:46 -0500)]
Merge pull request #70 from t8m/master

Fix buffer overflow if NULL line is present in db.

7 years agoFix buffer overflow if NULL line is present in db.
Tomas Mraz [Fri, 31 Mar 2017 14:25:06 +0000 (16:25 +0200)]
Fix buffer overflow if NULL line is present in db.

If ptr->line == NULL for an entry, the first cycle will exit,
but the second one will happily write past entries buffer.
We actually do not want to exit the first cycle prematurely
on ptr->line == NULL.
Signed-off-by: Tomas Mraz <tmraz@fedoraproject.org>
7 years agoMerge pull request #68 from yurayko/master
Serge Hallyn [Mon, 27 Mar 2017 13:24:40 +0000 (08:24 -0500)]
Merge pull request #68 from yurayko/master

updated russian translation

7 years agouser_busy: fix missing close of subuid file on error
Serge Hallyn [Thu, 23 Mar 2017 22:07:46 +0000 (17:07 -0500)]
user_busy: fix missing close of subuid file on error

Closes #69

Reported-by: plenkow
Signed-off-by: Serge Hallyn <serge@hallyn.com>
7 years agoMerge branch 'master' of https://github.com/yurayko/shadow
Yuri Kozlov [Sat, 18 Mar 2017 07:42:12 +0000 (10:42 +0300)]
Merge branch 'master' of https://github.com/yurayko/shadow

7 years agoupdated russian translation
Yuri Kozlov [Sun, 5 Mar 2017 08:17:27 +0000 (11:17 +0300)]
updated russian translation

7 years agoUpdate ru.po
yurayko [Sat, 18 Mar 2017 07:27:34 +0000 (11:27 +0400)]
Update ru.po

7 years agoUpdate ru.po
yurayko [Sat, 18 Mar 2017 07:17:56 +0000 (11:17 +0400)]
Update ru.po

7 years agoupdated russian translation
Yuri Kozlov [Sun, 5 Mar 2017 08:17:27 +0000 (11:17 +0300)]
updated russian translation

7 years agochangelog for last commit
Serge Hallyn [Thu, 23 Feb 2017 19:44:27 +0000 (13:44 -0600)]
changelog for last commit

7 years agosu: properly clear child PID
Tobias Stoeckmann [Thu, 23 Feb 2017 15:47:29 +0000 (09:47 -0600)]
su: properly clear child PID

If su is compiled with PAM support, it is possible for any local user
to send SIGKILL to other processes with root privileges. There are
only two conditions. First, the user must be able to perform su with
a successful login. This does NOT have to be the root user, even using
su with the same id is enough, e.g. "su $(whoami)". Second, SIGKILL
can only be sent to processes which were executed after the su process.
It is not possible to send SIGKILL to processes which were already
running. I consider this as a security vulnerability, because I was
able to write a proof of concept which unlocked a screen saver of
another user this way.

7 years agoMerge pull request #67 from AdamMajer/upstream
Serge Hallyn [Tue, 21 Feb 2017 20:37:42 +0000 (14:37 -0600)]
Merge pull request #67 from AdamMajer/upstream

Print error on exec failure + cosmetic changes

7 years agoRemove extra parenthesis
Adam Majer [Mon, 20 Feb 2017 13:49:30 +0000 (14:49 +0100)]
Remove extra parenthesis

7 years agoRemove unnecessary static variable usage
Adam Majer [Mon, 20 Feb 2017 13:46:18 +0000 (14:46 +0100)]
Remove unnecessary static variable usage

7 years agoAdd error handling in case exec fails
Josef Möllers [Mon, 20 Feb 2017 13:32:37 +0000 (14:32 +0100)]
Add error handling in case exec fails

We should print error message if exec fails, for some reason.

7 years agoUpdate changelog
Serge Hallyn [Sat, 11 Feb 2017 15:03:56 +0000 (09:03 -0600)]
Update changelog

7 years agouseradd: Read defaults after changing root directories
David Michael [Wed, 8 Feb 2017 23:48:36 +0000 (15:48 -0800)]
useradd: Read defaults after changing root directories

This reverts the behavior of "useradd --root" to using the settings
from login.defs in the target root directory, not the root of the
executed useradd command.

