lib/getdate.y: Ignore time-zone information and use UTC #1214
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Collaborator
Author
|
I think this should partially close your issue (the other part being printing also UTC, which is the other PR open about this at the moment). Please test. I think this should partially address your concern regarding parsing timezones. :-) |
alejandro-colomar
force-pushed
the
gd
branch
2 times, most recently
from
50b8330 to
1ba2fb5
Compare
alejandro-colomar
changed the title
Contributor
|
I'll note that usermod(8) documents exactly two acceptable formats: |
Contributor
Quick test looks good to me. |
Closed
Contributor
Also I just discovered it accepts |
Collaborator
Author
Yeah, that code is just brain damaged. If you don't specify a valid date, it goes dadada and doesn't report an error at all. |
Collaborator
Author
I definitely want to get rid of most of that code. I don't know how much I'll be able to get rid of, but ideally, I'd end up with a 10-liner date parser written in pure C. :-) |
alejandro-colomar
force-pushed
the
gd
branch
5 times, most recently
from
0b0cc2a to
a271823
Compare
Collaborator
Author
|
Actually, I think this fix is not correct/enough. |
Collaborator
Author
After chopping off most of lib/getdate.y code in #1217 , here's what remains in get_date(): time_t get_date (const char *p, const time_t *now)
{
struct tm tm;
yyInput = p;
yyHaveDate = 0;
if (yyparse ()
|| yyHaveDate > 1)
return -1;
tm.tm_year = ToYear (yyYear) - TM_YEAR_ORIGIN;
tm.tm_mon = yyMonth - 1;
tm.tm_mday = yyDay;
tm.tm_hour = tm.tm_min = tm.tm_sec = 0;
tm.tm_isdst = 0;
return mktime(&tm);
}See that mktime(3) call? That's all that matters. It's a local date. We need a UTC-equivalent of mktime(3). @timparenti, what do you recommend? |
Collaborator
Author
|
Ahhh, what I was looking for is timegm(3). I didn't remember about it. :-) |
Collaborator
Author
|
I have added a mention in the mktime(3) manual page. It was weird that there was no mention about it, except for a reference in SEE ALSO. commit 4da273dfd6880399f0ea87aa1a452fe07a60ed3a (HEAD -> contrib)
Author: Alejandro Colomar <[email protected]>
Date: Tue Feb 18 13:25:01 2025 +0100
man/man3/ctime.3: Mention that timegm(3) is a UTC equivalent of mktime(3)
Signed-off-by: Alejandro Colomar <[email protected]>
diff --git a/man/man3/ctime.3 b/man/man3/ctime.3
index acd6f1565..c2d14269c 100644
--- a/man/man3/ctime.3
+++ b/man/man3/ctime.3
@@ -177,6 +177,9 @@ .SH DESCRIPTION
.BR mktime ()
should (use timezone information and system databases to)
attempt to determine whether DST is in effect at the specified time.
+See
+.BR timegm (3)
+for a UTC equivalent of this function.
.P
The
.BR mktime () |
alejandro-colomar
force-pushed
the
gd
branch
from
a271823 to
e43879f
Compare
ikerexxe
reviewed
Feb 25, 2025
Collaborator
ikerexxe
left a comment
ikerexxe
left a comment
There was a problem hiding this comment.
As we would say in Spain, this code makes the baby Jesus cry (and me too, for that matter). With this I want to say that I am unable to review this code, but if you tell me that your tests work I see with good eyes to press the merge button.
