VesperOS/shadow
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Cleanup for current upstream SVN version.

Browse Source
This commit is contained in:
nekral-guest
2009-03-14 17:46:26 +00:00
parent 66c00bd2be
commit 43515a0924
11 changed files with 64 additions and 496 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
debian/changelog vendored
View File

@@ -1,7 +1,8 @@
shadow (1:4.1.3-1) experimental; urgency=low
shadow (1:4.1.3-1) unstable; urgency=low
* The "" release.
* New upstream release:
- Fix possible login DOS. Closes: #505071
- Remove patches applied upstream (4.1.2):
+ debian/patches/434_login_stop_checking_args_after--
+ debian/patches/491_configure.in_friendly_selinux_detection
@@ -14,17 +15,15 @@ shadow (1:4.1.3-1) experimental; urgency=low
+ debian/patches/200_Czech_binary_translation
+ debian/patches/302_remove_non_translated_polish_manpages
+ debian/patches/494_passwd_lock-no_account_lock
+ debian/patches/200_Czech_binary_translation
+ debian/patches/494_passwd_lock-no_account_lock
- Updated patches:
+ debian/patches/431_su_uid_0_not_root
+ debian/patches/463_login_delay_obeys_to_PAM
+ debian/patches/579_chowntty_debug
+ debian/patches/200_Czech_binary_translation
+ debian/patches/494_passwd_lock-no_account_lock
+ debian/patches/008_su_get_PAM_username
+ debian/patches/302_vim_selinux_support
+ debian/patches/008_login_log_failure_in_FTMP
+ debian/patches/429_login_FAILLOG_ENAB
+ debian/patches/507_32char_grnames.dpatch
+ debian/patches/428_grpck_add_prune_option
+ debian/patches/401_cppw_src.dpatch
+ debian/patches/506_relaxed_usernames
@@ -35,9 +34,9 @@ shadow (1:4.1.3-1) experimental; urgency=low
defined, the mailbox is not in MAIL_SPOOL_DIR.
* debian/patches/506_relaxed_usernames: Use an extra paragraph for the note
on username with a '/'.
* debian/patches/504_undef_USE_PAM.dpatch:
- USE_PAM needs to be undef after inclusion of "defines.h".
- Added note about current upstream status
* debian/patches/504_undef_USE_PAM.nolibpam,
debian/patches/504_undef_USE_PAM.dpatch, debian/rules: Patches removed.
Replaced by the --disable-account-tools-setuid configure option.
* debian/control: changed the "Replaces" on manpages-zh to a versioned
one on 1.5.1-1
* debian/control: drop all Replaces on manpages-* when the version is
@@ -49,8 +48,13 @@ shadow (1:4.1.3-1) experimental; urgency=low
Added patches, only intended to be used in the testsuite.
* debian/securetty.linux: Added ttyPZ0, ttyPZ1, ttyPZ2, ttyPZ3 for PowerMac
machines. Closes: #511739
* debian/patches/579_chowntty_debug: Removed. With the fix for 505071 and
505271, this additional debug information is no more needed.
* debian/patches/507_32char_grnames.dpatch: Patch removed. Replaced by the
--with-group-name-max-length=32 configure option.
* debian/patches/592_manpages_typos: No more needed.
-- Christian Perrier <bubulle@debian.org> Mon, 07 Apr 2008 23:00:26 +0200
-- Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net> Sat, 14 Mar 2009 18:44:29 +0100
shadow (1:4.1.1-4) unstable; urgency=low

6
debian/patches/008_login_log_failure_in_FTMP vendored
View File

@@ -11,7 +11,7 @@ Index: shadow-4.1.0/src/login.c
@@ -722,6 +722,29 @@
#endif /* WITH_AUDIT */
fprintf (stderr, "\nLogin incorrect\n");
fprintf (stderr, "\nLogin incorrect\n");
+ if (getdef_str("FTMP_FILE") != NULL) {
+#if HAVE_UTMPX_H
+ failent = utxent;
@@ -36,8 +36,8 @@ Index: shadow-4.1.0/src/login.c
+ failtmp(&failent);
+ }
/* Let's give it another go around */
pam_set_item(pamh,PAM_USER,NULL);
/*
* Let's give it another go around.
Index: shadow-4.1.0/lib/getdef.c
===================================================================
--- shadow-4.1.0.orig/lib/getdef.c