7 years agoDeleted a misplaced semicolon.
Josef Moellers [Fri, 10 Feb 2017 13:52:26 +0000 (14:52 +0100)]
Deleted a misplaced semicolon.

7 years agoUpdate Kazakh translation
Baurzhan Muftakhidinov [Tue, 7 Feb 2017 12:09:54 +0000 (17:09 +0500)]
Update Kazakh translation

Signed-off-by: Serge Hallyn <serge@hallyn.com>
7 years agoMerge pull request #59 from rbalint/master
Serge Hallyn [Sun, 5 Feb 2017 02:27:17 +0000 (20:27 -0600)]
Merge pull request #59 from rbalint/master

Patches from the Debian BTS

7 years agoUpdate changelog
Serge Hallyn [Sun, 29 Jan 2017 20:49:03 +0000 (14:49 -0600)]
Update changelog

7 years agoDon't crash on bogus keys in login.defs if PAM is enabled
Bernhard Rosenkränzer [Thu, 26 Jan 2017 15:48:48 +0000 (16:48 +0100)]
Don't crash on bogus keys in login.defs if PAM is enabled

Without this patch, PAM enabled builds crash when encountering an
invalid key in login.defs or key overrides because of array overflows

To reproduce, simply
useradd -K Windows=broken

Signed-off-by: Bernhard Rosenkränzer <bero@lindev.ch>
Signed-off-by: Serge Hallyn <serge@hallyn.com>
7 years agozh_TW.po: Remove duplicated Plural-Forms
Jakub Wilk [Tue, 24 Jan 2017 20:21:48 +0000 (21:21 +0100)]
zh_TW.po: Remove duplicated Plural-Forms

Signed-off-by: Serge Hallyn <serge@hallyn.com>
7 years agoChangelog for last commit
Serge Hallyn [Sun, 29 Jan 2017 20:38:44 +0000 (14:38 -0600)]
Changelog for last commit

7 years agoMake the group and user allocation more effective.
Tomas Mraz [Tue, 15 Nov 2016 14:43:54 +0000 (15:43 +0100)]
Make the group and user allocation more effective.

Previously, the allocation was optimized for an outdated
deployment style (that of /etc/group alongside nss_db). The issue
here is that this results in extremely poor performance when using
SSSD, Winbind or nss_ldap.

There were actually two serious bugs here that have been addressed:

1) Running getgrent() loops won't work in most SSSD or Winbind
environments, as full group enumeration is disabled by default.
This could easily result in auto-allocating a group that was
already in use. (This might result in a security issue as well, if
the shared GID is a privileged group).

2) For system groups, the loop was always iterating through the
complete SYS_GID_MIN->SYS_GID_MAX range. On SSSD and Winbind, this
means hundreds of round-trips to LDAP (unless the GIDs were
specifically configured to be ignored by the SSSD or winbindd).
To a user with a slow connection to their LDAP server, this would
appear as if groupadd -r was hung. (Though it would eventually
complete).

This patch changes the algorithm to be more favorable for LDAP
environments, at the expense of some performance when using nss_db.
Given that the DB is a local service, this should have a negligible
effect from a user's perspective.

With the new algorithm, we simply first iterate through all entries
in the local database with gr_next(), recording the IDs that are in
use. We then start from the highest presumed-available entry and
call getgrgid() to see if it is available. We continue this until
we come to the first unused GID. We then select that and return it.

If we make it through all the remaining IDs without finding a free
one, we start over from the beginning of the range and try to find
room in one of the gaps in the range.

The patch was originally written by Stephen Gallagher and applied
identically also to the user allocation by Tomáš Mráz.

Signed-off-by: Serge Hallyn <serge@hallyn.com>
7 years agoFix some spelling issues in the Norwegian translation
Lars Bahner [Thu, 19 Jan 2017 16:50:24 +0000 (17:50 +0100)]
Fix some spelling issues in the Norwegian translation

7 years agoFrench manpage translation
Thomas Blein [Thu, 19 Jan 2017 16:39:42 +0000 (17:39 +0100)]
French manpage translation

7 years agoUpdate for German man pages
Holger Wansing [Thu, 19 Jan 2017 16:34:34 +0000 (17:34 +0100)]
Update for German man pages

7 years agoUpdated Czech translation
Miroslav Kuře [Thu, 19 Jan 2017 16:26:22 +0000 (17:26 +0100)]
Updated Czech translation