Collaborator
Author
Yep, tests looked good. (You forgot to actually press approve? I can't merge otherwise. Or you can merge.) Thanks! |
Collaborator
No, unfortunately I can't review this code 😓 |
Collaborator
Author
Ok, so we should leave it for @hallyn to review? |
Member
|
I'll take a look. |
hallyn
reviewed
Feb 28, 2025
There is exactly one caller of this function, and it wants a date, not a time. It is useless to be able to parse local dates, because we ultimately store a UTC date. To avoid confusion, unconditionally use UTC. Since this code had important bugs regarding offset, we can safely assume that no existing users rely on being able to use their local date (this never worked correctly). Also, the code parsing time zones is quite bad, for today's standards. Link: <shadow-maint#1202> Link: <shadow-maint#1209> Reported-by: Chris Hofstaedtler <[email protected]> Reported-by: Tim Parenti <[email protected]> Reported-by: Lee Garrett <[email protected]> Cc: Gus Kenion <https://github.com/kenion> Cc: Michael Vetter <[email protected]> Cc: Paul Eggert <[email protected]> Cc: Iker Pedrosa <[email protected]> Cc: "Serge E. Hallyn" <[email protected]> Cc: Brian Inglis <[email protected]> Signed-off-by: Alejandro Colomar <[email protected]>
alejandro-colomar
force-pushed
the
gd
branch
from
e43879f to
6bad604
Compare
hallyn
approved these changes
Mar 2, 2025
mhy-pexip
pushed a commit
to pexip/os-shadow
that referenced
this pull request
Apr 28, 2025
shadow (1:4.17.4-1) unstable; urgency=medium
.
* New upstream version 4.17.4
* Rebase patches
.
shadow (1:4.17.3-3) unstable; urgency=medium
.
* Accept /usr/sbin/nologin as an alternate to /sbin/nologin.
Thanks to Marc Haber
.
shadow (1:4.17.3-2) unstable; urgency=medium
.
* Do not warn about useradd --system with Debian-globally allocated uids
(Closes: #1100563)
* Refresh patches
.
shadow (1:4.17.3-1) unstable; urgency=medium
.
* New upstream version 4.17.3
* Refresh patches and include upstream patch for getdate.
Include shadow-maint/shadow#1214 to fix
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1095430 in the
way upstream intends to fix it.
* Explicitly pass {s,}bindir to configure.
Avoids upstream hacks in configure.
.
shadow (1:4.17.2-6) unstable; urgency=medium
.
* d/rules: ensure lib/getdate.c gets rebuilt
* configure: always pick /usr/bin/passwd.
Thanks to Jochen Sprickerhof <[email protected]>
.
shadow (1:4.17.2-5) unstable; urgency=medium
.
* Warn about future --badname removal.
Upstream PR 1158 plans to remove this flag, probably in the forky
timeframe. Warn users now.
* Import upstream patch to fix chfn (#1096187)
* Add regression test for #1096187
* Add regression test for #1095430
* Remove "shadowconfig off"
If needed please run pwunconv, grpunconv manually, but please understand
you are on your own.
.
shadow (1:4.17.2-4) unstable; urgency=medium
.
* Revert upstreams chfn.c strsep change (Closes: #1096187)
.
shadow (1:4.17.2-3) unstable; urgency=medium
.
* Revert upstreams strtoday calculation "fix" (Closes: #1095430)
.
shadow (1:4.17.2-2) unstable; urgency=medium
.
* Upload to unstable.
* Apply upstream revert of "Use local time for human-readable dates"
(Closes: #1095430)
.
shadow (1:4.17.2-1) experimental; urgency=medium
.
* New upstream version 4.17.2
* Apply upstream patch from Marc Haber to document E_BAD_NAME
* Refresh patches
.
shadow (1:4.17.1-2) experimental; urgency=medium
.
* Rewrite shadowconfig(8) manpage.
Thanks to Alejandro Colomar <[email protected]>
* Remove unnecessary Build-Depends: quilt.
Thanks to Bastian Germann (Closes: #1092461)
.
shadow (1:4.17.1-1) experimental; urgency=medium
.
* New upstream version 4.17.1
.
shadow (1:4.17.0-1) experimental; urgency=medium
.
* New upstream version 4.17.0
* Refresh patches.
.
shadow (1:4.17.0~rc1-2) experimental; urgency=medium
.
* Remove Debian patch to relax username checks.
Per discussion on d-devel, with upstream, and with the
adduser maintainer.
Thanks: Marc Haber
.
shadow (1:4.17.0~rc1-1) experimental; urgency=medium
.
* New upstream version 4.17.0~rc1
* Add upstream patch for new return-code for bad usernames
* Refresh patches
* d/copyright: update
* Forbid purely numeric user/group names, and "." and ".."
.
shadow (1:4.16.0-7) unstable; urgency=medium
.