34
debian/patches/429_login_FAILLOG_ENAB vendored
View File

@@ -24,18 +24,18 @@ Index: shadow-4.1.0/src/login.c
static void check_nologin (void);
#endif
@@ -673,6 +673,8 @@
SYSLOG ((LOG_NOTICE,
"TOO MANY LOGIN TRIES (%d)%s FOR `%s'",
failcount, fromhost, failent_user));
+ if (pwd && getdef_bool("FAILLOG_ENAB"))
+ failure (pwent.pw_uid, tty, &faillog);
fprintf(stderr,
_("Maximum number of tries exceeded (%d)\n"),
failcount);
SYSLOG ((LOG_NOTICE,
"TOO MANY LOGIN TRIES (%d)%s FOR `%s'",
failcount, fromhost, failent_user));
+ if (pwd && getdef_bool("FAILLOG_ENAB"))
+ failure (pwent.pw_uid, tty, &faillog);
fprintf(stderr,
_("Maximum number of tries exceeded (%d)\n"),
failcount);
@@ -690,6 +692,13 @@
pam_strerror (pamh, retcode)));
failed = 1;
}
pam_strerror (pamh, retcode)));
failed = true;
}
+ if (pwd && getdef_bool("FAILLOG_ENAB") &&
+ ! failcheck (pwent.pw_uid, &faillog, failed)) {
+ SYSLOG((LOG_CRIT,
@@ -44,14 +44,14 @@ Index: shadow-4.1.0/src/login.c
+ failed = 1;
+ }
if (!failed)
break;
@@ -722,6 +731,8 @@
if (!failed) {
break;
@@ -766,6 +731,8 @@
#endif /* WITH_AUDIT */
fprintf (stderr, "\nLogin incorrect\n");
+ if (pwd && getdef_bool("FAILLOG_ENAB"))
+ failure (pwent.pw_uid, tty, &faillog);
fprintf (stderr, "\nLogin incorrect\n");
+ if (pwd && getdef_bool("FAILLOG_ENAB"))
+ failure (pwent.pw_uid, tty, &faillog);
if (getdef_str("FTMP_FILE") != NULL) {
#if HAVE_UTMPX_H
failent = utxent;

59
debian/patches/463_login_delay_obeys_to_PAM vendored
View File

@@ -12,13 +12,13 @@ Index: shadow-4.1.0/src/login.c
--- shadow-4.1.0.orig/src/login.c
+++ shadow-4.1.0/src/login.c
@@ -331,7 +331,6 @@
#if defined(HAVE_STRFTIME) && !defined(USE_PAM)
char ptime[80];
#endif
int reason = PW_LOGIN;
- int delay;
int retries;
int failed;
int flag;
bool failed;
bool subroot = false;
@@ -354,6 +353,7 @@
char *pam_user;
char **ptr_pam_user = &pam_user;
@@ -28,43 +28,44 @@ Index: shadow-4.1.0/src/login.c
#endif
/*
@@ -578,7 +578,6 @@
alarm (timeout);
}
environ = newenvp; /* make new environment active */
- delay = getdef_num ("FAIL_DELAY", 1);
retries = getdef_num ("LOGIN_RETRIES", RETRIES);
environ = newenvp; /* make new environment active */
- delay = getdef_num ("FAIL_DELAY", 1);
retries = getdef_num ("LOGIN_RETRIES", RETRIES);
#ifdef USE_PAM
@@ -594,17 +593,12 @@
/*
* hostname & tty are either set to NULL or their correct values,
- * depending on how much we know. We also set PAM's fail delay to
- * ours.
+ * depending on how much we know.
*/
retcode = pam_set_item (pamh, PAM_RHOST, hostname);
PAM_FAIL_CHECK;
retcode = pam_set_item (pamh, PAM_TTY, tty);
PAM_FAIL_CHECK;
/*
* hostname & tty are either set to NULL or their correct values,
- * depending on how much we know. We also set PAM's fail delay to
- * ours.
+ * depending on how much we know.
*/
retcode = pam_set_item (pamh, PAM_RHOST, hostname);
PAM_FAIL_CHECK;
retcode = pam_set_item (pamh, PAM_TTY, tty);
PAM_FAIL_CHECK;
-#ifdef HAS_PAM_FAIL_DELAY
- retcode = pam_fail_delay (pamh, 1000000 * delay);
- PAM_FAIL_CHECK;
- retcode = pam_fail_delay (pamh, 1000000 * delay);
- PAM_FAIL_CHECK;
-#endif
/* if fflg, then the user has already been authenticated */
if (!fflg || (getuid () != 0)) {
int failcount = 0;
@@ -645,11 +639,6 @@
failed = 0;
/* if fflg, then the user has already been authenticated */
if (!fflg || (getuid () != 0)) {
int failcount = 0;
@@ -645,12 +639,6 @@
failed = false;
failcount++;
failcount++;
-#ifdef HAS_PAM_FAIL_DELAY
- if (delay > 0) {
- retcode = pam_fail_delay(pamh, 1000000*delay);
- }
- if (delay > 0) {
- retcode = pam_fail_delay(pamh, 1000000*delay);
- PAM_FAIL_CHECK;
- }
-#endif
retcode = pam_authenticate (pamh, 0);
retcode = pam_authenticate (pamh, 0);
@@ -956,14 +948,17 @@
pw_auth ("!", username, reason, (char *) 0);

