[Reproducible-commits] [dpkg] 06/13: dpkg-statoverride: Do not accept unknown user or group names on --add

Holger Levsen holger at layer-acht.org
Tue May 3 08:44:15 UTC 2016 

This is an automated email from the git hooks/post-receive script.

holger pushed a commit to annotated tag 1.17.24
in repository dpkg.

commit 5c58085b746d234066ea94d386182cfc72c612ba
Author: Guillem Jover <guillem at debian.org>
Date:   Mon Feb 2 23:37:28 2015 +0100

    dpkg-statoverride: Do not accept unknown user or group names on --add
    
    We should not allow adding user or group names to the database that do
    not exist in the system passwd database, as the main dpkg program uses
    strict parsing and will fail with an unrecoverable fatal error if it
    cannot find a matching name for a uid/gid.
    
    Regression introduced in commit e4d6db177fad401ddc8432cf0e2c64e4fcf7bc0d,
    where we went from too strict to too lax parsing.
    
    Closes: #775124
---
 debian/changelog |  2 ++
 src/statcmd.c    | 10 ++++------
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index d1132e6..ad6b4e0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -9,6 +9,8 @@ dpkg (1.17.24) UNRELEASED; urgency=low
     the necessary version adjustments).
   * Add Conflicts for removed packages expecting dpkg to ship install-info.
     Namely octave3.2-info, octave3.0-info and polgen-doc. Closes: #776984
+  * Do not accept unknown user or group names on «dpkg-statoverride --add».
+    Regression introduced in dpkg 1.17.11. Closes: #775124
 
   [ Updated manpages translations ]
   * German (Helge Kreutzmann).
diff --git a/src/statcmd.c b/src/statcmd.c
index 3900652..7edd0d4 100644
--- a/src/statcmd.c
+++ b/src/statcmd.c
@@ -123,14 +123,12 @@ statdb_node_new(const char *user, const char *group, const char *mode)
 
 	filestat->uid = statdb_parse_uid(user);
 	if (filestat->uid == (uid_t)-1)
-		filestat->uname = nfstrsave(user);
-	else
-		filestat->uname = NULL;
+		ohshit(_("user '%s' does not exist"), user);
+	filestat->uname = NULL;
 	filestat->gid = statdb_parse_gid(group);
 	if (filestat->gid == (gid_t)-1)
-		filestat->gname = nfstrsave(group);
-	else
-		filestat->gname = NULL;
+		ohshit(_("group '%s' does not exist"), group);
+	filestat->gname = NULL;
 	filestat->mode = statdb_parse_mode(mode);
 
 	return filestat;

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/dpkg.git

More information about the Reproducible-commits mailing list