VesperOS/shadow
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

* debian/patches/*: Updated patches to the new quilt and shadow versions.

Browse Source
This commit is contained in:
nekral-guest
2009-05-21 15:30:36 +00:00
parent cb8f35691a
commit f121e979bb
18 changed files with 134 additions and 192 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
debian/changelog vendored
View File

@@ -12,8 +12,9 @@ shadow (1:4.1.4.1-1) unstable; urgency=low
+ debian/patches/506_relaxed_usernames
* debian/login.defs: Removed comment about MD5_CRYPT. MD5_CRYPT_ENAB is no
more used by chpasswd and newusers.
* debian/patches/*: Updated patches to the new quilt and shadow versions.
-- Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net> Thu, 21 May 2009 17:18:02 +0200
-- Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net> Thu, 21 May 2009 17:29:42 +0200
shadow (1:4.1.4-3) unstable; urgency=low

20
debian/patches/008_login_log_failure_in_FTMP vendored
View File

@@ -4,11 +4,9 @@ Notes:
* I'm not sure login should add an entry in the FTMP file when PAM is used.
(but nothing in /etc/login.defs indicates that the failure is not logged)
Index: shadow-4.1.0/src/login.c
===================================================================
--- shadow-4.1.0.orig/src/login.c
+++ shadow-4.1.0/src/login.c
@@ -722,6 +722,24 @@
--- a/src/login.c
+++ b/src/login.c
@@ -832,6 +832,24 @@
(void) puts ("");
(void) puts (_("Login incorrect"));
@@ -32,12 +30,10 @@ Index: shadow-4.1.0/src/login.c
+
if (failcount >= retries) {
SYSLOG ((LOG_NOTICE,
"TOO MANY LOGIN TRIES (%d)%s FOR '%s'",
Index: shadow-4.1.0/lib/getdef.c
===================================================================
--- shadow-4.1.0.orig/lib/getdef.c
+++ shadow-4.1.0/lib/getdef.c
@@ -58,6 +58,7 @@
"TOO MANY LOGIN TRIES (%u)%s FOR '%s'",
--- a/lib/getdef.c
+++ b/lib/getdef.c
@@ -62,6 +62,7 @@
{"ERASECHAR", NULL},
{"FAIL_DELAY", NULL},
{"FAKE_SHELL", NULL},
@@ -45,7 +41,7 @@ Index: shadow-4.1.0/lib/getdef.c
{"GID_MAX", NULL},
{"GID_MIN", NULL},
{"HUSHLOGIN_FILE", NULL},
@@ -93,7 +94,6 @@
@@ -103,7 +104,6 @@
{"ENVIRON_FILE", NULL},
{"ENV_TZ", NULL},
{"FAILLOG_ENAB", NULL},

10
debian/patches/008_su_get_PAM_username vendored
View File

@@ -18,11 +18,9 @@ PAM_USER description:
See also: https://www.redhat.com/archives/pam-list/2008-May/msg00009.html
Index: shadow-4.1.0/src/su.c
===================================================================
--- shadow-4.1.0.orig/src/su.c
+++ shadow-4.1.0/src/su.c
@@ -309,6 +309,8 @@
--- a/src/su.c
+++ b/src/su.c
@@ -325,6 +325,8 @@
char **envp = environ;
char *shellstr = NULL;
char *command = NULL;
@@ -31,7 +29,7 @@ Index: shadow-4.1.0/src/su.c
#ifdef USE_PAM
char **envcp;
@@ -674,6 +676,14 @@
@@ -728,6 +730,14 @@
su_failure (tty);
}
}

12
debian/patches/008_su_no_sanitize_env vendored
View File

@@ -1,13 +1,11 @@
Index: shadow-4.1.0/src/su.c
===================================================================
--- shadow-4.1.0.orig/src/su.c
+++ shadow-4.1.0/src/su.c
@@ -326,7 +326,7 @@
--- a/src/su.c
+++ b/src/su.c
@@ -342,7 +342,7 @@
#endif
#endif /* !USE_PAM */
- sanitize_env ();
+ /* sanitize_env (); */
setlocale (LC_ALL, "");
bindtextdomain (PACKAGE, LOCALEDIR);
(void) setlocale (LC_ALL, "");
(void) bindtextdomain (PACKAGE, LOCALEDIR);

