1
0
Fork 0
mirror of git://slackware.nl/current.git synced 2025-01-22 07:27:59 +01:00
slackware-current/source/a/shadow/68a722760487d3537905d97d45e5fba189592022.patch

322 lines
10 KiB
Diff
Raw Normal View History

Thu Oct 26 19:55:16 UTC 2023 a/kernel-firmware-20231024_4ee0175-noarch-1.txz: Upgraded. a/kernel-generic-6.1.60-x86_64-1.txz: Upgraded. a/kernel-huge-6.1.60-x86_64-1.txz: Upgraded. a/kernel-modules-6.1.60-x86_64-1.txz: Upgraded. a/shadow-4.14.1-x86_64-1.txz: Upgraded. d/kernel-headers-6.1.60-x86-1.txz: Upgraded. k/kernel-source-6.1.60-noarch-1.txz: Upgraded. Hey folks, if you've been following LQ you know I've talked before about dropping the huge kernel and moving the distribution to use only the generic kernel plus an initrd. After mulling this over for a few months, I think I was looking at the problem in the wrong way. First of all, it's clear that some Slackware users have been using the huge kernel all along, without an initrd, and are (to say the least) unhappy about the prospect of a new requirement to start using one. I've been recommending the generic kernel for some time, and a major reason is that we've been using the same set of kernel modules with two slightly different kernels. Because of this, there have always been a few (generally seldom used) kernel modules that won't load into the huge kernel. These are things that aren't built into the huge kernel, but because of a difference in some kernel module dependency, they won't load. The conclusion that I've come to here is that rather than drop the huge kernel, or slap a LOCALVERSION on it and provide a whole duplicate tree of kernel modules especially for the huge kernel, it would be better to make the generic kernel more huge, and minimize the differences between the two kernel configs. That's what I've done here. Shown below are the differences between the previous generic kernel config and the one shipping in this update. You'll notice that most of the popular filesystems are built in. At this point the main difference it that the huge kernel has a couple of dozen SCSI drivers built into it. The modules for those drivers won't load into the huge kernel, but they're fully built in so that doesn't matter. If you find any other modules that will not load into the huge kernel, please make a note about it on LQ and I'll see what can be done. So, tl;dr - what does this change mean? Unless your root device is on SCSI, if you were able to use the huge kernel without an initrd previously, you should now be able to use the generic kernel without an initrd. The kernel is a bit bigger, but we probably have enough RAM these days that it won't make a difference. Enjoy! :-) -CIFS_SMB_DIRECT n 9P_FS m -> y 9P_FSCACHE n -> y BTRFS_FS m -> y CIFS m -> y CRYPTO_CMAC m -> y CRYPTO_CRC32 m -> y CRYPTO_XXHASH m -> y CRYPTO_ZSTD m -> y EFIVAR_FS m -> y EXFAT_FS m -> y EXT2_FS m -> y EXT3_FS m -> y EXT4_FS m -> y F2FS_FS m -> y FAILOVER m -> y FAT_FS m -> y FSCACHE m -> y FS_ENCRYPTION_ALGS m -> y FS_MBCACHE m -> y HW_RANDOM_VIRTIO m -> y ISO9660_FS m -> y JBD2 m -> y JFS_FS m -> y LZ4HC_COMPRESS m -> y LZ4_COMPRESS m -> y MSDOS_FS m -> y NETFS_SUPPORT m -> y NET_9P m -> y NET_9P_FD m -> y NET_9P_VIRTIO m -> y NET_FAILOVER m -> y NFSD m -> y NLS_CODEPAGE_437 m -> y NTFS3_FS m -> y NTFS_FS m -> y PSTORE_LZ4_COMPRESS n -> m PSTORE_LZO_COMPRESS n -> m PSTORE_ZSTD_COMPRESS n -> y QFMT_V2 m -> y QUOTA_TREE m -> y REISERFS_FS m -> y RPCSEC_GSS_KRB5 m -> y SMBFS m -> y SQUASHFS m -> y UDF_FS m -> y VFAT_FS m -> y VIRTIO_BALLOON m -> y VIRTIO_BLK m -> y VIRTIO_CONSOLE m -> y VIRTIO_INPUT m -> y VIRTIO_MMIO m -> y VIRTIO_NET m -> y VIRTIO_PCI m -> y VIRTIO_PCI_LIB m -> y VIRTIO_PCI_LIB_LEGACY m -> y VIRTIO_PMEM m -> y XFS_FS m -> y ZONEFS_FS n -> m ZSTD_COMPRESS m -> y +NFS_FSCACHE y +PSTORE_LZ4_COMPRESS_DEFAULT n +PSTORE_LZO_COMPRESS_DEFAULT n +PSTORE_ZSTD_COMPRESS_DEFAULT n kde/plasma-workspace-5.27.9.1-x86_64-1.txz: Upgraded. l/glib2-2.78.1-x86_64-1.txz: Upgraded. l/netpbm-11.04.03-x86_64-1.txz: Upgraded. l/newt-0.52.24-x86_64-1.txz: Upgraded. n/gpgme-1.23.0-x86_64-1.txz: Upgraded. n/p11-kit-0.25.1-x86_64-1.txz: Upgraded. n/php-8.2.12-x86_64-1.txz: Upgraded. This is a bugfix release. For more information, see: https://www.php.net/ChangeLog-8.php#8.2.12 x/xorg-server-21.1.9-x86_64-1.txz: Upgraded. This update fixes security issues: OOB write in XIChangeDeviceProperty/RRChangeOutputProperty. Use-after-free bug in DestroyWindow. For more information, see: https://lists.x.org/archives/xorg-announce/2023-October/003430.html https://www.cve.org/CVERecord?id=CVE-2023-5367 https://www.cve.org/CVERecord?id=CVE-2023-5380 (* Security fix *) x/xorg-server-xephyr-21.1.9-x86_64-1.txz: Upgraded. x/xorg-server-xnest-21.1.9-x86_64-1.txz: Upgraded. x/xorg-server-xvfb-21.1.9-x86_64-1.txz: Upgraded. x/xorg-server-xwayland-23.2.2-x86_64-1.txz: Upgraded. This update fixes a security issue: OOB write in XIChangeDeviceProperty/RRChangeOutputProperty. For more information, see: https://lists.x.org/archives/xorg-announce/2023-October/003430.html https://www.cve.org/CVERecord?id=CVE-2023-5367 (* Security fix *) xap/mozilla-thunderbird-115.4.1-x86_64-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.4.1/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/ https://www.cve.org/CVERecord?id=CVE-2023-5721 https://www.cve.org/CVERecord?id=CVE-2023-5732 https://www.cve.org/CVERecord?id=CVE-2023-5724 https://www.cve.org/CVERecord?id=CVE-2023-5725 https://www.cve.org/CVERecord?id=CVE-2023-5726 https://www.cve.org/CVERecord?id=CVE-2023-5727 https://www.cve.org/CVERecord?id=CVE-2023-5728 https://www.cve.org/CVERecord?id=CVE-2023-5730 (* Security fix *) xfce/thunar-4.18.8-x86_64-1.txz: Upgraded. isolinux/initrd.img: Rebuilt. kernels/*: Upgraded. usb-and-pxe-installers/usbboot.img: Rebuilt.
2023-10-26 21:55:16 +02:00
From 68a722760487d3537905d97d45e5fba189592022 Mon Sep 17 00:00:00 2001
From: Iker Pedrosa <ipedrosa@redhat.com>
Date: Tue, 8 Aug 2023 16:01:41 +0200
Subject: [PATCH] libmisc: add readpassphrase source code
Remove libbsd dependency by including the source code of
readpassphrase() in the project.
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
---
configure.ac | 17 +---
libmisc/Makefile.am | 2 +
libmisc/readpassphrase.c | 198 +++++++++++++++++++++++++++++++++++++++
libmisc/readpassphrase.h | 45 +++++++++
4 files changed, 246 insertions(+), 16 deletions(-)
create mode 100644 libmisc/readpassphrase.c
create mode 100644 libmisc/readpassphrase.h
diff --git a/configure.ac b/configure.ac
index d9cf73037..160719dd5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -45,7 +45,7 @@ AC_CHECK_HEADERS(crypt.h utmp.h \
dnl shadow now uses the libc's shadow implementation
AC_CHECK_HEADER([shadow.h],,[AC_MSG_ERROR([You need a libc with shadow.h])])
-AC_CHECK_FUNCS(arc4random_buf futimes \
+AC_CHECK_FUNCS(arc4random_buf futimes readpassphrase \
getentropy getrandom getspnam getusershell \
initgroups lckpwdf lutimes mempcpy \
setgroups updwtmp updwtmpx innetgr \
@@ -412,21 +412,6 @@ AC_SUBST(LIYESCRYPT)
AC_CHECK_LIB(crypt, crypt, [LIYESCRYPT=-lcrypt],
[AC_MSG_ERROR([crypt() not found])])
-AC_SEARCH_LIBS([readpassphrase], [bsd], [], [
- AC_MSG_ERROR([readpassphrase() is missing, either from libc or libbsd])
-])
-AS_IF([test "$ac_cv_search_readpassphrase" = "-lbsd"], [
- PKG_CHECK_MODULES([LIBBSD], [libbsd-overlay])
-])
-dnl Make sure either the libc or libbsd provide the header.