7 years agoDutch translation update
Frans Spiesschaert [Thu, 19 Jan 2017 16:15:11 +0000 (17:15 +0100)]
Dutch translation update

7 years agoLast bits of enabling subuids
Micah Anderson [Wed, 18 Jan 2017 17:06:05 +0000 (18:06 +0100)]
Last bits of enabling subuids

This patch has been carried by Debian, originally
submitted to BTS in #739981

7 years agoTypos fix in german translation of man pages
Simon Kainz [Wed, 18 Jan 2017 16:24:04 +0000 (17:24 +0100)]
Typos fix in german translation of man pages

Reported to Debian BTS in #734609

7 years agoReplace user´s -> user's to make login.def files valid ASCII instead of UTF-8
Balint Reczey [Wed, 18 Jan 2017 15:54:51 +0000 (16:54 +0100)]
Replace user´s -> user's to make login.def files valid ASCII instead of UTF-8

The Unicode character caused issues in LANG=C environment.
See Debian bug #850338 for details.

8 years agoUpdate changelog
Serge Hallyn [Wed, 21 Dec 2016 18:58:05 +0000 (12:58 -0600)]
Update changelog

8 years agoUpdate _COMMONIO_H and _SHADOWIO_H to drop leading underscore
Serge Hallyn [Wed, 21 Dec 2016 18:44:59 +0000 (12:44 -0600)]
Update _COMMONIO_H and _SHADOWIO_H to drop leading underscore

Closes #23

Signed-off-by: Serge Hallyn <serge@hallyn.com>
8 years agoMerge pull request #58 from juiceme/master
Serge Hallyn [Wed, 21 Dec 2016 18:41:39 +0000 (12:41 -0600)]
Merge pull request #58 from juiceme/master

shadow: Add auditing support to su

8 years agoFix s/from/to/ in usermod.c error message
Serge Hallyn [Wed, 21 Dec 2016 18:40:03 +0000 (12:40 -0600)]
Fix s/from/to/ in usermod.c error message

Closes #49

Signed-off-by: Serge Hallyn <serge@hallyn.com>
8 years agoReset user in tallylog
Michael Vetter [Wed, 19 Oct 2016 12:40:59 +0000 (14:40 +0200)]
Reset user in tallylog

The useradd application resets the user data in /var/log/faillog, if it
exists and a new user is created.

pam_tally2 is used in many distributions.

Check for /var/log/tallylog and reset the user there.

Patch was written by Josef Moellers <jmoellers@suse.de>.

https://bugzilla.suse.com/show_bug.cgi?id=980486

8 years agoshadow: Add auditing support to su
Jussi Ohenoja [Tue, 13 Dec 2016 16:44:19 +0000 (18:44 +0200)]
shadow: Add auditing support to su

This patch extends the auditing feature used in login to su.

Signed-off-by: Jussi Ohenoja <jussi.ohenoja@nokia.com>
8 years agoMerge pull request #17 from wking/includes-to-am-cppflags
Serge Hallyn [Wed, 7 Dec 2016 06:01:54 +0000 (00:01 -0600)]
Merge pull request #17 from wking/includes-to-am-cppflags

*/Makefile.am: Replace INCLUDES with AM_CPPFLAGS

8 years agoRevert "Add files via upload"
Serge Hallyn [Wed, 7 Dec 2016 05:31:58 +0000 (23:31 -0600)]
Revert "Add files via upload"

This has caused build errors.  Please feel free to re-submit.

This reverts commit 93e3044c6d2f984ec262bd7e1452ffb3da74964f.

