Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock X-Debbugs-Cc: accountsserv...@packages.debian.org Control: affects -1 + src:accountsservice
accountsservice could benefit from some appropriate age-days to get it into testing a bit sooner. It's currently at 3 of 10 days. (Do you want requests like this for important/RC bug fixes during soft freeze in general, or should maintainers prefer to wait 10 days and hope that manual intervention isn't needed?) [ Reason ] Fixes a regression introduced while fixing previous RC bugs. [ Impact ] If not accepted, accounts-daemon crashes with an assertion failure on systems where /etc/shadow doesn't exist (pwunconv or shadowconfig off), which is inadvisable but at least partially supported. This leads to gdm and probably other login managers not starting, preventing login. (#1031309) This is a regression caused by my previous fix for #1030262, which is already in testing. At the time of fixing #1030262 it hadn't occurred to me that a missing /etc/shadow was something that could happen on a supportable system. [ Tests ] The scenario with the crash was manually tested in a bookworm GNOME VM. It seemed too rare and weird to add an automated test, but the automated test added while fixing #1030262 and #1030253 still passes in this version. [ Risks ] The service is high-visibility and security-sensitive, but the change is straightforward (allowing a hash table to be NULL) and was already accepted upstream. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock accountsservice/22.08.8-6
diffstat for accountsservice-22.08.8 accountsservice-22.08.8 debian/changelog | 10 ++ debian/patches/0005-gdm_config_file_path.patch | 7 - debian/patches/Annotate-varargs-functions-with-G_GNUC_PRINTF.patch | 1 debian/patches/daemon-Don-t-crash-if-etc-shadow-doesn-t-exist.patch | 41 ++++++++++ debian/patches/series | 1 debian/patches/tests-fix-invocation-of-AddUser.patch | 2 debian/patches/tests-fix-the-signature-for-the-SetLocked-call.patch | 2 debian/patches/user-Use-correct-format-strings-to-print-accounts_user_ge.patch | 1 src/daemon.c | 5 - 9 files changed, 61 insertions(+), 9 deletions(-) diff -Nru accountsservice-22.08.8/debian/changelog accountsservice-22.08.8/debian/changelog --- accountsservice-22.08.8/debian/changelog 2023-02-07 13:46:10.000000000 +0000 +++ accountsservice-22.08.8/debian/changelog 2023-02-18 09:22:31.000000000 +0000 @@ -1,3 +1,13 @@ +accountsservice (22.08.8-6) unstable; urgency=medium + + * Team upload + * d/p/daemon-Don-t-crash-if-etc-shadow-doesn-t-exist.patch: + Add patch to prevent a crash if /etc/shadow is missing or empty + (Closes: #1031309) + * d/patches: Mark most patches as having been applied upstream + + -- Simon McVittie <s...@debian.org> Sat, 18 Feb 2023 09:22:31 +0000 + accountsservice (22.08.8-5) unstable; urgency=medium * Team upload diff -Nru accountsservice-22.08.8/debian/patches/0005-gdm_config_file_path.patch accountsservice-22.08.8/debian/patches/0005-gdm_config_file_path.patch --- accountsservice-22.08.8/debian/patches/0005-gdm_config_file_path.patch 2023-02-07 13:46:10.000000000 +0000 +++ accountsservice-22.08.8/debian/patches/0005-gdm_config_file_path.patch 2023-02-18 09:22:31.000000000 +0000 @@ -1,11 +1,10 @@ From: Josselin Mouette <j...