22
debian/patches/401_cppw_src.dpatch vendored
View File

@@ -5,10 +5,8 @@
## DP: Add cppw / cpgr
@DPATCH@
Index: shadow-4.1.0/src/cppw.c
===================================================================
--- /dev/null
+++ shadow-4.1.0/src/cppw.c
+++ b/src/cppw.c
@@ -0,0 +1,199 @@
+/*
+ cppw, cpgr copy with locking given file over the password or group file
@@ -209,10 +207,8 @@ Index: shadow-4.1.0/src/cppw.c
+
+ return 0;
+}
Index: shadow-4.1.0/src/Makefile.am
===================================================================
--- shadow-4.1.0.orig/src/Makefile.am
+++ shadow-4.1.0/src/Makefile.am
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -25,6 +25,7 @@
sbin_PROGRAMS = nologin
ubin_PROGRAMS = faillog lastlog chage chfn chsh expiry gpasswd newgrp passwd
@@ -221,19 +217,17 @@ Index: shadow-4.1.0/src/Makefile.am
chgpasswd \
chpasswd \
groupadd \
@@ -59,6 +60,7 @@
@@ -75,6 +76,7 @@
chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT)
chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT) $(LIBSKEY) $(LIBMD)
chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT)
+cppw_LDADD = $(LDADD) $(LIBSELINUX)
gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT)
groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
Index: shadow-4.1.0/po/POTFILES.in
===================================================================
--- shadow-4.1.0.orig/po/POTFILES.in
+++ shadow-4.1.0/po/POTFILES.in
@@ -61,6 +61,7 @@
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -79,6 +79,7 @@
src/chgpasswd.c
src/chpasswd.c
src/chsh.c

10
debian/patches/402_cppw_selinux vendored
View File

@@ -9,10 +9,8 @@ Status wrt upstream: cppw is not available upstream.
Depends on 401_cppw_src.dpatch
Index: shadow-4.1.2/src/cppw.c
===================================================================
--- shadow-4.1.2.orig/src/cppw.c 2008-09-12 01:22:46.328002759 +0200
+++ shadow-4.1.2/src/cppw.c 2008-09-12 01:34:43.212006991 +0200
--- a/src/cppw.c
+++ b/src/cppw.c
@@ -34,6 +34,9 @@
#include <sys/types.h>
#include <signal.h>
@@ -23,7 +21,7 @@ Index: shadow-4.1.2/src/cppw.c
#include "prototypes.h"
#include "pwio.h"
#include "shadowio.h"
@@ -114,6 +117,22 @@
@@ -115,6 +118,22 @@
filenewname = filenew;
if (access(file, F_OK)) cppwexit(file, 1, 1);
@@ -46,7 +44,7 @@ Index: shadow-4.1.2/src/cppw.c
if (!file_lock()) cppwexit("Couldn't lock file", errno, 5);
filelocked = 1;
@@ -134,6 +153,15 @@
@@ -135,6 +154,15 @@
cppwexit(0,0,1);
}

18
debian/patches/428_grpck_add_prune_option vendored
View File

@@ -5,19 +5,17 @@ Fixes: #103385
Status wrt upstream: It could certainly be submitted to upstream.
Index: shadow-4.1.0/src/grpck.c
===================================================================
--- shadow-4.1.0.orig/src/grpck.c
+++ shadow-4.1.0/src/grpck.c
@@ -139,6 +139,7 @@
--- a/src/grpck.c
+++ b/src/grpck.c
@@ -79,6 +79,7 @@
/* Options */
static bool read_only = false;
static bool sort_mode = false;
+static bool prune = false;
/* local function prototypes */
static void usage (void);
@@ -163,7 +164,7 @@
static void fail_exit (int status);
@@ -178,7 +179,7 @@
/*
* Parse the command line arguments
*/
@@ -26,7 +24,7 @@ Index: shadow-4.1.0/src/grpck.c
switch (arg) {
case 'q':
/* quiet - ignored for now */
@@ -174,6 +175,9 @@
@@ -189,6 +190,9 @@
case 's':
sort_mode = true;
break;
@@ -36,7 +34,7 @@ Index: shadow-4.1.0/src/grpck.c
default:
usage ();
}
@@ -296,9 +300,14 @@
@@ -474,7 +478,12 @@
/*
* prompt the user to delete the entry or not
*/
@@ -50,5 +48,3 @@ Index: shadow-4.1.0/src/grpck.c
continue;
}
/*
* All group file deletions wind up here. This code

