[Mageia-dev] shadow-utils

Colin Guthrie mageia at colin.guthr.ie
Tue Feb 28 13:56:22 CET 2012 

'Twas brillig, and Colin Guthrie at 28/02/12 11:28 did gyre and gimble:
> 'Twas brillig, and Colin Guthrie at 28/02/12 11:03 did gyre and gimble:
>> Hi,
>>
>> Someone needs to update this package - any volunteers? It's quite an
>> important package so please be careful if you are a novice :D
>>
>> The latest version (4.1.5) contains a fix for a CVE so I think we should
>> update it before mga2... only problem is that that the tcb related
>> patches need rediffed. I didn't look closely, but I suspect this will
>> take a bit of time and a at least a bit of understanding of the code.
>> Perhaps it won't be too hard tho'.
>>
>> I also think we should remove /usr/bin/login from that package (fedora
>> already do this). We already have /bin/login from util-linux (and also
>> had this in mga1) so providing two different login implementations from
>> two different packages but in different paths just seems like a recipe
>> for problems to me (and certainly will cause problems when we do the
>> /usr consolidation for mga3).
>>
>> Any takers? If not, I'll have a look in a week or so.
> 
> Oh forgot to mention that the current SVN doesn't build due to a source
> file mismatch... Updating the spec to  match the binary version (which
> is newer) works fine and the patches still apply. It's just the jump up
> to 4.1.5 that causes the patches not to apply.

Actually, just looking at things, it seems upstream has included tcb
support... sadly the patch committed upstream is quite different to the
version we have :(

I guess someone will have to do a fair bit of testing before we can use
this.

Might be best to stick with 4.1.4.3 (small update to what we have
currently) but backport the fix for CVE-2005-4890...

Then look at updating after mga2.

Tho' if someone does want to look I wouldn't necessarily be against it.

Col


-- 

Colin Guthrie
colin(at)mageia.org
http://colin.guthr.ie/

Day Job:
  Tribalogic Limited http://www.tribalogic.net/
Open Source:
  Mageia Contributor http://www.mageia.org/
  PulseAudio Hacker http://www.pulseaudio.org/
  Trac Hacker http://trac.edgewall.org/

More information about the Mageia-dev mailing list