5 changed files with 115 additions and 78 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/usermode-1.114.tar.xz
+SOURCES/usermode-1.113.tar.xz
--- a/.usermode.metadata
+++ b/.usermode.metadata
@ -1 +1 @@
-8566e6c180ba5a6635c92d7a76f3e4410dab7dc8 SOURCES/usermode-1.114.tar.xz
+81e05318f28e42352410a3ece3334d62350f802f SOURCES/usermode-1.113.tar.xz
--- a/SOURCES/usermode-1.113-manpage_typo.patch
+++ b/SOURCES/usermode-1.113-manpage_typo.patch
@ -0,0 +1,22 @@
 From 79c1ddd9fbea9cdc2bc973a3d271e9c9617d5eb7 Mon Sep 17 00:00:00 2001
 From: Jiri Kucera <jkucera@redhat.com>
 Date: Apr 28 2021 08:24:20 +0000
 Subject: Fix typo
 ---
 diff --git a/pam-panel-icon.1 b/pam-panel-icon.1
 index 5f891dc..2563627 100644
 --- a/pam-panel-icon.1
 +++ b/pam-panel-icon.1
@@ -40,7 +40,7 @@ timestamp status.
 If the
 .B pam_timestamp
 authorization is active,
 -allowing an unprivileted user to temporarily authenticate as the
 +allowing an unprivileged user to temporarily authenticate as the
 .B root
 user without providing a password,
 an icon in the notification area of the panel is displayed.
--- a/SOURCES/usermode-1.113-selinux.patch
+++ b/SOURCES/usermode-1.113-selinux.patch
@ -0,0 +1,65 @@
 From 48c4085004caad1ec928fa103b7f3e3fe684c826 Mon Sep 17 00:00:00 2001
 From: Petr Lautrbach <plautrba@redhat.com>
 Date: Apr 07 2020 11:16:48 +0000
 Subject: Do not use deprecated flask.h and av_permissions.h
 selinux/flask.h and selinux/av_permissions.h will be completely dropped in the
 next SELinux release.
 Use string_to_security_class() and string_to_av_perm() to get class and
 permission values. The original hardcoded values could be invalid and are
 deprecated as the whole flask.h and av_permissions.h header files.
 ---
 diff --git a/userhelper.c b/userhelper.c
 index 4177c89..f2afde7 100644
 --- a/userhelper.c
 +++ b/userhelper.c
@@ -48,8 +48,6 @@
 #ifdef WITH_SELINUX
 #include <selinux/selinux.h>
 -#include <selinux/flask.h>
 -#include <selinux/av_permissions.h>
 #endif
 #include "shvar.h"
@@ -111,7 +109,7 @@ static int checkAccess(unsigned int selaccess) {
     struct av_decision avd;
     int retval = security_compute_av(user_context,
 				     user_context,
 -				     SECCLASS_PASSWD,
 +				     string_to_security_class("passwd"),
 				     selaccess,
 				     &avd);
@@ -2267,7 +2265,8 @@ main(int argc, char **argv)
 	const char *new_home_phone;
 	const char *new_shell;
 #ifdef WITH_SELINUX
 -	unsigned perm;
 +	security_class_t class;
 +	access_vector_t perm;
 #endif
 	/* State variable we pass around. */
@@ -2426,12 +2425,13 @@ main(int argc, char **argv)
 			user_name = g_strdup(argv[optind]);
 #ifdef WITH_SELINUX
 +			class = string_to_security_class("passwd");
 			if (c_flag) 
 -			  perm = PASSWD__PASSWD;
 +			  perm = string_to_av_perm(class, "passwd");
 			else if (s_flag)
 -			  perm = PASSWD__CHSH;
 +			  perm = string_to_av_perm(class, "chsh");
 			else
 -			  perm = PASSWD__CHFN;
 +			  perm = string_to_av_perm(class, "chfn");
 			if (is_selinux_enabled() > 0 &&
 			    checkAccess(perm)!= 0) {
--- a/SPECS/usermode.spec
+++ b/SPECS/usermode.spec
@ -1,31 +1,27 @@
 # Add `--without gtk' option (enable gtk by default):
 %bcond_without gtk
 Summary: Tools for certain user account management tasks
 Name: usermode
-Version: 1.114
+Version: 1.113
-Release: 4%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 Group: Applications/System
 URL: https://pagure.io/%{name}/
 Source: https://releases.pagure.org/%{name}/%{name}-%{version}.tar.xz
 Source1: config-util
 # Do not use deprecated API
 Patch1: usermode-1.113-selinux.patch
 Patch2: usermode-1.113-manpage_typo.patch
 Requires: pam, passwd, util-linux
 # https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/IJFYI5Q2BYZKIGDFS2WLOBDUSEGWHIKV/
 BuildRequires: make
 BuildRequires: gcc
-BuildRequires: gettext, glib2-devel, intltool
+BuildRequires: desktop-file-utils, gettext, glib2-devel, gtk2-devel, intltool
-%if %{with gtk}
+BuildRequires: libblkid-devel, libSM-devel, libselinux-devel, libuser-devel
-BuildRequires: desktop-file-utils, gtk2-devel, startup-notification-devel, libSM-devel
+BuildRequires: pam-devel, perl-XML-Parser, startup-notification-devel
 %endif
 BuildRequires: libblkid-devel, libselinux-devel, libuser-devel
 BuildRequires: pam-devel, perl-XML-Parser
 BuildRequires: util-linux
 %if %{with gtk}
 %package gtk
 Summary: Graphical tools for certain user account management tasks
 Group: Applications/System
 Requires: %{name} = %{version}-%{release}
 %endif
 %global _hardened_build 1
@ -34,7 +30,6 @@ The usermode package contains the userhelper program, which can be
 used to allow configured programs to be run with superuser privileges
 by ordinary users.
 %if %{with gtk}
 %description gtk
 The usermode-gtk package contains several graphical tools for users:
 userinfo, usermount and userpasswd.  Userinfo allows users to change
@ -44,30 +39,28 @@ passwords.
 Install the usermode-gtk package if you would like to provide users with
 graphical tools for certain account management tasks.
 %endif
 %prep
 %setup -q
 %patch1 -p1
 %patch2 -p1
 %build
-%configure --with-selinux --without-fexecve %{!?with_gtk:--without-gtk}
+%configure --with-fexecve=no --with-selinux
-%make_build
+make %{?_smp_mflags}
 %install
-%make_install INSTALL='install -p'
+make install DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p'
 %if %{with gtk}
 # make userformat symlink to usermount
 ln -sf usermount $RPM_BUILD_ROOT%{_bindir}/userformat
 ln -s usermount.1 $RPM_BUILD_ROOT%{_mandir}/man1/userformat.1
 %endif
 mkdir -p $RPM_BUILD_ROOT/etc/security/console.apps
 install -p -m 644 %{SOURCE1} \
 	$RPM_BUILD_ROOT/etc/security/console.apps/config-util
 %if %{with gtk}
 for i in redhat-userinfo.desktop redhat-userpasswd.desktop \
 	redhat-usermount.desktop; do
 	echo 'NotShowIn=GNOME;KDE;' >>$RPM_BUILD_ROOT%{_datadir}/applications/$i
@ -75,20 +68,17 @@ for i in redhat-userinfo.desktop redhat-userpasswd.desktop \
 		--dir $RPM_BUILD_ROOT%{_datadir}/applications \
 		$RPM_BUILD_ROOT%{_datadir}/applications/$i
 done
 %endif
 %find_lang %{name}
 %files -f %{name}.lang
-%license COPYING
+%doc COPYING ChangeLog NEWS README
 %doc ChangeLog NEWS README
 %attr(4711,root,root) /usr/sbin/userhelper
 %{_bindir}/consolehelper
 %{_mandir}/man8/userhelper.8*
 %{_mandir}/man8/consolehelper.8*
 %config(noreplace) /etc/security/console.apps/config-util
 %if %{with gtk}
 %files gtk
 %{_bindir}/usermount
 %{_mandir}/man1/usermount.1*
@ -105,64 +95,24 @@ done
 %{_datadir}/%{name}
 %{_datadir}/pixmaps/*
 %{_datadir}/applications/*
 %endif
 %changelog
-* Thu Dec 09 2021 Jiri Kucera <jkucera@redhat.com> - 1.114-4
+* Tue Aug 03 2021 Jiri Kucera <jkucera@redhat.com> - 1.113-2
- Rebuild with new annobin
+- Fix typo in pam-panel-icon manpage
-  Related: #1984417
+  Do not use deprecated selinux API
-
+  Do not use fexecve
-* Tue Dec 07 2021 Jiri Kucera <jkucera@redhat.com> - 1.114-3
+  Resolves: #1775931
 - Do not use fexecve
  Script executed via fexecve has a file descriptor number in
  argv[0]. This results in unexpected output: when displaying
  the script help, a user see "Usage: <number> [options]"
  instead of "Usage: <scriptname> [options]".
  Resolves: #1984417
 * Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1.114-2
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
  Related: rhbz#1991688
 * Fri May 14 2021 Jiri Kucera <jkucera@redhat.com> - 1.114-1
 - Update to usermode-1.114
  Resolves: #1938893
 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.112-11
 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
 * Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.112-10
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
-* Wed Sep 09 2020 Jiri Kucera <jkucera@redhat.com> - 1.112-9
+* Mon Nov 05 2018 Jiri Kucera <jkucera@redhat.com> - 1.113-1
- Do not use deprecated selinux headers
+- Rebase to usermode-1.113 (fixes static scanner issues)
-  Resolves #1865598
+  Resolves #1602722
-* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.112-8
+* Wed Aug 08 2018 Jiri Kucera <jkucera@redhat.com> - 1.112-2
 - Second attempt - Rebuilt for
  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 * Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.112-7
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 * Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.112-6
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
 * Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.112-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 * Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.112-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 * Tue Aug 07 2018 Jiri Kucera <jkucera@redhat.com> - 1.112-3
 - Dropped need to run autotools
 - <sys/sysmacros.h> must be now included manually
-  Resolves #1606624
+  Resolves #1611752
 - Fixed bad FSF address
 * Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.112-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 * Thu Feb 22 2018 Jiri Kucera <jkucera@redhat.com> - 1.112-1
 - Update to usermode-1.112
  Resolves #1269643
`@ -1 +1 @@`
	`SOURCES/usermode-1.114.tar.xz`	`SOURCES/usermode-1.113.tar.xz`
`@ -1 +1 @@`
	`8566e6c180ba5a6635c92d7a76f3e4410dab7dc8 SOURCES/usermode-1.114.tar.xz`	`81e05318f28e42352410a3ece3334d62350f802f SOURCES/usermode-1.113.tar.xz`