20
debian/patches/429_login_FAILLOG_ENAB vendored
View File

@@ -7,10 +7,8 @@ Fixes: #192849
Note: It could be removed if pam_tally could report the number of failures
preceding a successful login.
Index: shadow-4.1.3.1/src/login.c
===================================================================
--- shadow-4.1.3.1.orig/src/login.c 2009-05-04 19:38:24.668839562 +0200
+++ shadow-4.1.3.1/src/login.c 2009-05-04 19:50:43.360832944 +0200
--- a/src/login.c
+++ b/src/login.c
@@ -131,9 +131,9 @@
const char *host,
/*@null@*/const struct utmp *utent);
@@ -24,13 +22,13 @@ Index: shadow-4.1.3.1/src/login.c
#else
@@ -792,6 +792,9 @@
SYSLOG ((LOG_NOTICE,
"TOO MANY LOGIN TRIES (%d)%s FOR '%s'",
"TOO MANY LOGIN TRIES (%u)%s FOR '%s'",
failcount, fromhost, failent_user));
+ if ((NULL != pwd) && getdef_bool("FAILLOG_ENAB")) {
+ failure (pwd->pw_uid, tty, &faillog);
+ }
fprintf(stderr,
_("Maximum number of tries exceeded (%d)\n"),
_("Maximum number of tries exceeded (%u)\n"),
failcount);
@@ -809,6 +812,14 @@
pam_strerror (pamh, retcode)));
@@ -58,7 +56,7 @@ Index: shadow-4.1.3.1/src/login.c
if (getdef_str("FTMP_FILE") != NULL) {
#ifdef USE_UTMPX
struct utmpx *failent =
@@ -1281,6 +1296,7 @@
@@ -1282,6 +1297,7 @@
*/
#ifndef USE_PAM
motd (); /* print the message of the day */
@@ -66,7 +64,7 @@ Index: shadow-4.1.3.1/src/login.c
if ( getdef_bool ("FAILLOG_ENAB")
&& (0 != faillog.fail_cnt)) {
failprint (&faillog);
@@ -1293,6 +1309,7 @@
@@ -1294,6 +1310,7 @@
username, (int) faillog.fail_cnt));
}
}
@@ -74,10 +72,8 @@ Index: shadow-4.1.3.1/src/login.c
if ( getdef_bool ("LASTLOG_ENAB")
&& (ll.ll_time != 0)) {
time_t ll_time = ll.ll_time;
Index: shadow-4.1.3.1/lib/getdef.c
===================================================================
--- shadow-4.1.3.1.orig/lib/getdef.c 2009-05-04 19:38:24.672844662 +0200
+++ shadow-4.1.3.1/lib/getdef.c 2009-05-04 19:50:14.720839237 +0200
--- a/lib/getdef.c
+++ b/lib/getdef.c
@@ -61,6 +61,7 @@
{"ENV_SUPATH", NULL},
{"ERASECHAR", NULL},