8 years agoMerge pull request #55 from glensc/travis2
Serge Hallyn [Wed, 7 Dec 2016 05:27:19 +0000 (23:27 -0600)]
Merge pull request #55 from glensc/travis2

enable travis integration

8 years agoMerge pull request #52 from vapier/master
Serge Hallyn [Wed, 7 Dec 2016 05:24:42 +0000 (23:24 -0600)]
Merge pull request #52 from vapier/master

autotools refresh

8 years agoMerge pull request #53 from vapier/prototypes
Serge Hallyn [Wed, 7 Dec 2016 05:23:17 +0000 (23:23 -0600)]
Merge pull request #53 from vapier/prototypes

include getdef.h for getdef_bool prototype

8 years agorun travis
Elan Ruusamäe [Mon, 5 Dec 2016 22:30:17 +0000 (00:30 +0200)]
run travis

8 years agoinclude getdef.h for getdef_bool prototype
Mike Frysinger [Mon, 5 Dec 2016 22:15:29 +0000 (17:15 -0500)]
include getdef.h for getdef_bool prototype

Otherwise we get build warnings like:
sgroupio.c:255:6: warning: implicit declaration of function 'getdef_bool' [-Wimplicit-function-declaration]
shadowio.c:131:6: warning: implicit declaration of function 'getdef_bool' [-Wimplicit-function-declaration]

8 years agoenable silent build output by default
Mike Frysinger [Mon, 5 Dec 2016 21:02:55 +0000 (16:02 -0500)]
enable silent build output by default

Enable the automake feature to produce silent output by default.
When compiling code, we now see things like:
$ make
  CC       addgrps.o
  CC       age.o
  CC       audit_help.o
...

This can be disabled via configure's --disable-silent-rules or
by passing V=1 to make.

Custom output (like in the man subdirs) don't (yet) respect this
feature.  More work will be needed to clean those up.

8 years agoman: make clean-local more robust
Mike Frysinger [Mon, 5 Dec 2016 21:02:19 +0000 (16:02 -0500)]
man: make clean-local more robust

If the subdirs aren't empty, the rmdir calls can fail.  Simplify this
code by just using `rm -rf` since that matches what we really want.

8 years agoswitch bz2 dist to xz
Mike Frysinger [Mon, 5 Dec 2016 20:57:34 +0000 (15:57 -0500)]
switch bz2 dist to xz

Since xz is fairly common nowadays, and is typically smaller/faster than
bzip2 for people to decompress, switch shadow over too.  We also merge
the two init locations into configure.ac to match newer autotools style.

The min automake version is bumped to 1.11 too since that's when xz was
released.

8 years agoignore config.cache & dist files
Mike Frysinger [Mon, 5 Dec 2016 20:48:10 +0000 (15:48 -0500)]
ignore config.cache & dist files

config.cache is generated when running `./configure -C`.

The tarballs are generated when running `make dist`.

8 years agoconfigure: avoid deprecated AC_INIT/AM_INIT_AUTOMAKE invocation
Mike Frysinger [Mon, 5 Dec 2016 20:43:20 +0000 (15:43 -0500)]
configure: avoid deprecated AC_INIT/AM_INIT_AUTOMAKE invocation

The autoconf/automake guys want AC_INIT to be passed the details of the
package directly rather than going through AM_INIT_AUTOMAKE.  Update them
both to use the newer style.

This also allows us to pass in contact details for the project.

We set the minimum autoconf version to 2.64 as that's the first one to
support passing the homepage URL in to AC_INIT.  That's a pretty old
release by now, so it shouldn't be a problem.

8 years agoupdate Changelog
Serge Hallyn [Fri, 2 Dec 2016 22:15:28 +0000 (16:15 -0600)]
update Changelog

8 years agoMerge pull request #48 from t8m/fedora
Serge Hallyn [Fri, 2 Dec 2016 22:14:24 +0000 (16:14 -0600)]
Merge pull request #48 from t8m/fedora

Four simple patches from the Fedora package to merge

8 years agoupdate changelog, finally
Serge Hallyn [Fri, 2 Dec 2016 19:41:49 +0000 (13:41 -0600)]
update changelog, finally

8 years agoMerge pull request #50 from m4sk1n/master
Serge Hallyn [Fri, 25 Nov 2016 17:58:14 +0000 (11:58 -0600)]
Merge pull request #50 from m4sk1n/master

update Polish translation

8 years agoMerge pull request #1 from m4sk1n/pl-translation-update
m4sk1n [Thu, 24 Nov 2016 08:16:48 +0000 (09:16 +0100)]
Merge pull request #1 from m4sk1n/pl-translation-update

Add files via upload

8 years agoAdd files via upload
m4sk1n [Thu, 24 Nov 2016 08:07:41 +0000 (09:07 +0100)]
Add files via upload

81% completed

8 years agoMerge pull request #43 from Blub/suidbins-rule-fixup
Serge Hallyn [Sat, 19 Nov 2016 02:13:48 +0000 (20:13 -0600)]
Merge pull request #43 from Blub/suidbins-rule-fixup

buildsys: fix suidubins assignments

8 years agosnprintf() always terminates output with \0
Tomas Mraz [Tue, 15 Nov 2016 15:05:44 +0000 (16:05 +0100)]
snprintf() always terminates output with \0

8 years agoKeep the permissions of the original file when creating a backup.
Tomas Mraz [Tue, 15 Nov 2016 15:04:24 +0000 (16:04 +0100)]
Keep the permissions of the original file when creating a backup.