206
debian/patches/504_undef_USE_PAM.dpatch vendored
View File

@@ -1,206 +0,0 @@
Goal: Do not use PAM for chage, chpasswd, groupadd, groupdel, groupmod
newusers, useradd, userdel, usermod, chgpasswd (keep them low-level)
Fixes: #283961, #162181, #162199, #162228, #369806.
Status wrt upstream: A configure option was added. To be tested with 4.1.3.
Index: shadow-4.1.2/src/chage.c
===================================================================
--- shadow-4.1.2.orig/src/chage.c 2008-06-13 23:23:11.000000000 +0200
+++ shadow-4.1.2/src/chage.c 2008-06-16 02:29:28.463262026 +0200
@@ -31,6 +31,7 @@
*/
#include <config.h>
+#undef USE_PAM
#ident "$Id: chage.c 2162 2008-06-13 21:23:09Z nekral-guest $"
@@ -53,6 +54,7 @@
#include "exitcodes.h"
#include "prototypes.h"
#include "defines.h"
+#undef USE_PAM
#include "pwio.h"
#include "shadowio.h"
/*
Index: shadow-4.1.2/src/chpasswd.c
===================================================================
--- shadow-4.1.2.orig/src/chpasswd.c 2008-06-13 20:11:10.000000000 +0200
+++ shadow-4.1.2/src/chpasswd.c 2008-06-16 02:30:16.079421379 +0200
@@ -31,6 +31,7 @@
*/
#include <config.h>
+#undef USE_PAM
#ident "$Id: chpasswd.c 2130 2008-06-13 18:11:09Z nekral-guest $"
@@ -43,6 +44,7 @@
#include "pam_defs.h"
#endif /* USE_PAM */
#include "defines.h"
+#undef USE_PAM
#include "exitcodes.h"
#include "nscd.h"
#include "prototypes.h"
Index: shadow-4.1.2/src/groupadd.c
===================================================================
--- shadow-4.1.2.orig/src/groupadd.c 2008-06-13 23:19:12.000000000 +0200
+++ shadow-4.1.2/src/groupadd.c 2008-06-16 02:30:41.299262034 +0200
@@ -31,6 +31,7 @@
*/
#include <config.h>
+#undef USE_PAM
#ident "$Id: groupadd.c 2161 2008-06-13 21:19:07Z nekral-guest $"
@@ -47,6 +48,7 @@
#endif /* USE_PAM */
#include "chkname.h"
#include "defines.h"
+#undef USE_PAM
#include "getdef.h"
#include "groupio.h"
#include "nscd.h"
Index: shadow-4.1.2/src/groupdel.c
===================================================================
--- shadow-4.1.2.orig/src/groupdel.c 2008-06-13 22:59:07.000000000 +0200
+++ shadow-4.1.2/src/groupdel.c 2008-06-16 02:30:49.651262093 +0200
@@ -31,6 +31,7 @@
*/
#include <config.h>
+#undef USE_PAM
#ident "$Id: groupdel.c 2154 2008-06-13 20:59:04Z nekral-guest $"
@@ -44,6 +45,7 @@
#include <stdio.h>
#include <sys/types.h>
#include "defines.h"
+#undef USE_PAM
#include "groupio.h"
#include "nscd.h"
#include "prototypes.h"
Index: shadow-4.1.2/src/groupmod.c
===================================================================
--- shadow-4.1.2.orig/src/groupmod.c 2008-06-13 23:08:07.000000000 +0200
+++ shadow-4.1.2/src/groupmod.c 2008-06-16 02:30:58.227367347 +0200
@@ -31,6 +31,7 @@
*/
#include <config.h>
+#undef USE_PAM
#ident "$Id: groupmod.c 2158 2008-06-13 21:08:06Z nekral-guest $"
@@ -46,6 +47,7 @@
#endif /* USE_PAM */
#include "chkname.h"
#include "defines.h"
+#undef USE_PAM
#include "groupio.h"
#include "pwio.h"
#include "nscd.h"
Index: shadow-4.1.2/src/newusers.c
===================================================================
--- shadow-4.1.2.orig/src/newusers.c 2008-06-13 22:56:45.000000000 +0200
+++ shadow-4.1.2/src/newusers.c 2008-06-16 02:31:41.669480684 +0200
@@ -39,6 +39,7 @@
*/
#include <config.h>
+#undef USE_PAM
#ident "$Id: newusers.c 2152 2008-06-13 20:56:44Z nekral-guest $"
@@ -55,6 +56,7 @@
#endif /* USE_PAM */
#include "prototypes.h"
#include "defines.h"
+#undef USE_PAM
#include "getdef.h"
#include "groupio.h"
#include "nscd.h"
Index: shadow-4.1.2/src/useradd.c
===================================================================
--- shadow-4.1.2.orig/src/useradd.c 2008-06-16 01:33:59.000000000 +0200
+++ shadow-4.1.2/src/useradd.c 2008-06-16 02:31:09.347908114 +0200
@@ -31,6 +31,7 @@
*/
#include <config.h>
+#undef USE_PAM
#ident "$Id: useradd.c 2189 2008-06-15 22:25:51Z nekral-guest $"
@@ -51,6 +52,7 @@
#include <time.h>
#include "chkname.h"
#include "defines.h"
+#undef USE_PAM
#include "faillog.h"
#include "getdef.h"
#include "groupio.h"
Index: shadow-4.1.2/src/userdel.c
===================================================================
--- shadow-4.1.2.orig/src/userdel.c 2008-06-13 22:23:28.000000000 +0200
+++ shadow-4.1.2/src/userdel.c 2008-06-16 02:31:15.268028621 +0200
@@ -31,6 +31,7 @@
*/
#include <config.h>
+#undef USE_PAM
#ident "$Id: userdel.c 2147 2008-06-13 20:23:26Z nekral-guest $"
@@ -47,6 +48,7 @@
#include "pam_defs.h"
#endif /* USE_PAM */
#include "defines.h"
+#undef USE_PAM
#include "getdef.h"
#include "groupio.h"
#include "nscd.h"
Index: shadow-4.1.2/src/usermod.c
===================================================================
--- shadow-4.1.2.orig/src/usermod.c 2008-06-16 01:52:28.000000000 +0200
+++ shadow-4.1.2/src/usermod.c 2008-06-16 02:31:21.364381584 +0200
@@ -31,6 +31,7 @@
*/
#include <config.h>
+#undef USE_PAM
#ident "$Id: usermod.c 2151 2008-06-13 20:40:04Z nekral-guest $"
@@ -50,6 +51,7 @@
#include <time.h>
#include "chkname.h"
#include "defines.h"
+#undef USE_PAM
#include "faillog.h"
#include "getdef.h"
#include "groupio.h"
Index: shadow-4.1.2/src/chgpasswd.c
===================================================================
--- shadow-4.1.2.orig/src/chgpasswd.c 2008-06-13 20:11:10.000000000 +0200
+++ shadow-4.1.2/src/chgpasswd.c 2008-06-16 02:31:48.547282333 +0200
@@ -31,6 +31,7 @@
*/
#include <config.h>
+#undef USE_PAM
#ident "$Id: chgpasswd.c 2130 2008-06-13 18:11:09Z nekral-guest $"
@@ -43,6 +44,7 @@
#include "pam_defs.h"
#endif /* USE_PAM */
#include "defines.h"
+#undef USE_PAM
#include "nscd.h"
#include "prototypes.h"
#include "groupio.h"