43
debian/patches/463_login_delay_obeys_to_PAM vendored
View File

@@ -7,11 +7,9 @@ Status wrt upstream: Forwarded but not applied yet
Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs
Index: shadow-4.1.0/src/login.c
===================================================================
--- shadow-4.1.0.orig/src/login.c
+++ shadow-4.1.0/src/login.c
@@ -331,7 +331,6 @@
--- a/src/login.c
+++ b/src/login.c
@@ -525,7 +525,6 @@
#if defined(HAVE_STRFTIME) && !defined(USE_PAM)
char ptime[80];
#endif
@@ -19,15 +17,15 @@ Index: shadow-4.1.0/src/login.c
unsigned int retries;
bool failed;
bool subroot = false;
@@ -354,6 +353,7 @@
char *pam_user;
char **ptr_pam_user = &pam_user;
@@ -546,6 +545,7 @@
pid_t child;
char *pam_user = NULL;
#else
+ unsigned int delay;
struct spwd *spwd = NULL;
#endif
/*
@@ -578,7 +578,6 @@
@@ -706,7 +706,6 @@
}
environ = newenvp; /* make new environment active */
@@ -35,7 +33,7 @@ Index: shadow-4.1.0/src/login.c
retries = getdef_unum ("LOGIN_RETRIES", RETRIES);
#ifdef USE_PAM
@@ -594,20 +593,15 @@
@@ -722,8 +721,7 @@
/*
* hostname & tty are either set to NULL or their correct values,
@@ -45,8 +43,7 @@ Index: shadow-4.1.0/src/login.c
*
* PAM_RHOST and PAM_TTY are used for authentication, only use
* information coming from login or from the caller (e.g. no utmp)
*/
retcode = pam_set_item (pamh, PAM_RHOST, hostname);
@@ -732,10 +730,6 @@
PAM_FAIL_CHECK;
retcode = pam_set_item (pamh, PAM_TTY, tty);
PAM_FAIL_CHECK;
@@ -55,9 +52,9 @@ Index: shadow-4.1.0/src/login.c
- PAM_FAIL_CHECK;
-#endif
/* if fflg, then the user has already been authenticated */
if (!fflg || (getuid () != 0)) {
int failcount = 0;
@@ -645,12 +639,6 @@
if (!fflg) {
unsigned int failcount = 0;
@@ -776,12 +770,6 @@
failed = false;
failcount++;
@@ -70,7 +67,7 @@ Index: shadow-4.1.0/src/login.c
retcode = pam_authenticate (pamh, 0);
@@ -956,14 +948,17 @@
@@ -1100,14 +1088,17 @@
free (username);
username = NULL;
@@ -83,16 +80,14 @@ Index: shadow-4.1.0/src/login.c
+ delay = getdef_unum ("FAIL_DELAY", 1);
if (delay > 0) {
(void) sleep (delay);
}
}
+#endif
puts (_("Login incorrect"));
(void) puts (_("Login incorrect"));
Index: shadow-4.1.0/lib/getdef.c
===================================================================
--- shadow-4.1.0.orig/lib/getdef.c
+++ shadow-4.1.0/lib/getdef.c
@@ -56,7 +56,6 @@
--- a/lib/getdef.c
+++ b/lib/getdef.c
@@ -60,7 +60,6 @@
{"ENV_PATH", NULL},
{"ENV_SUPATH", NULL},
{"ERASECHAR", NULL},
@@ -100,7 +95,7 @@ Index: shadow-4.1.0/lib/getdef.c
{"FAILLOG_ENAB", NULL},
{"FAKE_SHELL", NULL},
{"FTMP_FILE", NULL},
@@ -94,6 +93,7 @@
@@ -104,6 +103,7 @@
{"ENV_HZ", NULL},
{"ENVIRON_FILE", NULL},
{"ENV_TZ", NULL},

8
debian/patches/483_su_fakelogin_wrong_arg0 vendored
View File

@@ -2,11 +2,9 @@ Goal: shell's name must be -su when a su fakes a login
Status wrt upstream: not reported yet
Index: shadow-4.1.0/src/su.c
===================================================================
--- shadow-4.1.0.orig/src/su.c
+++ shadow-4.1.0/src/su.c
@@ -924,7 +924,7 @@
--- a/src/su.c
+++ b/src/su.c
@@ -1001,7 +1001,7 @@
* Use the shell and create an argv
* with the rest of the command line included.
*/