-save_CFLAGS="$CFLAGS"
-CFLAGS="$CFLAGS $LIBBSD_CFLAGS"
-AC_CHECK_HEADERS([readpassphrase.h])
-AS_IF([test "$ac_cv_header_readpassphrase_h" != "yes"], [
- AC_MSG_ERROR([readpassphrase.h is missing])
-])
-CFLAGS="$save_CFLAGS"
-
AC_SUBST(LIBACL)
if test "$with_acl" != "no"; then
AC_CHECK_HEADERS(acl/libacl.h attr/error_context.h, [acl_header="yes"], [acl_header="no"])
diff --git a/libmisc/Makefile.am b/libmisc/Makefile.am
index b135447c9..90f1dec8e 100644
--- a/libmisc/Makefile.am
+++ b/libmisc/Makefile.am
@@ -64,6 +64,8 @@ libmisc_la_SOURCES = \
pwdcheck.c \
pwd_init.c \
csrand.c \
+ readpassphrase.h \
+ readpassphrase.c \
remove_tree.c \
rlogin.c \
root_flag.c \
diff --git a/libmisc/readpassphrase.c b/libmisc/readpassphrase.c
new file mode 100644
index 000000000..5ff060cca
--- /dev/null
+++ b/libmisc/readpassphrase.c
@@ -0,0 +1,198 @@
+/* $OpenBSD: readpassphrase.c,v 1.26 2016/10/18 12:47:18 millert Exp $ */
+
+/*
+ * Copyright (c) 2000-2002, 2007, 2010
+ * Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <ctype.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <paths.h>
+#include <pwd.h>
+#include <signal.h>
+#include <string.h>
+#include <termios.h>
+#include <unistd.h>
+#include <readpassphrase.h>
+
+#ifndef TCSASOFT
+#define TCSASOFT 0
+#endif
+
+#ifndef _NSIG
+#if defined(NSIG)
+#define _NSIG NSIG
+#else
+/* The SIGRTMAX define might be set to a function such as sysconf(). */
+#define _NSIG (SIGRTMAX + 1)
+#endif
+#endif
+
+static volatile sig_atomic_t signo[_NSIG];
+
+static void handler(int);
+
+char *
+readpassphrase(const char *prompt, char *buf, size_t bufsiz, int flags)
+{
+ ssize_t nr;
+ int input, output, save_errno, i, need_restart;
+ char ch, *p, *end;
+ struct termios term, oterm;
+ struct sigaction sa, savealrm, saveint, savehup, savequit, saveterm;
+ struct sigaction savetstp, savettin, savettou, savepipe;
+
+ /* I suppose we could alloc on demand in this case (XXX). */
+ if (bufsiz == 0) {
+ errno = EINVAL;
+ return(NULL);
+ }
+
+restart:
+ for (i = 0; i < _NSIG; i++)
+ signo[i] = 0;
+ nr = -1;
+ save_errno = 0;
+ need_restart = 0;
+ /*
+ * Read and write to /dev/tty if available. If not, read from
+ * stdin and write to stderr unless a tty is required.
+ */
+ if ((flags & RPP_STDIN) ||
+ (input = output = open(_PATH_TTY, O_RDWR)) == -1) {
+ if (flags & RPP_REQUIRE_TTY) {
+ errno = ENOTTY;
+ return(NULL);
+ }
+ input = STDIN_FILENO;
+ output = STDERR_FILENO;
+ }
+
+ /*
+ * Turn off echo if possible.
+ * If we are using a tty but are not the foreground pgrp this will
+ * generate SIGTTOU, so do it *before* installing the signal handlers.
+ */
+ if (input != STDIN_FILENO && tcgetattr(input, &oterm) == 0) {
+ memcpy(&term, &oterm, sizeof(term));
+ if (!(flags & RPP_ECHO_ON))
+ term.c_lflag &= ~(ECHO | ECHONL);
+#ifdef VSTATUS
+ if (term.c_cc[VSTATUS] != _POSIX_VDISABLE)
+ term.c_cc[VSTATUS] = _POSIX_VDISABLE;
+#endif
+ (void)tcsetattr(input, TCSAFLUSH|TCSASOFT, &term);
+ } else {
+ memset(&term, 0, sizeof(term));
+ term.c_lflag |= ECHO;
+ memset(&oterm, 0, sizeof(oterm));
+ oterm.c_lflag |= ECHO;
+ }
+
+ /*
+ * Catch signals that would otherwise cause the user to end
+ * up with echo turned off in the shell. Don't worry about
+ * things like SIGXCPU and SIGVTALRM for now.