60
debian/patches/504_undef_USE_PAM.nolibpam vendored
View File

@@ -1,60 +0,0 @@
Status wrt upstream: A configure option was added. To be tested with
4.1.3.
Index: shadow-4.1.0/src/Makefile.am
===================================================================
--- shadow-4.1.0.orig/src/Makefile.am
+++ shadow-4.1.0/src/Makefile.am
@@ -55,17 +55,17 @@
$(top_builddir)/lib/libshadow.la
AM_CPPFLAGS = -DLOCALEDIR=\"$(datadir)/locale\"
-chage_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX)
+chage_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX)
-chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT) $(LIBSKEY) $(LIBMD)
+chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX)
-chgpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT)
+chgpasswd_LDADD = $(LDADD) $(LIBSELINUX) $(LIBCRYPT)
-chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT) $(LIBSKEY) $(LIBMD)
+chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX)
-chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT)
+chpasswd_LDADD = $(LDADD) $(LIBSELINUX) $(LIBCRYPT)
cppw_LDADD = $(LDADD) $(LIBSELINUX)
gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT)
-groupadd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX)
-groupdel_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX)
+groupadd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX)
+groupdel_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX)
groupmems_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX)
-groupmod_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX)
+groupmod_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX)
grpck_LDADD = $(LDADD) $(LIBSELINUX)
grpconv_LDADD = $(LDADD) $(LIBSELINUX)
grpunconv_LDADD = $(LDADD) $(LIBSELINUX)
@@ -74,7 +74,7 @@
login_nopam.c
-login_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT) $(LIBSKEY) $(LIBMD)
+login_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT)
-newgrp_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT)
+newgrp_LDADD = $(LDADD) $(LIBAUDIT) $(LIBCRYPT)
-newusers_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT)
+newusers_LDADD = $(LDADD) $(LIBSELINUX) $(LIBCRYPT)
nologin_LDADD =
-passwd_LDADD = $(LDADD) $(LIBPAM) $(LIBCRACK) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT)
+passwd_LDADD = $(LDADD) $(LIBPAM) $(LIBCRACK) $(LIBAUDIT) $(LIBSELINUX)
pwck_LDADD = $(LDADD) $(LIBSELINUX)
@@ -84,10 +84,10 @@
su.c \
suauth.c
-su_LDADD = $(LDADD) $(LIBPAM) $(LIBCRYPT) $(LIBSKEY) $(LIBMD)
+su_LDADD = $(LDADD) $(LIBPAM)
sulogin_LDADD = $(LDADD) $(LIBCRYPT)
-useradd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX)
-userdel_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX)
-usermod_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX)
+useradd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX)
+userdel_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX)
+usermod_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX)
vipw_LDADD = $(LDADD) $(LIBSELINUX)
install-am: all-am