10
debian/patches/501_commonio_group_shadow vendored
View File

@@ -2,11 +2,9 @@ Goal: save the [g]shadow files with the 'shadow' group and mode 0440
Fixes: #166793
Index: shadow-4.1.0/lib/commonio.c
===================================================================
--- shadow-4.1.0.orig/lib/commonio.c
+++ shadow-4.1.0/lib/commonio.c
@@ -13,6 +13,7 @@
--- a/lib/commonio.c
+++ b/lib/commonio.c
@@ -44,6 +44,7 @@
#include <errno.h>
#include <stdio.h>
#include <signal.h>
@@ -14,7 +12,7 @@ Index: shadow-4.1.0/lib/commonio.c
#include "nscd.h"
#ifdef WITH_SELINUX
#include <selinux/selinux.h>
@@ -712,13 +713,20 @@
@@ -868,13 +869,20 @@
goto fail;
}
} else {

20
debian/patches/503_shadowconfig.8 vendored
View File

@@ -3,10 +3,8 @@ Goal: Document the shadowconfig utility
Status wrt upstream: The shadowconfig utility is debian specific.
Its man page also (but it used to be distributed)
Index: shadow-4.1.0/man/shadowconfig.8
===================================================================
--- /dev/null
+++ shadow-4.1.0/man/shadowconfig.8
+++ b/man/shadowconfig.8
@@ -0,0 +1,41 @@
+.\"Generated by db2man.xsl. Don't modify this, modify the source.
+.de Sh \" Subsection
@@ -49,10 +47,8 @@ Index: shadow-4.1.0/man/shadowconfig.8
+.PP
+Note that turning shadow passwords off and on again will lose all password aging information\&.
+
Index: shadow-4.1.0/man/shadowconfig.8.xml
===================================================================
--- /dev/null
+++ shadow-4.1.0/man/shadowconfig.8.xml
+++ b/man/shadowconfig.8.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
@@ -106,10 +102,8 @@ Index: shadow-4.1.0/man/shadowconfig.8.xml
+ </para>
+ </refsect1>
+</refentry>
Index: shadow-4.1.0/man/fr/shadowconfig.8
===================================================================
--- /dev/null
+++ shadow-4.1.0/man/fr/shadowconfig.8
+++ b/man/fr/shadowconfig.8
@@ -0,0 +1,26 @@
+.\" This file was generated with po4a. Translate the source file.
+.\"
@@ -137,10 +131,8 @@ Index: shadow-4.1.0/man/fr/shadowconfig.8
+.SH TRADUCTION
+Nicolas FRANÇOIS, 2004.
+Veuillez signaler toute erreur à <\fIdebian\-l10\-french@lists.debian.org\fR>.
Index: shadow-4.1.0/man/ja/shadowconfig.8
===================================================================
--- /dev/null
+++ shadow-4.1.0/man/ja/shadowconfig.8
+++ b/man/ja/shadowconfig.8
@@ -0,0 +1,25 @@
+.\" all right reserved,
+.\" Translated Tue Oct 30 11:59:11 JST 2001
@@ -167,10 +159,8 @@ Index: shadow-4.1.0/man/ja/shadowconfig.8
+
+.I /usr/share/doc/passwd/README.debian.gz
+には shadow パスワードとそれに関する特徴の簡単な紹介が書かれている。
Index: shadow-4.1.0/man/pl/shadowconfig.8
===================================================================
--- /dev/null
+++ shadow-4.1.0/man/pl/shadowconfig.8
+++ b/man/pl/shadowconfig.8
@@ -0,0 +1,27 @@
+.\" $Id: shadowconfig.8,v 1.3 2001/08/23 23:10:51 kloczek Exp $
+.\" {PTM/WK/1999-09-14}

18
debian/patches/505_useradd_recommend_adduser vendored
View File

@@ -4,11 +4,9 @@ Fixes: #406046
Status wrt upstream: Debian specific patch.
Index: shadow-4.1.0/man/useradd.8.xml
===================================================================
--- shadow-4.1.0.orig/man/useradd.8.xml
+++ shadow-4.1.0/man/useradd.8.xml
@@ -45,6 +45,12 @@
--- a/man/useradd.8.xml
+++ b/man/useradd.8.xml
@@ -78,6 +78,12 @@
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
@@ -19,13 +17,11 @@ Index: shadow-4.1.0/man/useradd.8.xml
+ </para>
+ <para>
When invoked without the <option>-D</option> option, the
<command>useradd</command> command creates a new user account using
<command>useradd</command> command creates a new user account using
the values specified on the command line plus the default values from
Index: shadow-4.1.0/man/userdel.8.xml
===================================================================
--- shadow-4.1.0.orig/man/userdel.8.xml
+++ shadow-4.1.0/man/userdel.8.xml
@@ -30,6 +30,12 @@
--- a/man/userdel.8.xml
+++ b/man/userdel.8.xml
@@ -59,6 +59,12 @@
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>

