diff --git a/debian/patches/397_non_numerical_identifier b/debian/patches/397_non_numerical_identifier deleted file mode 100644 index d5e09200..00000000 --- a/debian/patches/397_non_numerical_identifier +++ /dev/null @@ -1,27 +0,0 @@ -Goal: allow non numerical group identifier to be specified with useradd's - and usermod's -g options - -Fixes: #381394, #381399, #381404, #381408, #381448 - -Status wrt upstream: Was applied in CVS for usermod - Will be fixed in 4.0.19 - -Index: shadow-4.0.18.1/src/useradd.c -=================================================================== ---- shadow-4.0.18.1.orig/src/useradd.c 2006-09-17 12:25:16.499523435 +0200 -+++ shadow-4.0.18.1/src/useradd.c 2006-09-17 12:25:28.379617865 +0200 -@@ -206,12 +206,8 @@ - char *errptr; - - gid = strtol (grname, &errptr, 10); -- if (*errptr || errno == ERANGE || gid < 0) { -- fprintf (stderr, -- _("%s: invalid numeric argument '%s'\n"), Prog, -- grname); -- exit (E_BAD_ARG); -- } -+ if (*grname != '\0' && *errptr == '\0' && errno != ERANGE && gid >= 0) -+ return getgrgid (gid); - return getgrnam (grname); - } - diff --git a/debian/patches/405_su_no_pam_end_before_exec b/debian/patches/405_su_no_pam_end_before_exec deleted file mode 100644 index c6ec67c2..00000000 --- a/debian/patches/405_su_no_pam_end_before_exec +++ /dev/null @@ -1,29 +0,0 @@ -Goal: Avoid terminating the PAM library in the forked child. This is done - later in the parent after closing the PAM session. - -Note: OR'ing the status with PAM_DATA_SILENT should be sufficient, but it -is not supported by some modules, and the pam_end is not strictly needed -anyway. - -Fixes: #412061 - -Status wrt upstream: Will be fixed in 4.0.19. - -Index: shadow-4.0.18.1/src/su.c -=================================================================== ---- shadow-4.0.18.1.orig/src/su.c 2007-02-25 14:22:54.000000000 +0100 -+++ shadow-4.0.18.1/src/su.c 2007-02-25 14:29:01.000000000 +0100 -@@ -196,7 +196,12 @@ - - child = fork (); - if (child == 0) { /* child shell */ -- pam_end (pamh, PAM_SUCCESS); -+ /* -+ * PAM_DATA_SILENT is not supported by some modules, and -+ * there is no strong need to clean up the process space's -+ * memory since we will either call exec or exit. -+ pam_end (pamh, PAM_SUCCESS | PAM_DATA_SILENT); -+ */ - - if (doshell) - (void) shell (shellstr, (char *) args[0], envp); diff --git a/debian/patches/409_man_generate_from_PO b/debian/patches/409_man_generate_from_PO deleted file mode 100644 index a6e97899..00000000 --- a/debian/patches/409_man_generate_from_PO +++ /dev/null @@ -1,249 +0,0 @@ -Goal: Build the translated man pages at build time. - -Note: Translators must list the manpages which are translated in the -man_MANS (and man_nopam) variables. - -Status wrt upstream: Will be fixed in 4.0.19. - -Index: shadow-4.0.18.2/man/Makefile.am -=================================================================== ---- shadow-4.0.18.2.orig/man/Makefile.am 2007-10-28 17:50:38.000000000 +0100 -+++ shadow-4.0.18.2/man/Makefile.am 2007-10-28 17:50:40.000000000 +0100 -@@ -114,141 +114,20 @@ - - if ENABLE_REGENERATE_MAN - --chage.1: chage.1.xml -+%: %.xml - $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< - --chfn.1: chfn.1.xml -- $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< -- --chgpasswd.8: chgpasswd.8.xml -- $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< -- --chpasswd.8: chpasswd.8.xml -- $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< -- --chsh.1: chsh.1.xml -- $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< -- --expiry.1: expiry.1.xml -- $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< -- --faillog.5: faillog.5.xml -- $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< -- --faillog.8: faillog.8.xml -- $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< -- --gpasswd.1: gpasswd.1.xml -- $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< -- --groupadd.8: groupadd.8.xml -- $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< -- --groupdel.8: groupdel.8.xml -- $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< -- --groupmems.8: groupmems.8.xml -- $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< -- --groupmod.8: groupmod.8.xml -- $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< -- --groups.1: groups.1.xml -- $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< -- --grpck.8: grpck.8.xml -- $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< -- --gshadow.5: gshadow.5.xml -- $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< -- --id.1: id.1.xml -- $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< -- --lastlog.8: lastlog.8.xml -- $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< -- --limits.5: limits.5.xml -- $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< -+grpconv.8 grpunconv.8 pwunconv.8: pwconv.8 - --login.1: login.1.xml -- $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< -+getspnam.3: shadow.3 - --login.access.5: login.access.5.xml -- $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< -+vigr.8: vipw.8 - --login.defs.5: login.defs.5.xml -- $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< -- --logoutd.8: logoutd.8.xml -- $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< -- --newgrp.1: newgrp.1.xml -- $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< -- --newusers.8: newusers.8.xml -- $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< -- --nologin.8: nologin.8.xml -- $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< -- --passwd.1: passwd.1.xml -- $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< -- --passwd.5: passwd.5.xml -- $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< -- --porttime.5: porttime.5.xml -- $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< -- --pwck.8: pwck.8.xml -- $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< -- --grpconv.8 grpunconv.8 pwconv.8 pwunconv.8: pwconv.8.xml -- $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< -- --shadow.3 getspnam.3: shadow.3.xml -- $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< -- --shadow.5: shadow.5.xml -- $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< -- --sg.1: sg.1.xml -- $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< -- --su.1: su.1.xml -- $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< -- --sulogin.8: sulogin.8.xml -- $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< -- --suauth.5: suauth.5.xml -- $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< -- --useradd.8: useradd.8.xml -- $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< -- --userdel.8: userdel.8.xml -- $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< -- --usermod.8: usermod.8.xml -- $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< -- --vigr.8 vipw.8: vipw.8.xml -- $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< -- --CLEANFILES = $(man_MANS) $(ALL_TRANSLATED_XMLS) -+CLEANFILES = $(man_MANS) - - POFILES = $(foreach lang, $(LINGUAS), $(lang)/$(lang).po) --ALL_TRANSLATED_XMLS = $(foreach dir, $(LINGUAS), $(foreach xmlfile, $(man_XMANS), $(dir)/$(xmlfile))) -- --all: $(POFILES) $(ALL_TRANSLATED_XMLS) -- --gen-xmls: $(ALL_TRANSLATED_XMLS) - --$(ALL_TRANSLATED_XMLS): $(man_XMANS) -- xml2po -l $(strip $(subst /,, $(dir $@))) -p $(strip $(subst /,, $(dir $@)))/$(strip $(subst /,, $(dir $@))).po -o $@ $(notdir $@) -- sed -i 's:\(^:\1 lang="$(strip $(subst /,, $(dir $@)))">:' $@ -+all: $(POFILES) - - $(POFILES): shadow-man-pages.pot - -Index: shadow-4.0.18.2/man/de/Makefile.am -=================================================================== ---- shadow-4.0.18.2.orig/man/de/Makefile.am 2007-10-28 17:50:37.000000000 +0100 -+++ shadow-4.0.18.2/man/de/Makefile.am 2007-10-28 17:50:40.000000000 +0100 -@@ -13,3 +13,6 @@ - vipw.8 - - EXTRA_DIST = $(man_MANS) -+ -+include ../generate_translations.mak -+ -Index: shadow-4.0.18.2/man/fr/Makefile.am -=================================================================== ---- shadow-4.0.18.2.orig/man/fr/Makefile.am 2007-10-28 17:50:37.000000000 +0100 -+++ shadow-4.0.18.2/man/fr/Makefile.am 2007-10-28 17:50:40.000000000 +0100 -@@ -53,3 +53,6 @@ - EXTRA_DIST = \ - $(man_MANS) \ - $(man_nopam) -+ -+include ../generate_translations.mak -+ -Index: shadow-4.0.18.2/man/generate_translations.mak -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ shadow-4.0.18.2/man/generate_translations.mak 2007-10-28 17:50:40.000000000 +0100 -@@ -0,0 +1,20 @@ -+if ENABLE_REGENERATE_MAN -+ -+LANG=$(notdir $(CURDIR)) -+ -+%.xml: ../%.xml $(LANG).po -+ xml2po -l $(LANG) -p $(LANG).po -o $@ ../$@ -+ sed -i 's:\(^:\1 lang="$(LANG)">:' $@ -+ -+%: %.xml -+ $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< -+ -+grpconv.8 grpunconv.8 pwunconv.8: pwconv.8 -+ -+getspnam.3: shadow.3 -+ -+vigr.8: vipw.8 -+ -+CLEANFILES = .xml2po.mo $(man_MANS) $(addsuffix .xml,$(man_MANS)) -+ -+endif -Index: shadow-4.0.18.2/man/pl/Makefile.am -=================================================================== ---- shadow-4.0.18.2.orig/man/pl/Makefile.am 2007-10-28 17:50:37.000000000 +0100 -+++ shadow-4.0.18.2/man/pl/Makefile.am 2007-10-28 17:50:40.000000000 +0100 -@@ -54,3 +54,6 @@ - id.1 \ - shadow.3 \ - sulogin.8 -+ -+include ../generate_translations.mak -+ -Index: shadow-4.0.18.2/man/ru/Makefile.am -=================================================================== ---- shadow-4.0.18.2.orig/man/ru/Makefile.am 2007-10-28 17:50:37.000000000 +0100 -+++ shadow-4.0.18.2/man/ru/Makefile.am 2007-10-28 17:50:40.000000000 +0100 -@@ -58,3 +58,6 @@ - $(man_nopam) \ - id.1 \ - sulogin.8 -+ -+include ../generate_translations.mak -+ -Index: shadow-4.0.18.2/man/sv/Makefile.am -=================================================================== ---- shadow-4.0.18.2.orig/man/sv/Makefile.am 2007-10-28 17:50:38.000000000 +0100 -+++ shadow-4.0.18.2/man/sv/Makefile.am 2007-10-28 17:50:40.000000000 +0100 -@@ -55,3 +55,6 @@ - EXTRA_DIST = \ - $(man_MANS) \ - $(man_nopam) -+ -+include ../generate_translations.mak -+ -Index: shadow-4.0.18.2/man/it/Makefile.am -=================================================================== ---- shadow-4.0.18.2.orig/man/it/Makefile.am 2007-10-28 17:51:43.000000000 +0100 -+++ shadow-4.0.18.2/man/it/Makefile.am 2007-10-28 17:52:06.000000000 +0100 -@@ -49,3 +49,5 @@ - $(man_nopam) \ - id.1 - -+include ../generate_translations.mak -+ diff --git a/debian/patches/410_newgrp_man_mention_sg b/debian/patches/410_newgrp_man_mention_sg deleted file mode 100644 index d98f7def..00000000 --- a/debian/patches/410_newgrp_man_mention_sg +++ /dev/null @@ -1,22 +0,0 @@ -Goal: Mention sg(1) in newgrp(1) - -Fixes: #396690 - -Note: - -Status wrt upstream: Will be fixed in 4.0.19. - -Index: shadow-4.0.18.1/man/newgrp.1.xml -=================================================================== ---- shadow-4.0.18.1.orig/man/newgrp.1.xml 