[ Florent 'Skia' Jacquet ]
* d/patches: fix 'upstream' test suite
.
shadow (1:4.16.0-6) unstable; urgency=medium
.
* Add NEWS entry about faillog (Closes: #1074320)
.
shadow (1:4.16.0-5) unstable; urgency=medium
.
[ Chris Hofstaedtler ]
* Always build with btrfs support on linux-any (Closes: #856557)
* debputy.manifest: merge path-metadata entries
* login.defs: remove info about write(1)
Which is not part of Debian trixie. (Closes: #1087519)
.
[ Pino Toscano ]
* Include <utmpx.h>, fixing the build on GNU/Hurd
.
shadow (1:4.16.0-4) unstable; urgency=medium
.
* Drop Debian-only cppw, cpgr tools (Closes: #750752)
* Stop patching login, not installed anymore
* Define LOGIN_NAME_MAX on HURD
* Remove libsystemd-dev Build-Depends.
Only necessary for login(1).
* Stop building programs we do not install
.
shadow (1:4.16.0-3) unstable; urgency=medium
.
* Upload to unstable.
* Fix FTBFS on hurd.
DEB_HOST_ARCH_OS was unset.
.
shadow (1:4.16.0-2) experimental; urgency=medium
.
* passwd: switch Depends from login to login.defs
login will again be installed on fewer systems, but existing installs
will retain it (it is Protected: yes).
* Drop login package, to allow takeover by util-linux.
Move shadow.mo to Package: passwd, have passwd Replaces: older login.
* login.defs: ship manpage
* Re-add workarounds for tests in tests/tests directory.
4.15.3 fixed this, but 4.16.0 happened earlier.
.
shadow (1:4.16.0-1) experimental; urgency=medium
.
* New upstream version 4.16.0
* Rebase patches
* Split /etc/login.defs into its own binary package (Closes: #1074394)
* Rename libsubid4 to libsubid5 (soname bump)
* d/watch: add versionmangle for -rc
.
shadow (1:4.15.3-3) unstable; urgency=medium
.
* Forbid backslashes in user/group-names.
They can still be used with --force-badname, but it's a start. In the
long run I want to remove our relax patch, and upstream should fix the
line continuation too. For #1076619.
.
shadow (1:4.15.3-2) unstable; urgency=medium
.
[ Pino Toscano ]
* d/rules: actually enable Linux-only options on Linux
This enables --enable-logind and --with-audit.
.
[ Chris Hofstaedtler ]
* Stop installing groupmems(8) (Closes: #1004472, LP: #2039541)
* login.defs: remove obsolete/confusing comments
* login.defs: resync comments with upstream
* login.defs: remove incomplete list of unused vars
* login.defs: remove obscure, defaulted vars
* login.defs: remove vars ignored by su(1)
* login.defs: remove CONSOLE_GROUPS, ignored with PAM
* login.defs: remove CONSOLE, ignored with PAM
.
shadow (1:4.15.3-1) unstable; urgency=medium
.
* New upstream version 4.15.3
* tests: follow upstream subdir fix
* Fix setup of test libsubid-04_nss
* Drop login.postinst, obsoleted by #1074121
* Bump Standards-Version to 4.7.0
.
shadow (1:4.15.2-3) unstable; urgency=medium
.
* d/watch: add versionmangle for -rc
* Revert "Use upstream's restrictions on user- and group names again".
Breaks adduser's tests, see #1074306.
.
shadow (1:4.15.2-2) unstable; urgency=medium
.
* useradd(8): Fix missing paragraph on username length
* d/rules: explicitly set --with-audit and --enable-subordinate-ids
* Remove faillog support.
Stop installing faillog binary and man pages. Stop creating
/var/log/faillog in login.postinst.
PAM has removed support for /var/log/faillog by dropping pam_tally, and
login itself cannot write to it either.
* Use upstream's restrictions on user- and group names again.
Upstream started supporting mixed-case names some time ago.
Purely numeric names (#79682) are now forbidden again, as there is no
way of distinguishing them from user/group IDs otherwise.
* Drop useradd's backwards-compatibility -O flag
* Remove our copy of HOME_MODE.xml, identical upstream
* shadowconfig.8: actually install again
* passwd: add Depends: login.
Stop-gap until passwd can takeover /etc/login.defs from login.