58
debian/patches/506_relaxed_usernames vendored
View File

@@ -17,21 +17,19 @@ Details:
than '-' as the leading character). Thus, the maintenance tools don't
anymore. closes: #79682, #166798, #171179
Index: shadow-4.1.0/libmisc/chkname.c
===================================================================
--- shadow-4.1.0.orig/libmisc/chkname.c
+++ shadow-4.1.0/libmisc/chkname.c
@@ -17,6 +17,7 @@
#endif
static int good_name (const char *name)
--- a/libmisc/chkname.c
+++ b/libmisc/chkname.c
@@ -48,6 +48,7 @@
static bool is_valid_name (const char *name)
{
+#if 0
/*
* User/group names must match [a-z_][a-z0-9_-]*[$]
*/
@@ -30,6 +31,20 @@
(*name == '$' && *(name + 1) == '\0')))
return 0;
@@ -66,6 +67,20 @@
return false;
}
}
+#endif
+ /*
@@ -48,21 +46,19 @@ Index: shadow-4.1.0/libmisc/chkname.c
+ return 0;
+ while (*++name);
return 1;
return true;
}
Index: shadow-4.1.0/man/useradd.8.xml
===================================================================
--- shadow-4.1.0.orig/man/useradd.8.xml
+++ shadow-4.1.0/man/useradd.8.xml
@@ -195,6 +195,7 @@
default is to not create the directory and to not copy any
files.
--- a/man/useradd.8.xml
+++ b/man/useradd.8.xml
@@ -197,6 +197,7 @@
<option>INACTIVE</option> variable in
<filename>/etc/default/useradd</filename>, or -1 by default.
</para>
+ <para>This option may not function correctly if the username has a / in it.</para>
</listitem>
</varlistentry>
<varlistentry>
@@ -372,10 +373,15 @@
@@ -607,12 +608,17 @@
</para>
<para>
@@ -71,19 +67,19 @@ Index: shadow-4.1.0/man/useradd.8.xml
followed by lower case letters, digits, underscores, or dashes.
They can end with a dollar sign.
In regular expression terms: [a-z_][a-z0-9_-]*[$]?
+ </para>
+ <para>
</para>
<para>
+ On Debian, the only constraints are that usernames must neither start
+ with a dash ('-') nor contain a colon (':') or a whitespace (space:' ',
+ end of line: '\n', tabulation: '\t', etc.).
+ </para>
+ <para>
Usernames may only be up to 32 characters long.
</para>
</refsect1>
Index: shadow-4.1.1/man/groupadd.8.xml
===================================================================
--- shadow-4.1.1.orig/man/groupadd.8.xml 2008-08-15 09:07:37.033120372 -0300
+++ shadow-4.1.1/man/groupadd.8.xml 2008-08-15 09:10:24.961112507 -0300
@@ -170,10 +170,15 @@
--- a/man/groupadd.8.xml
+++ b/man/groupadd.8.xml
@@ -223,12 +223,17 @@
<refsect1 id='caveats'>
<title>CAVEATS</title>
<para>
@@ -92,11 +88,13 @@ Index: shadow-4.1.1/man/groupadd.8.xml
followed by lower case letters, digits, underscores, or dashes.
They can end with a dollar sign.
In regular expression terms: [a-z_][a-z0-9_-]*[$]?
+ </para>
+ <para>
</para>
<para>
+ On Debian, the only constraints are that usernames must neither start
+ with a dash ('-') nor contain a colon (':') or a whitespace (space:' ',
+ end of line: '\n', tabulation: '\t', etc.).
+ </para>
+ <para>
Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long.
</para>
<para>
Groupnames may only be up to 16 characters long.