2007-06-17 07:37:04.471806587 +0200 -+++ shadow-4.0.18.1/man/newgrp.1.xml 2007-06-17 07:37:32.970369504 +0200 -@@ -93,6 +93,9 @@ - su1 - , - -+ sg1 -+ , -+ - gpasswd1 - , - diff --git a/debian/patches/411_chpasswd_document_no_pam b/debian/patches/411_chpasswd_document_no_pam deleted file mode 100644 index 9c873028..00000000 --- a/debian/patches/411_chpasswd_document_no_pam +++ /dev/null @@ -1,26 +0,0 @@ -Goal: Document that chpasswd does not use PAM. -Fixes: #396726 - -Status wrt upstream: Will be fixed in 4.0.19. - -Note: Even when PAM support is activated in chpasswd, this patch is valid. The -PAM support is only for the authentication of the caller. - -Index: shadow-4.0.18.1/man/chpasswd.8.xml -=================================================================== ---- shadow-4.0.18.1.orig/man/chpasswd.8.xml 2007-06-19 11:43:16.000000000 +0100 -+++ shadow-4.0.18.1/man/chpasswd.8.xml 2007-06-19 11:47:10.000000000 +0100 -@@ -79,6 +79,13 @@ - Remember to set permissions or umask to prevent readability of - unencrypted files by other users. - -+ -+ chpasswd does not use PAM to update the passwords. -+ Thus, It only updates the passwords from the -+ /etc/passwd and /etc/shadow -+ databases, and does not support the various checks provided by PAM -+ modules. -+ - - - diff --git a/debian/patches/417_passwd_warndays b/debian/patches/417_passwd_warndays deleted file mode 100644 index 645285a6..00000000 --- a/debian/patches/417_passwd_warndays +++ /dev/null @@ -1,21 +0,0 @@ -Goal: Use "warndays as long option for "-w" and not "warning" - -Fixes: #445481 - -Status wrt upstream: Will be fixed in 4.0.19. - -Note: - -Index: shadow-4.0.18.1/src/passwd.c -=================================================================== ---- shadow-4.0.18.1.orig/src/passwd.c -+++ shadow-4.0.18.1/src/passwd.c -@@ -655,7 +655,7 @@ - {"repository", required_argument, NULL, 'r'}, - {"status", no_argument, NULL, 'S'}, - {"unlock", no_argument, NULL, 'u'}, -- {"warning", required_argument, NULL, 'w'}, -+ {"warndays", required_argument, NULL, 'w'}, - {"maxdays", required_argument, NULL, 'x'}, - {NULL, 0, NULL, '\0'} - }; diff --git a/debian/patches/468_duplicate_passwd_struct_before_usage b/debian/patches/468_duplicate_passwd_struct_before_usage deleted file mode 100644 index 6ed27a5d..00000000 --- a/debian/patches/468_duplicate_passwd_struct_before_usage +++ /dev/null @@ -1,62 +0,0 @@ -Goal: - The getpwnam man page specifies: - - The getpwnam() and getpwuid() functions return a pointer to a passwd - structure, or NULL if the matching entry is not found or an error - occurs. If an error occurs, errno is set appropriately. If one wants - to check errno after the call, it should be set to zero before the - call. - - The return value may point to static area, and may be overwritten by - subsequent calls to getpwent(), getpwnam(), or getpwuid(). - - There is no garranty that a PAM module will not use one of these - functions. (This is the case of pam_unix in PAM 0.76) - So the structure must be duplicated before being used (there are call - to PAM between the call to getpwnam and the usage of the passwd - structure). - - In the GNU libc, only a call to the same function (getpwent(), - getpwnam(), or getpwuid()) overrides the static area. - - This patch should fix this kind of issues for the GNU libc. However, - getpwuid is often called after the call to getpwnam in shaow. I did not - checked if there may be an issue for non-GNU libc. - -Fixes: #341230 - -Status wrt upstream: Fixed differently in 4.0.19. (all the