8 years agoAudit the home directory ownership change.
Tomas Mraz [Tue, 15 Nov 2016 15:03:40 +0000 (16:03 +0100)]
Audit the home directory ownership change.

8 years agoPrint error message if SELinux file context manipulation fails.
Tomas Mraz [Tue, 15 Nov 2016 15:00:51 +0000 (16:00 +0100)]
Print error message if SELinux file context manipulation fails.

8 years agoMerge pull request #44 from evgeni/man-subuid-spelling
Serge Hallyn [Wed, 9 Nov 2016 23:05:33 +0000 (17:05 -0600)]
Merge pull request #44 from evgeni/man-subuid-spelling

man: fix --{add,del}-sub{g,u}ids spelling

8 years agoman: fix --{add,del}-sub{g,u}ids spelling
Evgeni Golov [Wed, 9 Nov 2016 21:23:18 +0000 (22:23 +0100)]
man: fix --{add,del}-sub{g,u}ids spelling

docs wrongly had a hyphen between sub and uids/gids

8 years agobuildsys: fix suidubins assignments
Wolfgang Bumiller [Sat, 5 Nov 2016 14:51:13 +0000 (15:51 +0100)]
buildsys: fix suidubins assignments

These assignments were pasted as is into the Makefile and
ended up as part of a rule. (Usually the .PRECIOUS rule
which is why the build system never attempted to execute it
as commands, hiding the problem.)

Signed-off-by: Wolfgang Bumiller <wry.git@bumiller.com>
Reported-by: Rahel A <ra00177@surrey.ac.uk>
8 years agoMerge pull request #42 from jubalh/maint
Serge Hallyn [Fri, 4 Nov 2016 14:01:16 +0000 (09:01 -0500)]
Merge pull request #42 from jubalh/maint

Update README with current maintainer

8 years agoUpdate README with current maintainer
Michael Vetter [Wed, 2 Nov 2016 08:30:05 +0000 (09:30 +0100)]
Update README with current maintainer

8 years agoMerge pull request #41 from selkfoster/master
Serge Hallyn [Thu, 20 Oct 2016 00:29:43 +0000 (19:29 -0500)]
Merge pull request #41 from selkfoster/master

Remove non-POSIX option in chmod(1) used for src/Makefile.am

8 years agoRemove non-POSIX option in chmod(1) used for src/Makefile.am
Matias A. Fonzo [Tue, 18 Oct 2016 18:46:27 +0000 (15:46 -0300)]
Remove non-POSIX option in chmod(1) used for src/Makefile.am

8 years agoUpdate Vietnamese translations
Trần Ngọc Quân [Thu, 6 Oct 2016 17:15:19 +0000 (12:15 -0500)]
Update Vietnamese translations

8 years agoMerge pull request #33 from t8m/master
Serge Hallyn [Wed, 21 Sep 2016 14:12:15 +0000 (09:12 -0500)]
Merge pull request #33 from t8m/master

Fix regression in useradd not loading defaults properly.

8 years agoMerge pull request #36 from atsampson/master
Serge Hallyn [Tue, 20 Sep 2016 13:14:28 +0000 (08:14 -0500)]
Merge pull request #36 from atsampson/master

Add missing size args to snprintf calls.

8 years agoUse sizeof rather than hardcoding snprintf's size argument.
Adam Sampson [Thu, 15 Sep 2016 15:54:42 +0000 (16:54 +0100)]
Use sizeof rather than hardcoding snprintf's size argument.