65
debian/patches/507_32char_grnames.dpatch vendored
View File

@@ -1,65 +0,0 @@
#! /bin/sh -e
## 407_32char_grnames_240456.dpatch by xrgtn
##
## All lines beginning with `## DP:' are a description of the patch.
##
## DP: The patch allows 32 character long group names instead of only 16
## DP: characters.
## DP:
## DP: Comments from Karl Ramm (shadow 1:4.0.3-23, 28 Mar 2004 19:46:34 -0500):
## DP:
## DP: increase maximum group name size to 32 for no particularly good reason
## DP: closes: #240456
if [ $# -lt 1 ]; then
echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
exit 1
fi
[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts
patch_opts="${patch_opts:--f --no-backup-if-mismatch} ${2:+-d $2}"
case "$1" in
-patch) patch -p1 ${patch_opts} < $0;;
-unpatch) patch -R -p1 ${patch_opts} < $0;;
*)
echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
exit 1;;
esac
exit 0
@DPATCH@
Index: shadow-4.1.0/libmisc/chkname.c
===================================================================
--- shadow-4.1.0.orig/libmisc/chkname.c
+++ shadow-4.1.0/libmisc/chkname.c
@@ -70,10 +70,10 @@
bool is_valid_group_name (const char *name)
{
/*
- * Arbitrary limit for group names - max 16
- * characters (same as on HP-UX 10).
+ * Arbitrary limit for group names - max 32
+ * same as linux UT_NAMESIZE
*/
- if (strlen (name) > 16) {
+ if (strlen (name) > 32) {
return false;
}
return good_name (name);
Index: shadow-4.1.1/man/groupadd.8.xml
===================================================================
--- shadow-4.1.1.orig/man/groupadd.8.xml
+++ shadow-4.1.1/man/groupadd.8.xml
@@ -175,7 +175,7 @@
may follow. In regular expression terms: [a-z_][a-z0-9_-]*[$]
</para>
<para>
- Groupnames may only be up to 16 characters long.
+ Groupnames may only be up to 32 characters long.
</para>
<para>
You may not add a NIS or LDAP group. This must be performed on the

62
debian/patches/579_chowntty_debug vendored
View File

@@ -1,62 +0,0 @@
Goal: Provide more info when chown_tty() phase of login fails (see #332198).
Related: #332198 (helps to debug)
Status wrt upstream: Not forwarded (dunno if there's any point in this).
This patch increases verbosity of is_my_tty() routine which is called
from chown_tty() which in turn is part of login sequence. Submitter of
the bug #332198 sometimes gets telnet session refused, but message in
syslog is not at all helpful:
> ... login[453]: unable to determine TTY name, got /dev/pts/1
and in fact it's misleading, because tty name is detected OK, it's
is_my_tty() which is failing for a reason yet unknown (I suspect
corruption of utmp file).
Index: shadow-4.1.0/libmisc/chowntty.c
===================================================================
--- shadow-4.1.0.orig/libmisc/chowntty.c
+++ shadow-4.1.0/libmisc/chowntty.c
@@ -40,6 +40,7 @@
#include "defines.h"
#include <pwd.h>
#include "getdef.h"
+#include <sys/sysmacros.h>
/*
* is_my_tty -- determine if "tty" is the same as TTY stdin is using
*/
@@ -47,13 +48,31 @@
{
struct stat by_name, by_fd;
- if ((stat (tty, &by_name) != 0) || (fstat (0, &by_fd) != 0)) {
+ if (stat (tty, &by_name) != 0) {
+ /* Can use neither strerror() nor "%m" sequence -- first
+ * is locale-dependent (while SYSLOG isn't) and for second
+ * the SYSLOG macro isn't errno-transparent. --xrgtn */
+ int e = errno;
+ SYSLOG ((LOG_WARN, "can't stat(`%s'): errno %i\n", tty, e));
return false;
}
- if (by_name.st_rdev != by_fd.st_rdev) {
+ if (fstat (0, &by_fd) != 0) {
+ int e = errno;
+ SYSLOG ((LOG_WARN, "can't fstat(stdin): errno %i\n", e));
return false;
- } else {
+ }
+
+ if (by_name.st_rdev != by_fd.st_rdev) {
+ SYSLOG ((LOG_WARN,
+ "`%s'.st_rdev(%u,%u) != stdin.st_rdev(%u,%u)\n",
+ tty,
+ /* XXX: dev_t is 64bit, gnu_dev_mXXor are used
+ * which are GNU extn */
+ major(by_name.st_rdev), minor(by_name.st_rdev),
+ major(by_fd.st_rdev), minor(by_fd.st_rdev)));
+ return false;
+ } else {
return true;
}
}

