[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1031725: unblock: accountsservice/22.08.8-6

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: accountsservice@packages.debian.org
Control: affects -1 + src:accountsservice

accountsservice could benefit from some appropriate age-days to get it
into testing a bit sooner. It's currently at 3 of 10 days.

(Do you want requests like this for important/RC bug fixes during soft
freeze in general, or should maintainers prefer to wait 10 days and hope
that manual intervention isn't needed?)

[ Reason ]
Fixes a regression introduced while fixing previous RC bugs.

[ Impact ]
If not accepted, accounts-daemon crashes with an assertion failure on
systems where /etc/shadow doesn't exist (pwunconv or shadowconfig off),
which is inadvisable but at least partially supported. This leads to
gdm and probably other login managers not starting, preventing login.
(#1031309)

This is a regression caused by my previous fix for #1030262, which is
already in testing. At the time of fixing #1030262 it hadn't occurred
to me that a missing /etc/shadow was something that could happen on a
supportable system.

[ Tests ]
The scenario with the crash was manually tested in a bookworm GNOME VM. It
seemed too rare and weird to add an automated test, but the automated test
added while fixing #1030262 and #1030253 still passes in this version.

[ Risks ]
The service is high-visibility and security-sensitive, but the change
is straightforward (allowing a hash table to be NULL) and was already
accepted upstream.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

unblock accountsservice/22.08.8-6

diffstat for accountsservice-22.08.8 accountsservice-22.08.8

 debian/changelog                                                               |   10 ++
 debian/patches/0005-gdm_config_file_path.patch                                 |    7 -
 debian/patches/Annotate-varargs-functions-with-G_GNUC_PRINTF.patch             |    1 
 debian/patches/daemon-Don-t-crash-if-etc-shadow-doesn-t-exist.patch            |   41 ++++++++++
 debian/patches/series                                                          |    1 
 debian/patches/tests-fix-invocation-of-AddUser.patch                           |    2 
 debian/patches/tests-fix-the-signature-for-the-SetLocked-call.patch            |    2 
 debian/patches/user-Use-correct-format-strings-to-print-accounts_user_ge.patch |    1 
 src/daemon.c                                                                   |    5 -
 9 files changed, 61 insertions(+), 9 deletions(-)

diff -Nru accountsservice-22.08.8/debian/changelog accountsservice-22.08.8/debian/changelog
--- accountsservice-22.08.8/debian/changelog	2023-02-07 13:46:10.000000000 +0000
+++ accountsservice-22.08.8/debian/changelog	2023-02-18 09:22:31.000000000 +0000
@@ -1,3 +1,13 @@
+accountsservice (22.08.8-6) unstable; urgency=medium
+
+  * Team upload
+  * d/p/daemon-Don-t-crash-if-etc-shadow-doesn-t-exist.patch:
+    Add patch to prevent a crash if /etc/shadow is missing or empty
+    (Closes: #1031309)
+  * d/patches: Mark most patches as having been applied upstream
+
+ -- Simon McVittie <smcv@debian.org>  Sat, 18 Feb 2023 09:22:31 +0000
+
 accountsservice (22.08.8-5) unstable; urgency=medium
 
   * Team upload
diff -Nru accountsservice-22.08.8/debian/patches/0005-gdm_config_file_path.patch accountsservice-22.08.8/debian/patches/0005-gdm_config_file_path.patch
--- accountsservice-22.08.8/debian/patches/0005-gdm_config_file_path.patch	2023-02-07 13:46:10.000000000 +0000
+++ accountsservice-22.08.8/debian/patches/0005-gdm_config_file_path.patch	2023-02-18 09:22:31.000000000 +0000
@@ -1,11 +1,10 @@
 From: Josselin Mouette <joss@debian.org>
 Date: Sat, 12 Oct 2019 10:29:08 +0200
-Subject: Fix path to the GDM configuration file, which is different
+Subject: Fix path to the GDM configuration file
 
-Bug-Debian: http://bugs.debian.org/627311
-Bug: https://bugs.freedesktop.org/show_bug.cgi?id=49993
+It's different in Debian.
 