.
shadow (1:4.15.2-1) unstable; urgency=medium
.
* New upstream version 4.15.2
Includes fix for csrand_uniform().
.
shadow (1:4.15.1-1) unstable; urgency=medium
.
* New upstream version 4.15.1
Closes: #832047, #812127, #1034312, #856902, #791806
Closes: #1006216, #1006225, #1006208
* contrib/atudel, non-DFSG-compliant was removed upstream
* Remove obsolete configure flag --without-libcrack
* Use functions from libbsd (Closes: #1032393)
* Build-Depend: libltdl-dev for LT_LIB_DLLOAD
(Closes: #1065350)
* Build-Depend: pkgconf
* Drop upstream applied patches
* Disable FTMP_FILE by default, drop login failure logging
* Rebase patch 401_cppw_src.dpatch
* Rename patch 402_cppw_selinux
* Use upstream FAILLOG_ENAB code, incompatible with PAM
(Closes: #776314)
* Rebase patch 463_login_delay_obeys_to_PAM
* Rebase patch 501_commonio_group_shadow
* Rebase patch 502_debian_useradd_defaults
* Rebase patch 506_relaxed_usernames
* Rebase patch 542_useradd-O_option
* Update upstream signing keys
* Tag build with dh-package-notes
* Turn off --enable-lastlog, drop lastlog from not-installed
* Explicitly enable logind on linux-any
* Update default ENCRYPT_METHOD (Closes: #1043236)
* login: switch from Essential to Protected: yes (Closes: #960638)
Moves Pre-Depends to Depends.
* Enable acl, xattr support (Closes: #745796)
* login.defs: remove PAM-unsupported crypt settings (Closes: #1055582)
.
shadow (1:4.13+dfsg1-5) unstable; urgency=medium
.
* Add myself to Uploaders, per discussion with Serge Hallyn
* Apply wrap-and-sort -kas style
* Use debputy to avoid Rules-Requires-Root: binary-targets
* libsubid4: tighten package-internal dependencies
.
[ Serge Hallyn ]
* Drop pam_lastlog.so from config. (Closes: #1068229)
* Stop installing lastlog binary.
.
shadow (1:4.13+dfsg1-4) unstable; urgency=medium
.
[ Helmut Grohne ]
* DEP17: Move login and shadowconfig to /usr. (Closes: #1059915)
.
shadow (1:4.13+dfsg1-3) unstable; urgency=medium
.
* Team upload
* Remove myself from uploaders
.
shadow (1:4.13+dfsg1-2) unstable; urgency=medium
.
[ Balint Reczey ]
* debian/gitlab-ci.yml: Use sudo to fix reprotest test
* debian/login.pam: Drop reference to Debian Etch (Closes: #1040064)
* debian/NEWS: Fix false claim about PREVENT_NO_AUTH affecting authentication.
Also drop setting PREVENT_NO_AUTH in shipped login.defs. (Closes: #1041547)
* Cherry-pick upstream patch to fix gpasswd passwd leak
(CVE-2023-4641) (Closes: #1051062)
* Cherry-pick upstream patch to fix chfn vulnerability allowing injection of
control characters into some /etc/passwd fields.
(CVE-2023-29383) (Closes: #1034482)
.
[ Gioele Barabucci ]
* Support <nodoc> build profile
`xsltproc`, `docbook` and all other XML-related packages are not needed
when the `<nodoc>` build profile is active, as long as `./configure` is
called with `--disable-man`. (Closes: #1051827)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There is exactly one caller of this function, and it wants a date, not a time. It is useless to be able to parse local dates, because we ultimately store a UTC date. To avoid confusion, unconditionally use UTC. Since this code had important bugs regarding offset, we can safely assume that no existing users rely on being able to use their local date (this never worked correctly).
Also, the code parsing time zones was quite bad.
Link: #1202
Link: #1209
Reported-by: @zeha
Reported-by: @timparenti
Reported-by: @leegarrett
Cc: @kenion
Cc: @jubalh
Cc: @eggert
Cc: @ikerexxe
Cc: @hallyn
Cc: @BrianInglis
Revisions:
v2
v2b
v2c
v2d
v3
v4
v4b