getpwnam, ... - reviewed) - -Index: shadow-4.0.18.1/src/chfn.c -=================================================================== ---- shadow-4.0.18.1.orig/src/chfn.c 2006-05-07 19:44:39.000000000 +0200 -+++ shadow-4.0.18.1/src/chfn.c 2006-09-17 12:18:06.364103948 +0200 -@@ -334,6 +334,11 @@ - } - user = xstrdup (pw->pw_name); - } -+ pw = __pw_dup(pw); -+ if (!pw) { -+ fprintf (stderr, _("%s: out of memory\n"), Prog); -+ exit (E_NOPERM); -+ } - - #ifdef USE_NIS - /* -Index: shadow-4.0.18.1/src/chsh.c -=================================================================== ---- shadow-4.0.18.1.orig/src/chsh.c 2006-07-13 23:26:35.000000000 +0200 -+++ shadow-4.0.18.1/src/chsh.c 2006-09-17 12:18:06.368103980 +0200 -@@ -265,6 +265,11 @@ - } - user = xstrdup (pw->pw_name); - } -+ pw = __pw_dup(pw); -+ if (!pw) { -+ fprintf (stderr, _("%s: out of memory\n"), Prog); -+ exit (1); -+ } - - #ifdef USE_NIS - /* diff --git a/debian/patches/493_pwck_no_SHADOWPWD b/debian/patches/493_pwck_no_SHADOWPWD deleted file mode 100644 index 96eab0ff..00000000 --- a/debian/patches/493_pwck_no_SHADOWPWD +++ /dev/null @@ -1,26 +0,0 @@ -Goal: SHADOWPWD is now assumed (no more defined). - -Fixes: pwck do not detect missing users in /etc/shadow. - -Status wrt upstream: Will be fixed in 4.0.19. - -Index: shadow-4.0.18.1/src/pwck.c -=================================================================== ---- shadow-4.0.18.1.orig/src/pwck.c 2006-10-21 13:33:12.000000000 +0200 -+++ shadow-4.0.18.1/src/pwck.c 2006-10-21 13:36:29.000000000 +0200 -@@ -344,7 +344,6 @@ - pwd->pw_name, pwd->pw_shell); - errors++; - } --#ifdef SHADOWPWD - /* - * Make sure this entry exists in the /etc/gshadow file. - */ -@@ -397,7 +396,6 @@ - } - } - } --#endif - } - - if (!is_shadow) diff --git a/debian/patches/494_passwd_lock b/debian/patches/494_passwd_lock deleted file mode 100644 index a8cfdb12..00000000 --- a/debian/patches/494_passwd_lock +++ /dev/null @@ -1,47 +0,0 @@ -Status wrt upstream: Will be fixed in 4.0.19. - -Index: shadow-4.0.18.1/man/passwd.1.xml -=================================================================== ---- shadow-4.0.18.1.orig/man/passwd.1.xml 2007-06-21 02:04:59.531851133 +0200 -+++ shadow-4.0.18.1/man/passwd.1.xml 2007-06-21 02:28:19.460572933 +0200 -@@ -188,7 +188,8 @@ - - - Lock the named account. This option disables an account by changing -- the password to a value which matches no possible encrypted value. -+ the password to a value which matches no possible encrypted value, -+ and by setting the account expiry field to 1. - - - -@@ -249,7 +250,8 @@ - - Unlock the named account. This option re-enables an account by - changing the password back to its previous value (to value before -- using option). -+ using option), and by resetting the account -+ expiry field. - - - -Index: shadow-4.0.18.1/src/passwd.c -=================================================================== ---- shadow-4.0.18.1.orig/src/passwd.c 2007-06-21 02:05:36.029992809 +0200 -+++ shadow-4.0.18.1/src/passwd.c 2007-06-21 02:28:19.460572933 +0200 -@@ -531,6 +531,16 @@ - nsp->sp_inact = (inact * DAY) / SCALE; - if (do_update_age) - nsp->sp_lstchg = time ((time_t *) 0) / SCALE; -+ if (lflg) -+ { -+ /* Set the account expiry field to 1. -+ * Some PAM implementation consider zero as a non expired -+ * account. -+ */ -+ nsp->sp_expire = 1; -+ } -+ if (uflg) -+ nsp->sp_expire = -1; - - /* - * Force change on next login, like SunOS 4.x passwd -e or Solaris diff --git a/debian/patches/495_salt_stack_smash b/debian/patches/495_salt_stack_smash deleted file mode 100644 index 735fb53a..00000000 --- a/debian/patches/495_salt_stack_smash +++ /dev/null @@ -1,88 +0,0 @@ -Goal: Do not break chpasswd/chgpasswd if compiled with - SSP (the -fstack-protector option in gcc 4.1) by fixing an - overflow in the 'salt' array - -Fix: #377825 - -Author: Colin Watson - -Status wrt upstream: Will be fixed in 4.0.19 - This upstream section changed a lot. - -Index: shadow-4.0.18.1/libmisc/salt.c -=================================================================== ---- shadow-4.0.18.1.orig/libmisc/salt.c 2006-09-17 12:17:58.260039514 +0200 -+++ shadow-4.0.18.1/libmisc/salt.c 2006-09-17 12:18:13.948164248 +0200 -@@ -25,11 +25,13 @@ - { - struct timeval tv; - static char result[40]; -+ int max_salt_len = 8; - - result[0] = '\0'; - #ifndef USE_PAM - if (getdef_bool ("MD5_CRYPT_ENAB")) { - strcpy (result, "$1$"); /* magic for the new MD5 crypt() */ -+ max_salt_len += 3; - } - #endif - -@@ -40,8 +42,8 @@ - strcat (result, l64a (tv.tv_usec)); - strcat (result, l64a (tv.tv_sec + getpid () + clock ())); - -- if (strlen (result) > 3 + 8) /* magic+salt */ -- result[11] = '\0'; -+ if (strlen (result) > max_salt_len) -+ result[max_salt_len] = '\0'; - - return result; - } -Index: shadow-4.0.18.1/src/chgpasswd.c -=================================================================== ---- shadow-4.0.18.1.orig/src/chgpasswd.c 2006-09-17 12:17:58.260039514 +0200 -+++ shadow-4.0.18.1/src/chgpasswd.c 2006-09-17 12:18:13.952164280 +0200 -@@ -244,10 +244,16 @@ - newpwd = cp; - if (!eflg) { - if (md5flg) { -- char salt[12] = "$1$"; -+ char md5salt[12] = "$1$"; -+ char *salt = crypt_make_salt (); - -- strcat (salt, crypt_make_salt ()); -- cp = pw_encrypt (newpwd, salt); -+ if (strncmp (salt, "$1$", 3) == 0) { -+ strncat (md5salt, salt, 11); -+ } else { -+ strcat (md5salt, "$1$"); -+ strncat (md5salt, salt, 8); -+ } -+ cp = pw_encrypt (newpwd, md5salt); - } else - cp = pw_encrypt (newpwd, crypt_make_salt ()); - } -Index: shadow-4.0.18.1/src/chpasswd.c -=================================================================== ---- shadow-4.0.18.1.orig/src/chpasswd.c 2006-09-17 12:17:58.228039259 +0200 -+++ shadow-4.0.18.1/src/chpasswd.c 2006-09-17 12:18:13.972164439 +0200 -@@ -240,10 +240,16 @@ - newpwd = cp; - if (!eflg) { - if (md5flg) { -- char salt[12] = "$1$"; -+ char md5salt[12] = ""; -+ char *salt = crypt_make_salt (); - -- strcat (salt, crypt_make_salt ()); -- cp = pw_encrypt (newpwd, salt); -+ if (strncmp (salt, "$1$", 3) == 0) { -+ strncat (md5salt, salt, 11); -+ } else { -+ strcat (md5salt, "$1$"); -+ strncat (md5salt, salt, 8); -+ } -+ cp = pw_encrypt (newpwd, md5salt); - } else - cp = pw_encrypt (newpwd, crypt_make_salt ()); - } diff --git a/debian/patches/497_newgrp_primary_group b/debian/patches/497_newgrp_primary_group deleted file mode 100644 index 0fe8b929..00000000 --- a/debian/patches/497_newgrp_primary_group +++ /dev/null @@ -1,24 +0,0 @@ -Goal: Do not request a password when a user uses newgrp to switch to her - primary group. - -Fixes: #396691 - -Status wrt upstream: Will be fixed in 4.0.19 - -Index: shadow-4.0.18.1/src/newgrp.c -=================================================================== ---- shadow-4.0.18.1.orig/src/newgrp.c 2007-04-15 15:25:01.000000000 +0200 -+++ shadow-4.0.18.1/src/newgrp.c 2007-04-15 15:34:01.000000000 +0200 -@@ -357,6 +357,12 @@ - needspasswd = 1; - - /* -+ * If it's her primary group, do not request a password. -+ */ -+ if (grp->gr_gid == pwd->pw_gid) -+ needspasswd = 0; -+ -+ /* - * If she does not have either a shadowed password, or a regular - * password, and the group has a password, she needs to give the - * group password.