-in Debian.
+Bug-Debian: http://bugs.debian.org/627311
 Bug: https://bugs.freedesktop.org/show_bug.cgi?id=49993
 ---
  src/daemon.c | 2 +-
diff -Nru accountsservice-22.08.8/debian/patches/Annotate-varargs-functions-with-G_GNUC_PRINTF.patch accountsservice-22.08.8/debian/patches/Annotate-varargs-functions-with-G_GNUC_PRINTF.patch
--- accountsservice-22.08.8/debian/patches/Annotate-varargs-functions-with-G_GNUC_PRINTF.patch	2023-02-07 13:46:10.000000000 +0000
+++ accountsservice-22.08.8/debian/patches/Annotate-varargs-functions-with-G_GNUC_PRINTF.patch	2023-02-18 09:22:31.000000000 +0000
@@ -8,6 +8,7 @@
 Bug: https://gitlab.freedesktop.org/accountsservice/accountsservice/-/issues/109
 Signed-off-by: Simon McVittie <smcv@debian.org>
 Forwarded: https://gitlab.freedesktop.org/accountsservice/accountsservice/-/merge_requests/120
+Applied-upstream: 23.0, commit:c142812f7653cd1f6e52224da8410cd09f102a4f
 ---
  src/daemon.c | 5 +++++
  src/user.c   | 5 +++++
diff -Nru accountsservice-22.08.8/debian/patches/daemon-Don-t-crash-if-etc-shadow-doesn-t-exist.patch accountsservice-22.08.8/debian/patches/daemon-Don-t-crash-if-etc-shadow-doesn-t-exist.patch
--- accountsservice-22.08.8/debian/patches/daemon-Don-t-crash-if-etc-shadow-doesn-t-exist.patch	1970-01-01 01:00:00.000000000 +0100
+++ accountsservice-22.08.8/debian/patches/daemon-Don-t-crash-if-etc-shadow-doesn-t-exist.patch	2023-02-18 09:22:31.000000000 +0000
@@ -0,0 +1,41 @@
+From: Simon McVittie <smcv@debian.org>
+Date: Fri, 17 Feb 2023 23:59:12 +0000
+Subject: daemon: Don't crash if /etc/shadow doesn't exist
+
+Turning off shadow passwords with `shadowconfig off` or `pwunconv` is
+something that distributions still at least half-support, and
+apparently some people genuinely do this. In this situation, treat all
+users as non-local (until cached) but don't crash.
+
+Bug-Debian: https://bugs.debian.org/1031309
+Signed-off-by: Simon McVittie <smcv@debian.org>
+Forwarded: https://gitlab.freedesktop.org/accountsservice/accountsservice/-/merge_requests/121
+Applied-upstream: 23.0, commit:322165ea2e1c1c4715d532910ccb31b3d1e0a04e
+---
+ src/daemon.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/src/daemon.c b/src/daemon.c
+index c29a8cf..8fd91fe 100644
+--- a/src/daemon.c
++++ b/src/daemon.c
+@@ -494,7 +494,6 @@ reload_users (Daemon *daemon)
+ 
+         /* Load the local users into our hash tables */
+         load_entries (daemon, users, FALSE, entry_generator_fgetpwent, &local);
+-        g_assert (local != NULL);
+ 
+         /* Now add/update users from other sources, possibly non-local */
+         load_entries (daemon, users, TRUE, entry_generator_cachedir, NULL);
+@@ -510,9 +509,9 @@ reload_users (Daemon *daemon)
+                 User *user = value;
+                 if (!user_get_system_account (user))
+                         number_of_normal_users++;
+-                user_update_local_account_property (user, g_hash_table_lookup (local, name) != NULL);
++                user_update_local_account_property (user, local != NULL && g_hash_table_lookup (local, name) != NULL);
+         }
+-        g_hash_table_destroy (local);
++        g_clear_pointer (&local, g_hash_table_destroy);
+ 
+         had_no_users = accounts_accounts_get_has_no_users (accounts);
+         has_no_users = number_of_normal_users == 0;
diff -Nru accountsservice-22.08.8/debian/patches/series accountsservice-22.08.8/debian/patches/series
--- accountsservice-22.08.8/debian/patches/series	2023-02-07 13:46:10.000000000 +0000
+++ accountsservice-22.08.8/debian/patches/series	2023-02-18 09:22:31.000000000 +0000
@@ -8,3 +8,4 @@
 daemon-Define-local-users-as-being-exactly-those-present-.patch
 user-Use-correct-format-strings-to-print-accounts_user_ge.patch
 Annotate-varargs-functions-with-G_GNUC_PRINTF.patch
+daemon-Don-t-crash-if-etc-shadow-doesn-t-exist.patch
diff -Nru accountsservice-22.08.8/debian/patches/tests-fix-invocation-of-AddUser.patch accountsservice-22.08.8/debian/patches/tests-fix-invocation-of-AddUser.patch
--- accountsservice-22.08.8/debian/patches/tests-fix-invocation-of-AddUser.patch	2023-02-07 13:46:10.000000000 +0000
+++ accountsservice-22.08.8/debian/patches/tests-fix-invocation-of-AddUser.patch	2023-02-18 09:22:31.000000000 +0000
@@ -7,7 +7,7 @@
 before dbusmock commit f8709a9 because these methods were never really
 looked at.
 