6
debian/patches/508_nologin_in_usr_sbin vendored
View File

@@ -1,7 +1,5 @@
Index: shadow-4.1.0/src/Makefile.am
===================================================================
--- shadow-4.1.0.orig/src/Makefile.am
+++ shadow-4.1.0/src/Makefile.am
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -22,7 +22,6 @@
# $prefix/bin and $prefix/sbin, no install-data hacks...)

8
debian/patches/523_su_arguments_are_concatenated vendored
View File

@@ -8,11 +8,9 @@ Status wrt upstream: This is a Debian specific patch.
Note: the fix of the man page is still missing.
(to be taken from the trunk)
Index: shadow-4.1.0/src/su.c
===================================================================
--- shadow-4.1.0.orig/src/su.c
+++ shadow-4.1.0/src/su.c
@@ -887,6 +887,35 @@
--- a/src/su.c
+++ b/src/su.c
@@ -953,6 +953,35 @@
argv[0] = "-c";
argv[1] = command;
}

20
debian/patches/523_su_arguments_are_no_more_concatenated_by_default vendored
View File

@@ -8,13 +8,11 @@ Etch.
Status wrt upstream: This patch is Debian specific.
Index: shadow-4.1.0/src/su.c
===================================================================
--- shadow-4.1.0.orig/src/su.c
+++ shadow-4.1.0/src/su.c
@@ -76,6 +76,19 @@
--- a/src/su.c
+++ b/src/su.c
@@ -86,6 +86,19 @@
/* If nonzero, change some environment vars to indicate the user su'd to. */
static int change_environment;
static bool change_environment;
+/*
+ * If nonzero, keep the old Debian behavior:
@@ -31,8 +29,8 @@ Index: shadow-4.1.0/src/su.c
+
#ifdef USE_PAM
static pam_handle_t *pamh = NULL;
static int caught = 0;
@@ -328,6 +341,8 @@
static bool caught = false;
@@ -344,6 +357,8 @@
#endif
#endif /* !USE_PAM */
@@ -40,9 +38,9 @@ Index: shadow-4.1.0/src/su.c
+
/* sanitize_env (); */
setlocale (LC_ALL, "");
@@ -891,7 +906,7 @@
* resulted string is always given to the shell with its
(void) setlocale (LC_ALL, "");
@@ -957,7 +972,7 @@
* resulting string is always given to the shell with its
* -c option.
*/
- {

20
debian/patches/542_useradd-O_option vendored
View File

@@ -5,11 +5,9 @@ Note: useradd.8 needs to be regenerated.
Status wrt upstream: not included as this is just specific
backward compatibility for Debian
Index: shadow-4.1.0/man/useradd.8.xml
===================================================================
--- shadow-4.1.0.orig/man/useradd.8.xml
+++ shadow-4.1.0/man/useradd.8.xml
@@ -224,6 +224,11 @@
--- a/man/useradd.8.xml
+++ b/man/useradd.8.xml
@@ -300,6 +300,11 @@
<replaceable>UID_MIN</replaceable>=<replaceable>10</replaceable>,<replaceable>UID_MAX</replaceable>=<replaceable>499</replaceable>
doesn't work yet.
</para>
@@ -21,11 +19,9 @@ Index: shadow-4.1.0/man/useradd.8.xml
</listitem>
</varlistentry>
<varlistentry>
Index: shadow-4.1.0/src/useradd.c
===================================================================
--- shadow-4.1.0.orig/src/useradd.c
+++ shadow-4.1.0/src/useradd.c
@@ -1009,9 +1009,9 @@
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -996,9 +996,9 @@
};
while ((c = getopt_long (argc, argv,
#ifdef WITH_SELINUX
@@ -37,8 +33,8 @@ Index: shadow-4.1.0/src/useradd.c
#endif
long_options, NULL)) != -1) {
switch (c) {
@@ -1125,6 +1125,7 @@
kflg++;
@@ -1120,6 +1120,7 @@
kflg = true;
break;
case 'K':
+ case 'O': /* compatibility with previous Debian useradd */