diff --git a/debian/patches/debian/Adapt-login.defs-for-Debian.patch b/debian/patches/debian/Adapt-login.defs-for-Debian.patch index 983b60f5..111d39de 100644 --- a/debian/patches/debian/Adapt-login.defs-for-Debian.patch +++ b/debian/patches/debian/Adapt-login.defs-for-Debian.patch @@ -5,12 +5,13 @@ Subject: Adapt login.defs for Debian Remove settings only applicable to shadow's su, which we do not use. Remove settings only applicable without PAM support enabled. Remove obscure commented-out settings. +Remove explanation about write(1), which Debian does not ship anymore. --- - etc/login.defs | 372 ++++++++------------------------------------------------- - 1 file changed, 51 insertions(+), 321 deletions(-) + etc/login.defs | 375 ++++++++------------------------------------------------- + 1 file changed, 47 insertions(+), 328 deletions(-) diff --git a/etc/login.defs b/etc/login.defs -index 33622c2..f44f381 100644 +index 33622c2..91d3ec4 100644 --- a/etc/login.defs +++ b/etc/login.defs @@ -1,24 +1,38 @@ @@ -176,7 +177,7 @@ index 33622c2..f44f381 100644 # # If defined, file which inhibits all the usual chatter during the login # sequence. If a full pathname, then hushed mode will be enabled if the -@@ -139,27 +55,12 @@ MAIL_DIR /var/spool/mail +@@ -139,40 +55,21 @@ MAIL_DIR /var/spool/mail HUSHLOGIN_FILE .hushlogin #HUSHLOGIN_FILE /etc/hushlogins @@ -205,22 +206,24 @@ index 33622c2..f44f381 100644 +ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games # - # Terminal permissions -@@ -172,6 +73,13 @@ ENV_PATH PATH=/bin:/usr/bin - # and TTYPERM as 0620. Otherwise leave TTYGROUP commented out and - # set TTYPERM to either 622 or 600. +-# Terminal permissions ++# Terminal permissions for terminals after login(1). ++# These settings are ignored for remote and other logins. # -+# In Debian, write(1) similar programs are setgid tty. -+# However, the default and recommended value for TTYPERM is still 0600 -+# to not allow anyone to write to anyone else console or terminal. -+# -+# Users can still allow other people to write them by issuing -+# the "mesg y" command. -+# - TTYGROUP tty + # TTYGROUP Login tty will be assigned this group ownership. + # TTYPERM Login tty will be set to this permission. + # +-# If you have a write(1) program which is "setgid" to a special group +-# which owns the terminals, define TTYGROUP as the number of such group +-# and TTYPERM as 0620. Otherwise leave TTYGROUP commented out and +-# set TTYPERM to either 622 or 600. +-# +-TTYGROUP tty ++#TTYGROUP tty TTYPERM 0600 -@@ -180,61 +88,35 @@ TTYPERM 0600 + # +@@ -180,61 +77,35 @@ TTYPERM 0600 # # ERASECHAR Terminal ERASE character ('\010' = backspace). # KILLCHAR Terminal KILL character ('\025' = CTRL/U). @@ -285,7 +288,7 @@ index 33622c2..f44f381 100644 # Extra per user uids SUB_UID_MIN 100000 SUB_UID_MAX 600100000 -@@ -246,8 +128,8 @@ SUB_UID_COUNT 65536 +@@ -246,8 +117,8 @@ SUB_UID_COUNT 65536 GID_MIN 1000 GID_MAX 60000 # System accounts @@ -296,7 +299,7 @@ index 33622c2..f44f381 100644 # Extra per user group ids SUB_GID_MIN 100000 SUB_GID_MAX 600100000 -@@ -255,6 +137,9 @@ SUB_GID_COUNT 65536 +@@ -255,6 +126,9 @@ SUB_GID_COUNT 65536 # # Max number of login(1) retries if password is bad @@ -306,7 +309,7 @@ index 33622c2..f44f381 100644 # LOGIN_RETRIES 5 -@@ -263,28 +148,6 @@ LOGIN_RETRIES 5 +@@ -263,28 +137,6 @@ LOGIN_RETRIES 5 # LOGIN_TIMEOUT 60 @@ -335,7 +338,7 @@ index 33622c2..f44f381 100644 # # Which fields may be changed by regular users using chfn(1) - use # any combination of letters "frwh" (full name, room number, work -@@ -294,29 +157,6 @@ CHFN_AUTH yes +@@ -294,29 +146,6 @@ CHFN_AUTH yes CHFN_RESTRICT rwh # @@ -365,7 +368,7 @@ index 33622c2..f44f381 100644 # If set to MD5, MD5-based algorithm will be used for encrypting password # If set to SHA256, SHA256-based algorithm will be used for encrypting password # If set to SHA512, SHA512-based algorithm will be used for encrypting password -@@ -326,66 +166,10 @@ CHFN_RESTRICT rwh +@@ -326,66 +155,10 @@ CHFN_RESTRICT rwh # MD5 and DES should not be used for new hashes, see crypt(5) for recommendations. # Overrides the MD5_CRYPT_ENAB option # @@ -434,7 +437,7 @@ index 33622c2..f44f381 100644 # # Should login be allowed if we can't cd to the home directory? -@@ -401,12 +185,6 @@ DEFAULT_HOME yes +@@ -401,12 +174,6 @@ DEFAULT_HOME yes # NONEXISTENT /nonexistent @@ -447,7 +450,7 @@ index 33622c2..f44f381 100644 # # If defined, this command is run when removing a user. # It should remove any at/cron/print jobs etc. owned by -@@ -415,59 +193,11 @@ ENVIRON_FILE /etc/environment +@@ -415,59 +182,11 @@ ENVIRON_FILE /etc/environment #USERDEL_CMD /usr/sbin/userdel_local # diff --git a/debian/patches/upstream/lib-user_busy.c-Include-utmpx.h.patch b/debian/patches/upstream/lib-user_busy.c-Include-utmpx.h.patch index 24b6a905..d2309147 100644 --- a/debian/patches/upstream/lib-user_busy.c-Include-utmpx.h.patch +++ b/debian/patches/upstream/lib-user_busy.c-Include-utmpx.h.patch @@ -1,4 +1,3 @@ -From b2b37863a62af83deb21284ae156aa425bed0cb9 Mon Sep 17 00:00:00 2001 From: Pino Toscano Date: Tue, 10 Sep 2024 14:36:49 +0200 Subject: [PATCH] lib/user_busy.c: Include @@ -14,6 +13,8 @@ Signed-off-by: Pino Toscano lib/user_busy.c | 1 + 1 file changed, 1 insertion(+) +diff --git a/lib/user_busy.c b/lib/user_busy.c +index a622376..b559405 100644 --- a/lib/user_busy.c +++ b/lib/user_busy.c @@ -17,6 +17,7 @@