-Origin: https://gitlab.freedesktop.org/accountsservice/accountsservice/-/commit/c588aea0
+Origin: upstream, 23.0, commit:https://gitlab.freedesktop.org/accountsservice/accountsservice/-/commit/c588aea0
 ---
  tests/dbusmock/accounts_service.py | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
diff -Nru accountsservice-22.08.8/debian/patches/tests-fix-the-signature-for-the-SetLocked-call.patch accountsservice-22.08.8/debian/patches/tests-fix-the-signature-for-the-SetLocked-call.patch
--- accountsservice-22.08.8/debian/patches/tests-fix-the-signature-for-the-SetLocked-call.patch	2023-02-07 13:46:10.000000000 +0000
+++ accountsservice-22.08.8/debian/patches/tests-fix-the-signature-for-the-SetLocked-call.patch	2023-02-18 09:22:31.000000000 +0000
@@ -4,7 +4,7 @@
 
 It's a boolean, not a string
 
-Origin: https://gitlab.freedesktop.org/accountsservice/accountsservice/-/commit/fea3ecdc
+Origin: upstream, 23.0, commit:https://gitlab.freedesktop.org/accountsservice/accountsservice/-/commit/fea3ecdc
 ---
  tests/dbusmock/accounts_service.py | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
diff -Nru accountsservice-22.08.8/debian/patches/user-Use-correct-format-strings-to-print-accounts_user_ge.patch accountsservice-22.08.8/debian/patches/user-Use-correct-format-strings-to-print-accounts_user_ge.patch
--- accountsservice-22.08.8/debian/patches/user-Use-correct-format-strings-to-print-accounts_user_ge.patch	2023-02-07 13:46:10.000000000 +0000
+++ accountsservice-22.08.8/debian/patches/user-Use-correct-format-strings-to-print-accounts_user_ge.patch	2023-02-18 09:22:31.000000000 +0000
@@ -15,6 +15,7 @@
 Bug: https://gitlab.freedesktop.org/accountsservice/accountsservice/-/issues/109
 Signed-off-by: Simon McVittie <smcv@debian.org>
 Forwarded: https://gitlab.freedesktop.org/accountsservice/accountsservice/-/merge_requests/120
+Applied-upstream: 23.0, commit:a1a330b8720e4bc1c2154f120196372627dc7b2a
 ---
  src/user.c | 24 ++++++++++++------------
  1 file changed, 12 insertions(+), 12 deletions(-)
diff -Nru accountsservice-22.08.8/src/daemon.c accountsservice-22.08.8/src/daemon.c
--- accountsservice-22.08.8/src/daemon.c	2023-02-21 14:46:04.000000000 +0000
+++ accountsservice-22.08.8/src/daemon.c	2023-02-21 14:46:04.000000000 +0000
@@ -494,7 +494,6 @@
 
         /* Load the local users into our hash tables */
         load_entries (daemon, users, FALSE, entry_generator_fgetpwent, &local);
-        g_assert (local != NULL);
 
         /* Now add/update users from other sources, possibly non-local */
         load_entries (daemon, users, TRUE, entry_generator_cachedir, NULL);
@@ -510,9 +509,9 @@
                 User *user = value;
                 if (!user_get_system_account (user))
                         number_of_normal_users++;
-                user_update_local_account_property (user, g_hash_table_lookup (local, name) != NULL);
+                user_update_local_account_property (user, local != NULL && g_hash_table_lookup (local, name) != NULL);
         }
-        g_hash_table_destroy (local);
+        g_clear_pointer (&local, g_hash_table_destroy);
 
         had_no_users = accounts_accounts_get_has_no_users (accounts);
         has_no_users = number_of_normal_users == 0;
Reply to: