Slowing down for the release

classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

Slowing down for the release

Christian Weisgerber
The next release, 6.0, is approaching fast.  It's time to wind down
the ports churn, focus on fixing problems and stop introducing them.

Over the next few days, please stop importing new ports and regular
updates.  If you're in the middle of something, finish it, but by
the weekend this should be done, and commits will be increasingly
restricted from there.

What's the situation with wxneeded annotations and getpwnam_shadow?
If that work hasn't been completed, it's high time to get it done.

--
Christian "naddy" Weisgerber                          [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Slowing down for the release

Jeremie Courreges-Anglas-2
Christian Weisgerber <[hidden email]> writes:

> The next release, 6.0, is approaching fast.  It's time to wind down
> the ports churn, focus on fixing problems and stop introducing them.

fwiw I have a security update coming for samba.

> Over the next few days, please stop importing new ports and regular
> updates.  If you're in the middle of something, finish it, but by
> the weekend this should be done, and commits will be increasingly
> restricted from there.
>
> What's the situation with wxneeded annotations and getpwnam_shadow?
> If that work hasn't been completed, it's high time to get it done.

I don't think that getpwnam_shadow is a big concern.  Fixes can be
applied to -stable with relatively minor churn, if needed.

I don't think that 6.0 can ship with wxneeded enforced.  There's just
too much to do, and afaik no one is trying to fix the few big ports that
would need it.

  https://docs.google.com/spreadsheets/d/1RjfH2_ecaUc_G5kmPAKbH00w0qcR-vWljTiUb4UCVXI/edit?usp=sharing

(looks like it's not up to date)

--
jca | PGP: 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Reply | Threaded
Open this post in threaded view
|

Re: Slowing down for the release

Theo de Raadt
> I don't think that getpwnam_shadow is a big concern.  Fixes can be
> applied to -stable with relatively minor churn, if needed.

They are being discovered slower than I expected.  Maybe there are only
a handful left.

 > I don't think that 6.0 can ship with wxneeded enforced.  There's just
> too much to do, and afaik no one is trying to fix the few big ports that
> would need it.

I don't think we are tightening the enforcement.  As a result, 6.0
is probably going out the door with "noisy reporting", and we'll collect
information from the community.  Is that a good strategy?  Or should
we silence it.

Reply | Threaded
Open this post in threaded view
|

Re: Slowing down for the release

Jeremie Courreges-Anglas-2
Theo de Raadt <[hidden email]> writes:

>> I don't think that getpwnam_shadow is a big concern.  Fixes can be
>> applied to -stable with relatively minor churn, if needed.
>
> They are being discovered slower than I expected.  Maybe there are only
> a handful left.
>
>  > I don't think that 6.0 can ship with wxneeded enforced.  There's just
>> too much to do, and afaik no one is trying to fix the few big ports that
>> would need it.
>
> I don't think we are tightening the enforcement.  As a result, 6.0
> is probably going out the door with "noisy reporting", and we'll collect
> information from the community.  Is that a good strategy?  Or should
> we silence it.

The logs could make a serial connection temporarily unusable.  That
said, I think that noisy by default would be fine, if it could be
disabled.

--
jca | PGP: 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Reply | Threaded
Open this post in threaded view
|

Re: Slowing down for the release

Stuart Henderson
On 2016/07/07 18:43, Jeremie Courreges-Anglas wrote:

> Theo de Raadt <[hidden email]> writes:
>
> >> I don't think that getpwnam_shadow is a big concern.  Fixes can be
> >> applied to -stable with relatively minor churn, if needed.
> >
> > They are being discovered slower than I expected.  Maybe there are only
> > a handful left.
> >
> >  > I don't think that 6.0 can ship with wxneeded enforced.  There's just
> >> too much to do, and afaik no one is trying to fix the few big ports that
> >> would need it.
> >
> > I don't think we are tightening the enforcement.  As a result, 6.0
> > is probably going out the door with "noisy reporting", and we'll collect
> > information from the community.  Is that a good strategy?  Or should
> > we silence it.
>
> The logs could make a serial connection temporarily unusable.  That
> said, I think that noisy by default would be fine, if it could be
> disabled.

Theo changed it, it just goes to logs not console now, and it's restricted
(iirc once per process) rather than being done for every mapping.
I think the current semantics are good for the release. chrome has a check
in the wrapper script so people can fairly easily learn about the wxallowed
flag, the logging is noticeable but not obnoxious, and there's a relatively
easy way to disable it for a program.