@debian.org> Date: Sat, 12 Oct 2019 10:29:08 +0200 -Subject: Fix path to the GDM configuration file, which is different +Subject: Fix path to the GDM configuration file -Bug-Debian: http://bugs.debian.org/627311 -Bug: https://bugs.freedesktop.org/show_bug.cgi?id=49993 +It's different in Debian. -in Debian. +Bug-Debian: http://bugs.debian.org/627311 Bug: https://bugs.freedesktop.org/show_bug.cgi?id=49993 --- src/daemon.c | 2 +- diff -Nru accountsservice-22.08.8/debian/patches/Annotate-varargs-functions-with-G_GNUC_PRINTF.patch accountsservice-22.08.8/debian/patches/Annotate-varargs-functions-with-G_GNUC_PRINTF.patch --- accountsservice-22.08.8/debian/patches/Annotate-varargs-functions-with-G_GNUC_PRINTF.patch 2023-02-07 13:46:10.000000000 +0000 +++ accountsservice-22.08.8/debian/patches/Annotate-varargs-functions-with-G_GNUC_PRINTF.patch 2023-02-18 09:22:31.000000000 +0000 @@ -8,6 +8,7 @@ Bug: https://gitlab.freedesktop.org/accountsservice/accountsservice/-/issues/109 Signed-off-by: Simon McVittie <s...@debian.org> Forwarded: https://gitlab.freedesktop.org/accountsservice/accountsservice/-/merge_requests/120 +Applied-upstream: 23.0, commit:c142812f7653cd1f6e52224da8410cd09f102a4f --- src/daemon.c | 5 +++++ src/user.c | 5 +++++ diff -Nru accountsservice-22.08.8/debian/patches/daemon-Don-t-crash-if-etc-shadow-doesn-t-exist.patch accountsservice-22.08.8/debian/patches/daemon-Don-t-crash-if-etc-shadow-doesn-t-exist.patch --- accountsservice-22.08.8/debian/patches/daemon-Don-t-crash-if-etc-shadow-doesn-t-exist.patch 1970-01-01 01:00:00.000000000 +0100 +++ accountsservice-22.08.8/debian/patches/daemon-Don-t-crash-if-etc-shadow-doesn-t-exist.patch 2023-02-18 09:22:31.000000000 +0000 @@ -0,0 +1,41 @@ +From: Simon McVittie <s...@debian.org> +Date: Fri, 17 Feb 2023 23:59:12 +0000 +Subject: daemon: Don't crash if /etc/shadow doesn't exist + +Turning off shadow passwords with `shadowconfig off` or `pwunconv` is +something that distributions still at least half-support, and +apparently some people genuinely do this. In this situation, treat all +users as non-local (until cached) but don't crash. + +Bug-Debian: https://bugs.debian.org/1031309 +Signed-off-by: Simon McVittie <s...@debian.org> +Forwarded: https://gitlab.freedesktop.org/accountsservice/accountsservice/-/merge_requests/121 +Applied-upstream: 23.0, commit:322165ea2e1c1c4715d532910ccb31b3d1e0a04e +--- + src/daemon.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/src/daemon.c b/src/daemon.c +index c29a8cf..8fd91fe 100644 +--- a/src/daemon.c ++++ b/src/daemon.c +@@ -494,7 +494,6 @@ reload_users (Daemon *daemon) + + /* Load the local users into our hash tables */ + load_entries (daemon, users, FALSE, entry_generator_fgetpwent, &local); +- g_assert (local != NULL); + + /* Now add/update users from other sources, possibly non-local */ + load_entries (daemon, users, TRUE, entry_generator_cachedir, NULL); +@@ -510,9 +509,9 @@ reload_users (Daemon *daemon) + User *user = value; + if (!user_get_system_account (user)) + number_of_normal_users++; +- user_update_local_account_property (user, g_hash_table_lookup (local, name) != NULL); ++ user_update_local_account_property (user, local != NULL && g_hash_table_lookup (local, name) != NULL); + } +- g_hash_table_destroy (local); ++ g_clear_pointer (&local, g_hash_table_destroy); + + had_no_users = accounts_accounts_get_has_no_users (accounts); + has_no_users = number_of_normal_users == 0; diff -Nru accountsservice-22.08.8/debian/patches/series accountsservice-22.08.8/debian/patches/series --- accountsservice-22.08.8/debian/patches/series 2023-02-07 13:46:10.000000000 +0000 +++ accountsservice-22.08.8/debian/patches/series 2023-02-18 09:22:31.000000000 +0000 @@ -8,3 +8,4 @@ daemon-Define-local-users-as-being-exactly-those-present-.patch user-Use-correct-format-strings-to-print-accounts_user_ge.patch