-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Mon, 05 Jan 2009 16:53:48 -0600 Source: libsemanage Binary: libsemanage1 libsemanage1-dev python-semanage Architecture: source amd64 Version: 2.0.25-3 Distribution: unstable Urgency: high Maintainer: Manoj Srivastava <srivasta@debian.org> Changed-By: Manoj Srivastava <srivasta@debian.org> Description: libsemanage1 - shared libraries used by SELinux policy manipulation tools libsemanage1-dev - Header files and libraries for SELinux policy manipulation tools python-semanage - Python bindings for SELinux policy manipulation tools Closes: 510134 Changes: libsemanage (2.0.25-3) unstable; urgency=high . * [bab6644]: Also check for the uppoer bound on user ids in login.defs . Some non-Debian packages (like qmail, shudder) create users not below MIN_UID, but above MAX_UID, in /etc/login.defs (non-system users are supposed to have uids between MIN_UID and MAX_UID. . genhomedircon.c:gethomedirs() checks pwent.pw_uid against MIN_UID in /etc/login.defs to exclude system users from generating homedir contexts. But unfortunately it does not check it against MAX_UID setting from the same file. This gets us lines like the following in the contexts/files/file_contexts.homedirs file: ,---- | # | # Home Context for user user_u | # | /var/qmail/[^/]*/.+ user_u:object_r:user_home_t:s0 | /var/qmail/[^/]*/\.ssh(/.*)? user_u:object_r:user_home_ssh_t:s0 | /var/qmail/[^/]*/\.gnupg(/.+)? user_u:object_r:user_gpg_secret_t:s0 | /var/qmail/[^/]* -d user_u:object_r:user_home_dir_t:s0 | /var/qmail/lost\+found/.* <<none>> | /var/qmail -d system_u:object_r:home_root_t:s0 | /var/qmail/\.journal <<none>> | /var/qmail/lost\+found -d system_u:object_r:lost_found_t:s0 | /tmp/gconfd-.* -d user_u:object_r:user_tmp_t:s0 `---- This commit adds checking uid value againt MAX_UID too. . Bug fix: "login.defs:MAX_UID have no effect on generating list of valid users, but MIN_UID does have.", thanks to root (Closes: #510134). Checksums-Sha1: 80256ee200b3c864309b06d18b906201999830b8 1298 libsemanage_2.0.25-3.dsc 6ff088af25f9913f8465ca9aebb2acddd95af3e9 29891 libsemanage_2.0.25-3.diff.gz c4b2cd8d32a62d2ce7d7a1bf8e3243606f6cef09 94534 libsemanage1_2.0.25-3_amd64.deb b57f3cd9a5d1cd31dd569b840d8fc2b95dee1db0 434630 libsemanage1-dev_2.0.25-3_amd64.deb 010bb748ed58bb71dd18611990f0d547f75c1f39 124076 python-semanage_2.0.25-3_amd64.deb Checksums-Sha256: 875133d6f86367833dbc9579ca924d4fa2dcad0a424d4d16595334ab5913865b 1298 libsemanage_2.0.25-3.dsc e547af1ea34767049f2a8ea00c07badd30373c9cfc21d54ffb17359f32a32a31 29891 libsemanage_2.0.25-3.diff.gz b96cd635787409b036fd0b5b294cbfb74b1b40364902a6aaa43a89a5102d0750 94534 libsemanage1_2.0.25-3_amd64.deb fc79d72f3292e80734e99e4d7aa8f74cc114a5eab17ebac3a24575d5448e8622 434630 libsemanage1-dev_2.0.25-3_amd64.deb f5cdbef2d5596dcf7841ec72fe38de2412059a4466cd0335493c207bc98320a9 124076 python-semanage_2.0.25-3_amd64.deb Files: 04a6a578841981f6ef7d704f58115957 1298 libdevel optional libsemanage_2.0.25-3.dsc 6d89e4da96ff0b27bc5f1efd4e8b8816 29891 libdevel optional libsemanage_2.0.25-3.diff.gz 94c48f8ab1fcaeeab48d6b30d95d8f5c 94534 libs optional libsemanage1_2.0.25-3_amd64.deb b0946383675449b96c6200fa58cf384f 434630 libdevel optional libsemanage1-dev_2.0.25-3_amd64.deb 54b603e244be7e6663ff422499006031 124076 python optional python-semanage_2.0.25-3_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAklipnkACgkQIbrau78kQkzF6ACgtJWJqq9j6c6RtcSollW0sxVq M4wAnR0d3gc8fGe2NPTjmioVqWB8OYIt =fXuW -----END PGP SIGNATURE----- Accepted: libsemanage1-dev_2.0.25-3_amd64.deb to pool/main/libs/libsemanage/libsemanage1-dev_2.0.25-3_amd64.deb libsemanage1_2.0.25-3_amd64.deb to pool/main/libs/libsemanage/libsemanage1_2.0.25-3_amd64.deb libsemanage_2.0.25-3.diff.gz to pool/main/libs/libsemanage/libsemanage_2.0.25-3.diff.gz libsemanage_2.0.25-3.dsc to pool/main/libs/libsemanage/libsemanage_2.0.25-3.dsc python-semanage_2.0.25-3_amd64.deb to pool/main/libs/libsemanage/python-semanage_2.0.25-3_amd64.deb