Reply | Threaded
Open this post in threaded view
|

Re: Slowing down for the release

Jeremie Courreges-Anglas-2
Stuart Henderson <[hidden email]> writes:

> On 2016/07/07 18:43, Jeremie Courreges-Anglas wrote:
>> Theo de Raadt <[hidden email]> writes:
>>
>> >> I don't think that getpwnam_shadow is a big concern.  Fixes can be
>> >> applied to -stable with relatively minor churn, if needed.
>> >
>> > They are being discovered slower than I expected.  Maybe there are only
>> > a handful left.
>> >
>> >  > I don't think that 6.0 can ship with wxneeded enforced.  There's just
>> >> too much to do, and afaik no one is trying to fix the few big ports that
>> >> would need it.
>> >
>> > I don't think we are tightening the enforcement.  As a result, 6.0
>> > is probably going out the door with "noisy reporting", and we'll collect
>> > information from the community.  Is that a good strategy?  Or should
>> > we silence it.
>>
>> The logs could make a serial connection temporarily unusable.  That
>> said, I think that noisy by default would be fine, if it could be
>> disabled.
>
> Theo changed it, it just goes to logs not console now, and it's restricted
> (iirc once per process) rather than being done for every mapping.
> I think the current semantics are good for the release. chrome has a check
> in the wrapper script so people can fairly easily learn about the wxallowed
> flag, the logging is noticeable but not obnoxious, and there's a relatively
> easy way to disable it for a program.

Nice, thanks.

--
jca | PGP: 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Reply | Threaded
Open this post in threaded view
|

Re: Slowing down for the release

Stuart Henderson
In reply to this post by Christian Weisgerber
On 2016/07/06 21:41, Christian Weisgerber wrote:
> The next release, 6.0, is approaching fast.  It's time to wind down
> the ports churn, focus on fixing problems and stop introducing them.
>
> Over the next few days, please stop importing new ports and regular
> updates.  If you're in the middle of something, finish it, but by
> the weekend this should be done, and commits will be increasingly
> restricted from there.

Please stop imports now. And updates should be for important fixes
only. It's not a time to rush things in before release, it's a time
to polish.

> What's the situation with wxneeded annotations and getpwnam_shadow?
> If that work hasn't been completed, it's high time to get it done.

Very patchy.

From my old search for things using pw_passwd here are a few that I
don't recall seeing updates for.

Some of them will most likely be red herrings and in codepaths not
actually used, and obviously for many of them it's only going to be
certain things which don't work.

Some of them are very definitely broken and the ports will no
longer work at all (e.g. some of the pop3 daemons).

It would be nice if people can check ports which they rely on and
move things to using the _shadow versions of getpwnam/getpwuid
where needed. Many of these will have existing code to deal with
shadow passwords using the standard getspnam functions used on
other OS; this is a good indication that changes will need to be
made.

Unfortunately I accidentally looked at cucipop and now need to go
and look for a sick bag (or possibly some pokemon) so I'm not sure
how many I'm going to be able to fix myself.

biology/emboss
comms/kermit
databases/openldap
databases/openldap23
databases/tinycdb
devel/luaposix
devel/ocaml-lwt
devel/omake
editors/jed
lang/chibi-scheme
lang/chicken/bootstrap
lang/chicken/core
lang/clisp
lang/gawk
lang/guile
lang/guile2
lang/mono
lang/ocaml
lang/php
lang/python
lang/ruby
lang/rust
lang/scm
lang/swi-prolog
lang/tcl
mail/akpop3d (definitely broken)
mail/avenger
mail/cucipop (definitely broken)
mail/dkim-milter
mail/dovecot (most people will probably use bsdauth or a db so likely unimportant)
mail/opensmtpd-extras
mail/postfix
mail/procmail
mail/sendmail
mail/solid-pop3d
mail/teapop
mail/zarafa
math/grace
math/octave
misc/gone
misc/mc
misc/screen
net/gopher
net/libbind
net/pure-ftpd
net/samba
net/tircproxy
net/uucpd
net/vsftpd
net/winexe
productivity/siag
security/cyrus-sasl2
security/dante
security/dsniff
security/heimdal
security/openpam
security/ssh-ldap-helper
shells/tcsh
sysutils/ktsuss
sysutils/openpoppassd
sysutils/rtty
x11/kde/admin3
x11/kde/base3
x11/kde4/kuser
x11/kde4/workspace
x11/motif
x11/nx/nxssh
x11/slim
x11/x11vnc
x11/xtacy


Reply | Threaded
Open this post in threaded view
|

Re: Slowing down for the release

Joerg Jung


> Am 11.07.2016 um 12:40 schrieb Stuart Henderson <[hidden email]>:
>
>> On 2016/07/06 21:41, Christian Weisgerber wrote:
>> The next release, 6.0, is approaching fast.  It's time to wind down
>> the ports churn, focus on fixing problems and stop introducing them.
>>
>> Over the next few days, please stop importing new ports and regular
>> updates.  If you're in the middle of something, finish it, but by
>> the weekend this should be done, and commits will be increasingly
>> restricted from there.
>
> Please stop imports now. And updates should be for important fixes
> only. It's not a time to rush things in before release, it's a time
> to polish.
>
>> What's the situation with wxneeded annotations and getpwnam_shadow?
>> If that work hasn't been completed, it's high time to get it done.
>
> Very patchy.
>
> From my old search for things using pw_passwd here are a few that I
> don't recall seeing updates for.
>
> Some of them will most likely be red herrings and in codepaths not
> actually used, and obviously for many of them it's only going to be
> certain things which don't work.
>
> Some of them are very definitely broken and the ports will no
> longer work at all (e.g. some of the pop3 daemons).
>
> It would be nice if people can check ports which they rely on and
> move things to using the _shadow versions of getpwnam/getpwuid
> where needed. Many of these will have existing code to deal with
> shadow passwords using the standard getspnam functions used on
> other OS; this is a good indication that changes will need to be
> made.
>
> Unfortunately I accidentally looked at cucipop and now need to go
> and look for a sick bag (or possibly some pokemon) so I'm not sure
> how many I'm going to be able to fix myself.
>
> biology/emboss
> comms/kermit
> databases/openldap
> databases/openldap23
> databases/tinycdb
> devel/luaposix
> devel/ocaml-lwt
> devel/omake
> editors/jed
> lang/chibi-scheme
> lang/chicken/bootstrap
> lang/chicken/core
> lang/clisp
> lang/gawk
> lang/guile
> lang/guile2
> lang/mono
> lang/ocaml
> lang/php
> lang/python
> lang/ruby
> lang/rust
> lang/scm
> lang/swi-prolog
> lang/tcl
> mail/akpop3d (definitely broken)
> mail/avenger
> mail/cucipop (definitely broken)
> mail/dkim-milter
> mail/dovecot (most people will probably use bsdauth or a db so likely unimportant)
> mail/opensmtpd-extras

I'll take care of -extras. There is an update pending
and required anyway to fix things after recent API changes.
I'll have a look into the getpwnam shadow issue as well.

> mail/postfix
> mail/procmail
> mail/sendmail
> mail/solid-pop3d
> mail/teapop
> mail/zarafa
> math/grace
> math/octave
> misc/gone
> misc/mc
> misc/screen
> net/gopher
> net/libbind
> net/pure-ftpd
> net/samba
> net/tircproxy
> net/uucpd
> net/vsftpd
> net/winexe
> productivity/siag
> security/cyrus-sasl2
> security/dante
> security/dsniff
> security/heimdal
> security/openpam
> security/ssh-ldap-helper
> shells/tcsh
> sysutils/ktsuss
> sysutils/openpoppassd
> sysutils/rtty
> x11/kde/admin3
> x11/kde/base3
> x11/kde4/kuser
> x11/kde4/workspace
> x11/motif
> x11/nx/nxssh
> x11/slim
> x11/x11vnc
> x11/xtacy
>
>

Reply | Threaded
Open this post in threaded view
|

Re: Slowing down for the release

Antoine Jacoutot-7
In reply to this post by Stuart Henderson
> sysutils/openpoppassd

This one is done.

--
Antoine

Reply | Threaded
Open this post in threaded view
|

Re: Slowing down for the release

David Coppa
In reply to this post by Stuart Henderson
On Mon, Jul 11, 2016 at 12:40 PM, Stuart Henderson <[hidden email]> wrote:

> On 2016/07/06 21:41, Christian Weisgerber wrote:
>> The next release, 6.0, is approaching fast.  It's time to wind down
>> the ports churn, focus on fixing problems and stop introducing them.
>>
>> Over the next few days, please stop importing new ports and regular
>> updates.  If you're in the middle of something, finish it, but by
>> the weekend this should be done, and commits will be increasingly
>> restricted from there.
>
> Please stop imports now. And updates should be for important fixes
> only. It's not a time to rush things in before release, it's a time
> to polish.
>
>> What's the situation with wxneeded annotations and getpwnam_shadow?
>> If that work hasn't been completed, it's high time to get it done.
>
> Very patchy.
>
> From my old search for things using pw_passwd here are a few that I
> don't recall seeing updates for.
>
> Some of them will most likely be red herrings and in codepaths not
> actually used, and obviously for many of them it's only going to be
> certain things which don't work.
>
> Some of them are very definitely broken and the ports will no
> longer work at all (e.g. some of the pop3 daemons).
>
> It would be nice if people can check ports which they rely on and
> move things to using the _shadow versions of getpwnam/getpwuid
> where needed. Many of these will have existing code to deal with
> shadow passwords using the standard getspnam functions used on
> other OS; this is a good indication that changes will need to be
> made.
>
> Unfortunately I accidentally looked at cucipop and now need to go
> and look for a sick bag (or possibly some pokemon) so I'm not sure
> how many I'm going to be able to fix myself.

> x11/slim

slim works for me (unpatched), I'm using it.

Reply | Threaded
Open this post in threaded view
|

Re: Slowing down for the release

Juan Francisco Cantero Hurtado
In reply to this post by Stuart Henderson
On Mon, Jul 11, 2016 at 11:40:56AM +0100, Stuart Henderson wrote:

> On 2016/07/06 21:41, Christian Weisgerber wrote:
> > The next release, 6.0, is approaching fast.  It's time to wind down
> > the ports churn, focus on fixing problems and stop introducing them.
> >
> > Over the next few days, please stop importing new ports and regular
> > updates.  If you're in the middle of something, finish it, but by
> > the weekend this should be done, and commits will be increasingly
> > restricted from there.
>
> Please stop imports now. And updates should be for important fixes
> only. It's not a time to rush things in before release, it's a time
> to polish.
>
> > What's the situation with wxneeded annotations and getpwnam_shadow?
> > If that work hasn't been completed, it's high time to get it done.
>
> Very patchy.
>
> From my old search for things using pw_passwd here are a few that I
> don't recall seeing updates for.
>
> Some of them will most likely be red herrings and in codepaths not
> actually used, and obviously for many of them it's only going to be
> certain things which don't work.
>
> Some of them are very definitely broken and the ports will no
> longer work at all (e.g. some of the pop3 daemons).
>
> It would be nice if people can check ports which they rely on and
> move things to using the _shadow versions of getpwnam/getpwuid
> where needed. Many of these will have existing code to deal with
> shadow passwords using the standard getspnam functions used on
> other OS; this is a good indication that changes will need to be
> made.
>
> Unfortunately I accidentally looked at cucipop and now need to go
> and look for a sick bag (or possibly some pokemon) so I'm not sure
> how many I'm going to be able to fix myself.
>
> biology/emboss
> comms/kermit
> databases/openldap
> databases/openldap23
> databases/tinycdb
> devel/luaposix
> devel/ocaml-lwt
> devel/omake
> editors/jed
> lang/chibi-scheme

chibi doesn't need changes. Everything works fine.

For reference, this is the "lib" which uses getpwnam/getpwuid:
http://synthcode.com/scheme/chibi/lib/chibi/system.html

> lang/chicken/bootstrap
> lang/chicken/core
> lang/clisp
> lang/gawk
> lang/guile
> lang/guile2
> lang/mono
> lang/ocaml
> lang/php
> lang/python
> lang/ruby
> lang/rust
> lang/scm
> lang/swi-prolog
> lang/tcl
> mail/akpop3d (definitely broken)
> mail/avenger
> mail/cucipop (definitely broken)
> mail/dkim-milter
> mail/dovecot (most people will probably use bsdauth or a db so likely unimportant)
> mail/opensmtpd-extras
> mail/postfix
> mail/procmail
> mail/sendmail
> mail/solid-pop3d
> mail/teapop
> mail/zarafa
> math/grace
> math/octave
> misc/gone
> misc/mc
> misc/screen
> net/gopher
> net/libbind
> net/pure-ftpd
> net/samba
> net/tircproxy
> net/uucpd
> net/vsftpd
> net/winexe
> productivity/siag
> security/cyrus-sasl2
> security/dante
> security/dsniff
> security/heimdal
> security/openpam
> security/ssh-ldap-helper
> shells/tcsh
> sysutils/ktsuss
> sysutils/openpoppassd
> sysutils/rtty
> x11/kde/admin3
> x11/kde/base3
> x11/kde4/kuser
> x11/kde4/workspace
> x11/motif
> x11/nx/nxssh
> x11/slim
> x11/x11vnc
> x11/xtacy
>
>

--
Juan Francisco Cantero Hurtado http://juanfra.info

Reply | Threaded
Open this post in threaded view
|

Re: Slowing down for the release

Rafael Sadowski
In reply to this post by Stuart Henderson
On Mon Jul 11, 2016 at 11:40:56AM +0100, Stuart Henderson wrote:

> On 2016/07/06 21:41, Christian Weisgerber wrote:
> > The next release, 6.0, is approaching fast.  It's time to wind down
> > the ports churn, focus on fixing problems and stop introducing them.
> >
> > Over the next few days, please stop importing new ports and regular
> > updates.  If you're in the middle of something, finish it, but by
> > the weekend this should be done, and commits will be increasingly
> > restricted from there.
>
> Please stop imports now. And updates should be for important fixes
> only. It's not a time to rush things in before release, it's a time
> to polish.
>
> > What's the situation with wxneeded annotations and getpwnam_shadow?
> > If that work hasn't been completed, it's high time to get it done.
>
> Very patchy.
>
> >From my old search for things using pw_passwd here are a few that I
> don't recall seeing updates for.
>
> Some of them will most likely be red herrings and in codepaths not
> actually used, and obviously for many of them it's only going to be
> certain things which don't work.
>
> Some of them are very definitely broken and the ports will no
> longer work at all (e.g. some of the pop3 daemons).
>
> It would be nice if people can check ports which they rely on and
> move things to using the _shadow versions of getpwnam/getpwuid
> where needed. Many of these will have existing code to deal with
> shadow passwords using the standard getspnam functions used on
> other OS; this is a good indication that changes will need to be
> made.
>
> Unfortunately I accidentally looked at cucipop and now need to go
> and look for a sick bag (or possibly some pokemon) so I'm not sure
> how many I'm going to be able to fix myself.
>
> biology/emboss
> comms/kermit
> databases/openldap
> databases/openldap23
> databases/tinycdb
> devel/luaposix
> devel/ocaml-lwt
> devel/omake
> editors/jed
> lang/chibi-scheme
> lang/chicken/bootstraP
> lang/chicken/core
> lang/clisp
> lang/gawk
> lang/guile
> lang/guile2
> lang/mono
> lang/ocaml
> lang/php
> lang/python
> lang/ruby
> lang/rust
> lang/scm
> lang/swi-prolog
> lang/tcl
> mail/akpop3d (definitely broken)
> mail/avenger
> mail/cucipop (definitely broken)
> mail/dkim-milter
> mail/dovecot (most people will probably use bsdauth or a db so likely unimportant)
> mail/opensmtpd-extras
> mail/postfix
> mail/procmail
> mail/sendmail
> mail/solid-pop3d
> mail/teapop
> mail/zarafa
> math/grace
> math/octave
> misc/gone
> misc/mc


Looks like mc works fine with _shadow (maybe without too).

- test @amd64 without smb/ssh-fs tests
- add some fprintf error msgs for tests.

Cheerrs,

Rafael


Index: Makefile
===================================================================
RCS file: /cvs/ports/misc/mc/Makefile,v
retrieving revision 1.59
diff -u -p -u -p -r1.59 Makefile
--- Makefile 25 Apr 2016 13:35:06 -0000 1.59
+++ Makefile 11 Jul 2016 19:58:56 -0000
@@ -3,7 +3,7 @@
 COMMENT= free Norton Commander clone with many useful features
 
 DISTNAME= mc-4.8.16
-REVISION= 0
+REVISION= 1
 CATEGORIES= misc
 
 HOMEPAGE= http://www.midnight-commander.org/
Index: patches/patch-lib_lock_c
===================================================================
RCS file: patches/patch-lib_lock_c
diff -N patches/patch-lib_lock_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-lib_lock_c 11 Jul 2016 19:58:56 -0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- lib/lock.c.orig Mon Jul 11 18:04:49 2016
++++ lib/lock.c Mon Jul 11 18:07:53 2016
+@@ -91,7 +91,7 @@ lock_build_name (void)
+     const char *user = NULL;
+     struct passwd *pw;
+
+-    pw = getpwuid (getuid ());
++    pw = getpwuid_shadow (getuid ());
+     if (pw)
+         user = pw->pw_name;
+     if (!user)
Index: patches/patch-lib_shell_c
===================================================================
RCS file: patches/patch-lib_shell_c
diff -N patches/patch-lib_shell_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-lib_shell_c 11 Jul 2016 19:58:56 -0000
@@ -0,0 +1,16 @@
+$OpenBSD$
+--- lib/shell.c.orig Mon Jul 11 18:05:06 2016
++++ lib/shell.c Mon Jul 11 18:10:32 2016
+@@ -104,9 +104,11 @@ mc_shell_get_name_env (void)
+         /* 2nd choice: user login shell */
+         struct passwd *pwd;
+
+-        pwd = getpwuid (geteuid ());
++        pwd = getpwuid_shadow (geteuid ());
+         if (pwd != NULL)
+             shell_name = g_strdup (pwd->pw_shell);
++        else
++            fprintf (stderr, _("getpwuid_shadow\n"));
+     }
+     else
+         /* 1st choice: SHELL environment variable */
Index: patches/patch-lib_utilunix_c
===================================================================
RCS file: patches/patch-lib_utilunix_c
diff -N patches/patch-lib_utilunix_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-lib_utilunix_c 11 Jul 2016 19:58:56 -0000
@@ -0,0 +1,31 @@
+$OpenBSD$
+--- lib/utilunix.c.orig Mon Jul 11 18:03:52 2016
++++ lib/utilunix.c Mon Jul 11 18:17:25 2016
+@@ -694,14 +694,14 @@ tilde_expand (const char *directory)
+         q = strchr (p, PATH_SEP);
+         if (!q)
+         {
+-            passwd = getpwnam (p);
++            passwd = getpwnam_shadow (p);
+         }
+         else
+         {
+             char *name;
+
+             name = g_strndup (p, q - p);
+-            passwd = getpwnam (name);
++            passwd = getpwnam_shadow (name);
+             q++;
+             g_free (name);
+         }
+@@ -709,7 +709,10 @@ tilde_expand (const char *directory)
+
+     /* If we can't figure the user name, leave tilde unexpanded */
+     if (!passwd)
++    {
++        fprintf (stderr, "getpwnam_shadow == NULL\n");
+         return g_strdup (directory);
++    }
+
+     return g_strconcat (passwd->pw_dir, PATH_SEP_STR, q, (char *) NULL);
+ }
Index: patches/patch-lib_vfs_interface_c
===================================================================
RCS file: patches/patch-lib_vfs_interface_c
diff -N patches/patch-lib_vfs_interface_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-lib_vfs_interface_c 11 Jul 2016 19:58:56 -0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- lib/vfs/interface.c.orig Mon Jul 11 18:05:15 2016
++++ lib/vfs/interface.c Mon Jul 11 18:07:53 2016
+@@ -831,7 +831,7 @@ mc_tmpdir (void)
+     if (sys_tmp == NULL || !IS_PATH_SEP (sys_tmp[0]))
+         sys_tmp = TMPDIR_DEFAULT;
+
+-    pwd = getpwuid (getuid ());
++    pwd = getpwuid_shadow (getuid ());
+
+     if (pwd)
+         g_snprintf (buffer, sizeof (buffer), "%s/mc-%s", sys_tmp, pwd->pw_name);
Index: patches/patch-lib_vfs_utilvfs_c
===================================================================
RCS file: patches/patch-lib_vfs_utilvfs_c
diff -N patches/patch-lib_vfs_utilvfs_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-lib_vfs_utilvfs_c 11 Jul 2016 19:58:56 -0000
@@ -0,0 +1,30 @@
+$OpenBSD$
+--- lib/vfs/utilvfs.c.orig Mon Jul 11 18:05:34 2016
++++ lib/vfs/utilvfs.c Mon Jul 11 18:15:44 2016
+@@ -87,7 +87,9 @@ vfs_get_local_username (void)
+ {
+     struct passwd *p_i;
+
+-    p_i = getpwuid (geteuid ());
++    p_i = getpwuid_shadow (geteuid ());
++    if (p_i == NULL)
++        fprintf (stderr, _("getpwuid_shadow\n"));
+
+     return (p_i && p_i->pw_name) ? g_strdup (p_i->pw_name) : g_strdup ("anonymous");    /* Unknown UID, strange */
+ }
+@@ -114,13 +116,14 @@ vfs_finduid (const char *uname)
+         struct passwd *pw;
+
+         g_strlcpy (saveuname, uname, TUNMLEN);
+-        pw = getpwnam (uname);
++        pw = getpwnam_shadow (uname);
+         if (pw)
+         {
+             saveuid = pw->pw_uid;
+         }
+         else
+         {
++            fprintf (stderr, "getpwnam_shadow == NULL\n");
+             static int my_uid = GUID_DEFAULT_CONST;
+
+             if (my_uid < 0)
Index: patches/patch-src_filemanager_achown_c
===================================================================
RCS file: patches/patch-src_filemanager_achown_c
diff -N patches/patch-src_filemanager_achown_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_filemanager_achown_c 11 Jul 2016 19:58:56 -0000
@@ -0,0 +1,17 @@
+$OpenBSD$
+--- src/filemanager/achown.c.orig Mon Jul 11 18:13:03 2016
++++ src/filemanager/achown.c Mon Jul 11 18:16:22 2016
+@@ -384,11 +384,12 @@ do_enter_key (WDialog * h, int f_pos)
+                 listbox_get_current (chl_list, &text, NULL);
+                 if (is_owner)
+                 {
+-                    chl_pass = getpwnam (text);
++                    chl_pass = getpwnam_shadow (text);
+                     if (chl_pass != NULL)
+                     {
+                         ok = TRUE;
+                         sf_stat->st_uid = chl_pass->pw_uid;
++                        fprintf (stderr, "getpwnam_shadow == NULL\n");
+                     }
+                 }
+                 else
Index: patches/patch-src_filemanager_chown_c
===================================================================
RCS file: patches/patch-src_filemanager_chown_c
diff -N patches/patch-src_filemanager_chown_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_filemanager_chown_c 11 Jul 2016 19:58:56 -0000
@@ -0,0 +1,25 @@
+$OpenBSD$
+--- src/filemanager/chown.c.orig Mon Jul 11 18:13:13 2016
++++ src/filemanager/chown.c Mon Jul 11 18:17:25 2016
+@@ -384,7 +384,7 @@ chown_cmd (void)
+                 char *text;
+
+                 listbox_get_current (l_user, &text, NULL);
+-                user = getpwnam (text);
++                user = getpwnam_shadow (text);
+                 if (user)
+                 {
+                     new_user = user->pw_uid;
+@@ -420,9 +420,11 @@ chown_cmd (void)
+                 if (grp)
+                     new_group = grp->gr_gid;
+                 listbox_get_current (l_user, &text, NULL);
+-                user = getpwnam (text);
++                user = getpwnam_shadow (text);
+                 if (user)
+                     new_user = user->pw_uid;
++                else
++                    fprintf (stderr, "getpwnam_shadow == NULL\n");
+                 if (ch_dlg->ret_value == B_ENTER)
+                 {
+                     vfs_path_t *fname_vpath;
Index: patches/patch-src_filemanager_layout_c
===================================================================
RCS file: patches/patch-src_filemanager_layout_c
diff -N patches/patch-src_filemanager_layout_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_filemanager_layout_c 11 Jul 2016 19:58:56 -0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- src/filemanager/layout.c.orig Sat Mar 12 16:45:48 2016
++++ src/filemanager/layout.c Mon Jul 11 17:55:59 2016
+@@ -1361,7 +1361,7 @@ title_path_prepare (char **path, char **login)
+     else
+         host[sizeof (host) - 1] = '\0';
+
+-    pw = getpwuid (getuid ());
++    pw = getpwuid_shadow (getuid ());
+     if (pw != NULL)
+         *login = g_strdup_printf ("%s@%s", pw->pw_name, host);
+     else
Index: patches/patch-src_filemanager_layout_c.orig
===================================================================
RCS file: patches/patch-src_filemanager_layout_c.orig
diff -N patches/patch-src_filemanager_layout_c.orig
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_filemanager_layout_c.orig 11 Jul 2016 19:58:56 -0000
@@ -0,0 +1,22 @@
+$OpenBSD$
+--- src/filemanager/layout.c.orig Mon Jul 11 17:44:45 2016
++++ src/filemanager/layout.c Mon Jul 11 17:46:46 2016
+@@ -1361,11 +1361,16 @@ title_path_prepare (char **path, char **login)
+     else
+         host[sizeof (host) - 1] = '\0';
+
+-    pw = getpwuid (getuid ());
++    pw = getpwuid_shadow (getuid ());
+     if (pw != NULL)
++    {
++        fprintf (stdout, "getpwuid_shadow OK");
+         *login = g_strdup_printf ("%s@%s", pw->pw_name, host);
+-    else
++    }
++    else {
++        fprintf (stdout, "getpwuid_shadow");
+         *login = g_strdup (host);
++    }
+ }
+
+ /* --------------------------------------------------------------------------------------------- */
Index: patches/patch-src_vfs_fish_fish_c
===================================================================
RCS file: patches/patch-src_vfs_fish_fish_c
diff -N patches/patch-src_vfs_fish_fish_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_vfs_fish_fish_c 11 Jul 2016 19:58:56 -0000
@@ -0,0 +1,17 @@
+$OpenBSD$
+--- src/vfs/fish/fish.c.orig Mon Jul 11 18:05:55 2016
++++ src/vfs/fish/fish.c Mon Jul 11 18:11:42 2016
+@@ -1279,9 +1279,12 @@ fish_chown (const vfs_path_t * vpath, uid_t owner, gid
+     struct passwd *pw;
+     struct group *gr;
+
+-    pw = getpwuid (owner);
++    pw = getpwuid_shadow (owner);
+     if (pw == NULL)
++    {
++        fprintf (stderr, _("getpwuid_shadow\n"));
+         return 0;
++    }
+
+     gr = getgrgid (group);
+     if (gr == NULL)
Index: patches/patch-src_vfs_smbfs_helpers_lib_username_c
===================================================================
RCS file: patches/patch-src_vfs_smbfs_helpers_lib_username_c
diff -N patches/patch-src_vfs_smbfs_helpers_lib_username_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_vfs_smbfs_helpers_lib_username_c 11 Jul 2016 19:58:56 -0000
@@ -0,0 +1,21 @@
+$OpenBSD$
+--- src/vfs/smbfs/helpers/lib/username.c.orig Mon Jul 11 18:13:27 2016
++++ src/vfs/smbfs/helpers/lib/username.c Mon Jul 11 18:17:25 2016
+@@ -171,7 +171,7 @@ _Get_Pwnam (const char *s)
+ {
+     struct passwd *ret;
+
+-    ret = getpwnam (s);
++    ret = getpwnam_shadow (s);
+     if (ret)
+     {
+ #ifdef HAVE_GETPWANAM
+@@ -185,6 +185,8 @@ _Get_Pwnam (const char *s)
+ #endif
+
+     }
++    else
++        fprintf (stderr, "getpwnam_shadow == NULL\n");
+
+     return (ret);
+ }
Index: patches/patch-src_vfs_smbfs_helpers_lib_util_c
===================================================================
RCS file: patches/patch-src_vfs_smbfs_helpers_lib_util_c
diff -N patches/patch-src_vfs_smbfs_helpers_lib_util_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_vfs_smbfs_helpers_lib_util_c 11 Jul 2016 19:58:56 -0000
@@ -0,0 +1,21 @@
+$OpenBSD$
+--- src/vfs/smbfs/helpers/lib/util.c.orig Mon Jul 11 18:06:04 2016
++++ src/vfs/smbfs/helpers/lib/util.c Mon Jul 11 18:17:25 2016
+@@ -2506,7 +2506,7 @@ char *
+ uidtoname (uid_t uid)
+ {
+     static char name[40];
+-    struct passwd *pass = getpwuid (uid);
++    struct passwd *pass = getpwuid_shadow (uid);
+     if (pass)
+         return (pass->pw_name);
+     slprintf (name, sizeof (name) - 1, "%d", (int) uid);
+@@ -2535,7 +2535,7 @@ turn a user name into a uid
+ uid_t
+ nametouid (const char *name)
+ {
+-    struct passwd *pass = getpwnam (name);
++    struct passwd *pass = getpwnam_shadow (name);
+     if (pass)
+         return (pass->pw_uid);
+     return (uid_t) - 1;