Annotate-varargs-functions-with-G_GNUC_PRINTF.patch +daemon-Don-t-crash-if-etc-shadow-doesn-t-exist.patch diff -Nru accountsservice-22.08.8/debian/patches/tests-fix-invocation-of-AddUser.patch accountsservice-22.08.8/debian/patches/tests-fix-invocation-of-AddUser.patch --- accountsservice-22.08.8/debian/patches/tests-fix-invocation-of-AddUser.patch 2023-02-07 13:46:10.000000000 +0000 +++ accountsservice-22.08.8/debian/patches/tests-fix-invocation-of-AddUser.patch 2023-02-18 09:22:31.000000000 +0000 @@ -7,7 +7,7 @@ before dbusmock commit f8709a9 because these methods were never really looked at. -Origin: https://gitlab.freedesktop.org/accountsservice/accountsservice/-/commit/c588aea0 +Origin: upstream, 23.0, commit:https://gitlab.freedesktop.org/accountsservice/accountsservice/-/commit/c588aea0 --- tests/dbusmock/accounts_service.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff -Nru accountsservice-22.08.8/debian/patches/tests-fix-the-signature-for-the-SetLocked-call.patch accountsservice-22.08.8/debian/patches/tests-fix-the-signature-for-the-SetLocked-call.patch --- accountsservice-22.08.8/debian/patches/tests-fix-the-signature-for-the-SetLocked-call.patch 2023-02-07 13:46:10.000000000 +0000 +++ accountsservice-22.08.8/debian/patches/tests-fix-the-signature-for-the-SetLocked-call.patch 2023-02-18 09:22:31.000000000 +0000 @@ -4,7 +4,7 @@ It's a boolean, not a string -Origin: https://gitlab.freedesktop.org/accountsservice/accountsservice/-/commit/fea3ecdc +Origin: upstream, 23.0, commit:https://gitlab.freedesktop.org/accountsservice/accountsservice/-/commit/fea3ecdc --- tests/dbusmock/accounts_service.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff -Nru accountsservice-22.08.8/debian/patches/user-Use-correct-format-strings-to-print-accounts_user_ge.patch accountsservice-22.08.8/debian/patches/user-Use-correct-format-strings-to-print-accounts_user_ge.patch --- accountsservice-22.08.8/debian/patches/user-Use-correct-format-strings-to-print-accounts_user_ge.patch 2023-02-07 13:46:10.000000000 +0000 +++ accountsservice-22.08.8/debian/patches/user-Use-correct-format-strings-to-print-accounts_user_ge.patch 2023-02-18 09:22:31.000000000 +0000 @@ -15,6 +15,7 @@ Bug: https://gitlab.freedesktop.org/accountsservice/accountsservice/-/issues/109 Signed-off-by: Simon McVittie <s...@debian.org> Forwarded: https://gitlab.freedesktop.org/accountsservice/accountsservice/-/merge_requests/120 +Applied-upstream: 23.0, commit:a1a330b8720e4bc1c2154f120196372627dc7b2a --- src/user.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff -Nru accountsservice-22.08.8/src/daemon.c accountsservice-22.08.8/src/daemon.c --- accountsservice-22.08.8/src/daemon.c 2023-02-21 14:46:04.000000000 +0000 +++ accountsservice-22.08.8/src/daemon.c 2023-02-21 14:46:04.000000000 +0000 @@ -494,7 +494,6 @@ /* Load the local users into our hash tables */ load_entries (daemon, users, FALSE, entry_generator_fgetpwent, &local); - g_assert (local != NULL); /* Now add/update users from other sources, possibly non-local */ load_entries (daemon, users, TRUE, entry_generator_cachedir, NULL); @@ -510,9 +509,9 @@ User *user = value; if (!user_get_system_account (user)) number_of_normal_users++; - user_update_local_account_property (user, g_hash_table_lookup (local, name) != NULL); + user_update_local_account_property (user, local != NULL && g_hash_table_lookup (local, name) != NULL); } - g_hash_table_destroy (local); + g_clear_pointer (&local, g_hash_table_destroy); had_no_users = accounts_accounts_get_has_no_users (accounts); has_no_users = number_of_normal_users == 0;
