sys-apps/shadow: Security cleanup (bug #610804).

Package-Manager: Portage-2.3.4, Repoman-2.3.2

2 files changed, 0 insertions, 117 deletions

diff --git a/sys-apps/shadow/files/shadow-4.2.1-cross-size-checks.patch b/sys-apps/shadow/files/shadow-4.2.1-cross-size-checks.patch
deleted file mode 100644
index f067caab204d..000000000000
--- a/sys-apps/shadow/files/shadow-4.2.1-cross-size-checks.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 2cb54158b80cdbd97ca3b36df83f9255e923ae3f Mon Sep 17 00:00:00 2001
-From: James Le Cuirot <chewi@aura-online.co.uk>
-Date: Sat, 23 Aug 2014 09:46:39 +0100
-Subject: [PATCH] Check size of uid_t and gid_t using AC_CHECK_SIZEOF
-
-This built-in check is simpler than the previous method and, most
-importantly, works when cross-compiling.
-
-Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
----
- configure.in | 14 ++++----------
- 1 file changed, 4 insertions(+), 10 deletions(-)
-
-diff --git a/configure.in b/configure.in
-index 1a3f841..4a4d6d0 100644
---- a/configure.in
-+++ b/configure.in
-@@ -335,16 +335,10 @@ if test "$enable_subids" != "no"; then
- 	dnl
- 	dnl FIXME: check if 32 bit UIDs/GIDs are supported by libc
- 	dnl
--	AC_RUN_IFELSE([AC_LANG_SOURCE([
--#include <sys/types.h>
--int main(void) {
--	uid_t u;
--	gid_t g;
--	return (sizeof u < 4) || (sizeof g < 4);
--}
--	])], [id32bit="yes"], [id32bit="no"])
--
--	if test "x$id32bit" = "xyes"; then
-+	AC_CHECK_SIZEOF([uid_t],, [#include "sys/types.h"])
-+	AC_CHECK_SIZEOF([gid_t],, [#include "sys/types.h"])
-+
-+	if test "$ac_cv_sizeof_uid_t" -ge 4 && test "$ac_cv_sizeof_gid_t" -ge 4; then
- 		AC_DEFINE(ENABLE_SUBIDS, 1, [Define to support the subordinate IDs.])
- 		enable_subids="yes"
- 	else
--- 
-2.3.6
-
diff --git a/sys-apps/shadow/files/shadow-4.2.1-verbose-error-when-uid-doesnt-match.patch b/sys-apps/shadow/files/shadow-4.2.1-verbose-error-when-uid-doesnt-match.patch
deleted file mode 100644
index 340424eb12e3..000000000000
--- a/sys-apps/shadow/files/shadow-4.2.1-verbose-error-when-uid-doesnt-match.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From: Hank Leininger <hlein@korelogic.com>
-Date: Mon, 6 Apr 2015 08:22:48 -0500
-Subject: [PATCH] Expand the error message when newuidmap / newgidmap do not
- like the user/group ownership of their target process.
-
-Currently the error is just:
-
-newuidmap: Target [pid] is owned by a different user
-
-With this patch it will be like:
-
-newuidmap: Target [pid] is owned by a different user: uid:0 pw_uid:0 st_uid:0, gid:0 pw_gid:0 st_gid:99
-
-Why is this useful?  Well, in my case...
-
-The grsecurity kernel-hardening patch includes an option to make parts
-of /proc unreadable, such as /proc/pid/ dirs for processes not owned by
-the current uid.  This comes with an option to make /proc/pid/
-directories readable by a specific gid; sysadmins and the like are then
-put into that group so they can see a full 'ps'.
-
-This means that the check in new[ug]idmap fails, as in the above quoted
-error - /proc/[targetpid] is owned by root, but the group is 99 so that
-users in group 99 can see the process.
-
-Some Googling finds dozens of people hitting this problem, but not
-*knowing* that they have hit this problem, because the errors and
-circumstances are non-obvious.
-
-Some graceful way of handling this and not failing, will be next ;)  But
-in the meantime it'd be nice to have new[ug]idmap emit a more useful
-error, so that it's easier to troubleshoot.
-
-Thanks!
-
-Signed-off-by: Hank Leininger <hlein@korelogic.com>
-Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
----
- src/newgidmap.c | 6 ++++--
- src/newuidmap.c | 6 ++++--
- 2 files changed, 8 insertions(+), 4 deletions(-)
-
-diff --git a/src/newgidmap.c b/src/newgidmap.c
-index a532b45..451c6a6 100644
---- a/src/newgidmap.c
-+++ b/src/newgidmap.c
-@@ -161,8 +161,10 @@ int main(int argc, char **argv)
- 	    (getgid() != pw->pw_gid) ||
- 	    (pw->pw_uid != st.st_uid) ||
- 	    (pw->pw_gid != st.st_gid)) {
--		fprintf(stderr, _( "%s: Target %u is owned by a different user\n" ),
--			Prog, target);
-+		fprintf(stderr, _( "%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n" ),
-+			Prog, target,
-+			(unsigned long int)getuid(), (unsigned long int)pw->pw_uid, (unsigned long int)st.st_uid,
-+			(unsigned long int)getgid(), (unsigned long int)pw->pw_gid, (unsigned long int)st.st_gid);
- 		return EXIT_FAILURE;
- 	}
- 
-diff --git a/src/newuidmap.c b/src/newuidmap.c
-index 5150078..9c8bc1b 100644
---- a/src/newuidmap.c
-+++ b/src/newuidmap.c
-@@ -161,8 +161,10 @@ int main(int argc, char **argv)
- 	    (getgid() != pw->pw_gid) ||
- 	    (pw->pw_uid != st.st_uid) ||
- 	    (pw->pw_gid != st.st_gid)) {
--		fprintf(stderr, _( "%s: Target %u is owned by a different user\n" ),
--			Prog, target);
-+		fprintf(stderr, _( "%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n" ),
-+			Prog, target,
-+			(unsigned long int)getuid(), (unsigned long int)pw->pw_uid, (unsigned long int)st.st_uid,
-+			(unsigned long int)getgid(), (unsigned long int)pw->pw_gid, (unsigned long int)st.st_gid);
- 		return EXIT_FAILURE;
- 	}
-