Reply | Threaded
Open this post in threaded view
|

Re: Slowing down for the release

Stuart Henderson
On 2016/07/11 22:03, Rafael Sadowski wrote:
> Looks like mc works fine with _shadow (maybe without too).

The only time getpw*_shadow functions are needed are when the password
field (pw_passwd) are used. These don't need just a search-and-replace
for getpw*->getpw*_shadow, they need a small amount of work to figure
out what the code is doing.

> +--- lib/lock.c.orig Mon Jul 11 18:04:49 2016
> ++++ lib/lock.c Mon Jul 11 18:07:53 2016
> +@@ -91,7 +91,7 @@ lock_build_name (void)
> +     const char *user = NULL;
> +     struct passwd *pw;
> +
> +-    pw = getpwuid (getuid ());
> ++    pw = getpwuid_shadow (getuid ());
> +     if (pw)
> +         user = pw->pw_name;
> +     if (!user)

From the filename I thought this might be some screen-lock thing
which might actually need a change, but actually looking at the code
it's just creating a lockfile. So NAK to this one.

> Index: patches/patch-lib_shell_c

And this just wants the shell name.

> Index: patches/patch-lib_utilunix_c

This does ~username -> /home/username etc.

> Index: patches/patch-lib_vfs_interface_c

temp dir creation.

> Index: patches/patch-lib_vfs_utilvfs_c
> Index: patches/patch-src_filemanager_layout_c
> Index: patches/patch-src_vfs_fish_fish_c
> Index: patches/patch-src_vfs_smbfs_helpers_lib_util_c

username/gid lookup.

> Index: patches/patch-src_filemanager_achown_c
> Index: patches/patch-src_filemanager_chown_c

names for list display or something?

> Index: patches/patch-src_filemanager_layout_c.orig

err.. :)

> Index: patches/patch-src_vfs_smbfs_helpers_lib_username_c

This is the only one that actually deals with pw_passwd by
filling it in from (SunOS's?) getpwanam(). But I don't see anything
that actually uses the password field. I think they just pulled
across a bunch of (probably samba) code that they don't need.

So this looks to me like one of the red herrings I mentioned.