8 years agorelease 4.4 4.4
Serge Hallyn [Sun, 18 Sep 2016 23:34:57 +0000 (18:34 -0500)]
release 4.4

8 years agosu.c: fix missing length argument to snprintf
Serge Hallyn [Mon, 19 Sep 2016 02:31:18 +0000 (21:31 -0500)]
su.c: fix missing length argument to snprintf

8 years agoupdate translations
Serge Hallyn [Sun, 18 Sep 2016 23:23:49 +0000 (18:23 -0500)]
update translations

8 years agoFix regression in useradd not loading defaults properly.
Tomas Mraz [Thu, 25 Aug 2016 09:20:34 +0000 (11:20 +0200)]
Fix regression in useradd not loading defaults properly.

The get_defaults() has to be called before processing the flags.

Signed-off-by: Tomáš Mráz <tmraz@fedoraproject.org>
8 years agoconfigure.ac: release 4.3.1 4.3.1
Serge Hallyn [Mon, 15 Aug 2016 03:59:23 +0000 (22:59 -0500)]
configure.ac: release 4.3.1

Signed-off-by: Serge Hallyn <serge@hallyn.com>
8 years agoidmapping: add more checks for overflow
Serge Hallyn [Sun, 14 Aug 2016 23:05:00 +0000 (18:05 -0500)]
idmapping: add more checks for overflow

At this point they are redundant but should be safe.  Thanks to
Sebastian Krahmer for the first check.

8 years agoalso check upper for wrap
Serge Hallyn [Fri, 5 Aug 2016 22:16:48 +0000 (17:16 -0500)]
also check upper for wrap

8 years agoMerge pull request #30 from jwilk/spelling
Serge Hallyn [Fri, 5 Aug 2016 16:59:45 +0000 (11:59 -0500)]
Merge pull request #30 from jwilk/spelling

man: Fix typos

8 years agoMerge pull request #29 from hemio-ev/lower-su-syslog-priority
Serge Hallyn [Fri, 5 Aug 2016 16:59:15 +0000 (11:59 -0500)]
Merge pull request #29 from hemio-ev/lower-su-syslog-priority

Reduces syslog priority of common usage events

8 years agoman: Fix typos
Jakub Wilk [Fri, 5 Aug 2016 16:50:51 +0000 (18:50 +0200)]
man: Fix typos

8 years agoMerge pull request #24 from stoeckmann/typos
Serge Hallyn [Fri, 5 Aug 2016 04:39:25 +0000 (23:39 -0500)]
Merge pull request #24 from stoeckmann/typos

Fixed typos in new{g,u}idmap tools.

8 years agoMerge pull request #25 from stoeckmann/sigrace
Serge Hallyn [Fri, 5 Aug 2016 04:38:24 +0000 (23:38 -0500)]
Merge pull request #25 from stoeckmann/sigrace

Fixed signal races in shadow tools.

8 years agoReduces syslog priority of common usage events
Michael Herold [Thu, 4 Aug 2016 20:17:31 +0000 (22:17 +0200)]
Reduces syslog priority of common usage events

- Log INFO instead of ERR on `su missing-user`
- Log NOTICE/WARN instead of ERR on pam_authenticate failure (wrong password for example)

8 years agoSimplify getulong
Sebastian Krahmer [Wed, 3 Aug 2016 16:51:07 +0000 (11:51 -0500)]
Simplify getulong

Use strtoul to read an unsigned long, rather than reading
a signed long long and casting it.

https://bugzilla.suse.com/show_bug.cgi?id=979282

8 years agoget_map_ranges: check for overflow
Serge Hallyn [Sun, 31 Jul 2016 17:55:44 +0000 (12:55 -0500)]
get_map_ranges: check for overflow

The kernel accepts u32 values, so make sure that userspace
is not passing large values.

Signed-off-by: Serge Hallyn <serge@hallyn.com>
8 years agoMerge pull request #26 from jubalh/master
Serge Hallyn [Tue, 19 Jul 2016 13:02:31 +0000 (08:02 -0500)]
Merge pull request #26 from jubalh/master

Fix sentence in usermod manual

8 years agoFix sentence in usermod manual
Michael Vetter [Mon, 18 Jul 2016 13:18:08 +0000 (15:18 +0200)]
Fix sentence in usermod manual

Should have been: '[...] but only checkS [...]'.
So there was a missing 's'. Architectures isn't the right word either.
I decided to write the whole sentence new.