+ */
+ sigemptyset(&sa.sa_mask);
+ sa.sa_flags = 0; /* don't restart system calls */
+ sa.sa_handler = handler;
+ (void)sigaction(SIGALRM, &sa, &savealrm);
+ (void)sigaction(SIGHUP, &sa, &savehup);
+ (void)sigaction(SIGINT, &sa, &saveint);
+ (void)sigaction(SIGPIPE, &sa, &savepipe);
+ (void)sigaction(SIGQUIT, &sa, &savequit);
+ (void)sigaction(SIGTERM, &sa, &saveterm);
+ (void)sigaction(SIGTSTP, &sa, &savetstp);
+ (void)sigaction(SIGTTIN, &sa, &savettin);
+ (void)sigaction(SIGTTOU, &sa, &savettou);
+
+ if (!(flags & RPP_STDIN))
+ (void)write(output, prompt, strlen(prompt));
+ end = buf + bufsiz - 1;
+ p = buf;
+ while ((nr = read(input, &ch, 1)) == 1 && ch != '\n' && ch != '\r') {
+ if (p < end) {
+ if ((flags & RPP_SEVENBIT))
+ ch &= 0x7f;
+ if (isalpha((unsigned char)ch)) {
+ if ((flags & RPP_FORCELOWER))
+ ch = (char)tolower((unsigned char)ch);
+ if ((flags & RPP_FORCEUPPER))
+ ch = (char)toupper((unsigned char)ch);
+ }
+ *p++ = ch;
+ }
+ }
+ *p = '\0';
+ save_errno = errno;
+ if (!(term.c_lflag & ECHO))
+ (void)write(output, "\n", 1);
+
+ /* Restore old terminal settings and signals. */
+ if (memcmp(&term, &oterm, sizeof(term)) != 0) {
+ const int sigttou = signo[SIGTTOU];
+
+ /* Ignore SIGTTOU generated when we are not the fg pgrp. */
+ while (tcsetattr(input, TCSAFLUSH|TCSASOFT, &oterm) == -1 &&
+ errno == EINTR && !signo[SIGTTOU])
+ continue;
+ signo[SIGTTOU] = sigttou;
+ }
+ (void)sigaction(SIGALRM, &savealrm, NULL);
+ (void)sigaction(SIGHUP, &savehup, NULL);
+ (void)sigaction(SIGINT, &saveint, NULL);
+ (void)sigaction(SIGQUIT, &savequit, NULL);
+ (void)sigaction(SIGPIPE, &savepipe, NULL);
+ (void)sigaction(SIGTERM, &saveterm, NULL);
+ (void)sigaction(SIGTSTP, &savetstp, NULL);
+ (void)sigaction(SIGTTIN, &savettin, NULL);
+ (void)sigaction(SIGTTOU, &savettou, NULL);
+ if (input != STDIN_FILENO)
+ (void)close(input);
+
+ /*
+ * If we were interrupted by a signal, resend it to ourselves
+ * now that we have restored the signal handlers.
+ */
+ for (i = 0; i < _NSIG; i++) {
+ if (signo[i]) {
+ kill(getpid(), i);
+ switch (i) {
+ case SIGTSTP:
+ case SIGTTIN:
+ case SIGTTOU:
+ need_restart = 1;
+ }
+ }
+ }
+ if (need_restart)
+ goto restart;
+
+ if (save_errno)
+ errno = save_errno;
+ return(nr == -1 ? NULL : buf);
+}
+
+static void handler(int s)
+{
+
+ signo[s] = 1;
+}
diff --git a/libmisc/readpassphrase.h b/libmisc/readpassphrase.h
new file mode 100644
index 000000000..336a01156
--- /dev/null
+++ b/libmisc/readpassphrase.h
@@ -0,0 +1,45 @@
+/* $OpenBSD: readpassphrase.h,v 1.4 2003/06/03 01:52:39 millert Exp $ */
+
+/*
+ * Copyright (c) 2000, 2002 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#ifndef LIBBSD_READPASSPHRASE_H
+#define LIBBSD_READPASSPHRASE_H
+
+#define RPP_ECHO_OFF 0x00 /* Turn off echo (default). */
+#define RPP_ECHO_ON 0x01 /* Leave echo on. */
+#define RPP_REQUIRE_TTY 0x02 /* Fail if there is no tty. */
+#define RPP_FORCELOWER 0x04 /* Force input to lower case. */
+#define RPP_FORCEUPPER 0x08 /* Force input to upper case. */
+#define RPP_SEVENBIT 0x10 /* Strip the high bit from input. */
+#define RPP_STDIN 0x20 /* Read from stdin, not /dev/tty */
+
+#ifdef LIBBSD_OVERLAY
+#include <sys/cdefs.h>
+#else
+//#include <bsd/sys/cdefs.h>
+#endif
+#include <sys/types.h>
+
+__BEGIN_DECLS
+char * readpassphrase(const char *, char *, size_t, int);
+__END_DECLS
+
+#endif /* !LIBBSD_READPASSPHRASE_H */