36
debian/patches/592_manpages_typos vendored
View File

@@ -1,36 +0,0 @@
Goal: fix some typos in the XML manpages.
Fixes: #352135, 369806
Status wrt upstream: Debian specific.
It is probably a bug of docbook-xsl 1.68.1-0.1
Index: shadow-4.1.0/man/passwd.1.xml
===================================================================
--- shadow-4.1.0.orig/man/passwd.1.xml
+++ shadow-4.1.0/man/passwd.1.xml
@@ -97,8 +97,8 @@
<title>Hints for user passwords</title>
<para>
The security of a password depends upon the strength of the
- encryption algorithm and the size of the key space. The
- <emphasis>UNIX</emphasis> System encryption method is based on the
+ encryption algorithm and the size of the key space.
+ The <emphasis>UNIX</emphasis> System encryption method is based on the
NBS DES algorithm and is very secure. The size of the key space
depends upon the randomness of the password which is selected.
</para>
Index: shadow-4.1.0/man/useradd.8.xml
===================================================================
--- shadow-4.1.0.orig/man/useradd.8.xml
+++ shadow-4.1.0/man/useradd.8.xml
@@ -46,7 +46,7 @@
<title>DESCRIPTION</title>
<para>
When invoked without the <option>-D</option> option, the
- <command>useradd</command> command creates a new user account using
+ <command>useradd</command> command creates a new user account using
the values specified on the command line plus the default values from
the system. Depending on command line options, the
<command>useradd</command> command

8
debian/patches/series vendored
View File

@@ -10,24 +10,16 @@
008_login_log_failure_in_FTMP
429_login_FAILLOG_ENAB
401_cppw_src.dpatch
504_undef_USE_PAM.dpatch
504_undef_USE_PAM.nolibpam
506_relaxed_usernames
507_32char_grnames.dpatch
542_useradd-O_option
501_commonio_group_shadow
463_login_delay_obeys_to_PAM
523_su_arguments_are_concatenated
523_su_arguments_are_no_more_concatenated_by_default
579_chowntty_debug
483_su_fakelogin_wrong_arg0
592_manpages_typos
403_fix_PATH-MAX_hurd
508_nologin_in_usr_sbin
505_useradd_recommend_adduser
415_login_put-echoctl-back
302_vim_selinux_support
200_Czech_binary_translation
494_passwd_lock-no_account_lock
302_remove_non_translated_polish_manpages
402_cppw_selinux

2
debian/rules vendored
View File

@@ -23,7 +23,7 @@ DEB_AUTO_UPDATE_AUTOCONF = 1.9
DEB_AUTO_UPDATE_AUTOMAKE = 1.9
# Adds extra options when calling the configure script:
DEB_CONFIGURE_EXTRA_FLAGS := --disable-shared --without-libcrack --without-audit --mandir=/usr/share/man --with-libpam --enable-shadowgrp --enable-man
DEB_CONFIGURE_EXTRA_FLAGS := --disable-shared --without-libcrack --without-audit --mandir=/usr/share/man --with-libpam --enable-shadowgrp --enable-man --disable-account-tools-setuid --with-group-name-max-length=32
ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
DEB_CONFIGURE_EXTRA_FLAGS += --host=$(DEB_HOST_GNU_TYPE)
endif