diff --git a/debian/changelog b/debian/changelog index d9330782..d8a86b18 100644 --- a/debian/changelog +++ b/debian/changelog @@ -12,8 +12,9 @@ shadow (1:4.1.4.1-1) unstable; urgency=low + debian/patches/506_relaxed_usernames * debian/login.defs: Removed comment about MD5_CRYPT. MD5_CRYPT_ENAB is no more used by chpasswd and newusers. + * debian/patches/*: Updated patches to the new quilt and shadow versions. - -- Nicolas FRANCOIS (Nekral) Thu, 21 May 2009 17:18:02 +0200 + -- Nicolas FRANCOIS (Nekral) Thu, 21 May 2009 17:29:42 +0200 shadow (1:4.1.4-3) unstable; urgency=low diff --git a/debian/patches/008_login_log_failure_in_FTMP b/debian/patches/008_login_log_failure_in_FTMP index 48d253c7..ea46d233 100644 --- a/debian/patches/008_login_log_failure_in_FTMP +++ b/debian/patches/008_login_log_failure_in_FTMP @@ -4,11 +4,9 @@ Notes: * I'm not sure login should add an entry in the FTMP file when PAM is used. (but nothing in /etc/login.defs indicates that the failure is not logged) -Index: shadow-4.1.0/src/login.c -=================================================================== ---- shadow-4.1.0.orig/src/login.c -+++ shadow-4.1.0/src/login.c -@@ -722,6 +722,24 @@ +--- a/src/login.c ++++ b/src/login.c +@@ -832,6 +832,24 @@ (void) puts (""); (void) puts (_("Login incorrect")); @@ -32,12 +30,10 @@ Index: shadow-4.1.0/src/login.c + if (failcount >= retries) { SYSLOG ((LOG_NOTICE, - "TOO MANY LOGIN TRIES (%d)%s FOR '%s'", -Index: shadow-4.1.0/lib/getdef.c -=================================================================== ---- shadow-4.1.0.orig/lib/getdef.c -+++ shadow-4.1.0/lib/getdef.c -@@ -58,6 +58,7 @@ + "TOO MANY LOGIN TRIES (%u)%s FOR '%s'", +--- a/lib/getdef.c ++++ b/lib/getdef.c +@@ -62,6 +62,7 @@ {"ERASECHAR", NULL}, {"FAIL_DELAY", NULL}, {"FAKE_SHELL", NULL}, @@ -45,7 +41,7 @@ Index: shadow-4.1.0/lib/getdef.c {"GID_MAX", NULL}, {"GID_MIN", NULL}, {"HUSHLOGIN_FILE", NULL}, -@@ -93,7 +94,6 @@ +@@ -103,7 +104,6 @@ {"ENVIRON_FILE", NULL}, {"ENV_TZ", NULL}, {"FAILLOG_ENAB", NULL}, diff --git a/debian/patches/008_su_get_PAM_username b/debian/patches/008_su_get_PAM_username index b88f72c4..ae128fc0 100644 --- a/debian/patches/008_su_get_PAM_username +++ b/debian/patches/008_su_get_PAM_username @@ -18,11 +18,9 @@ PAM_USER description: See also: https://www.redhat.com/archives/pam-list/2008-May/msg00009.html -Index: shadow-4.1.0/src/su.c -=================================================================== ---- shadow-4.1.0.orig/src/su.c -+++ shadow-4.1.0/src/su.c -@@ -309,6 +309,8 @@ +--- a/src/su.c ++++ b/src/su.c +@@ -325,6 +325,8 @@ char **envp = environ; char *shellstr = NULL; char *command = NULL; @@ -31,7 +29,7 @@ Index: shadow-4.1.0/src/su.c #ifdef USE_PAM char **envcp; -@@ -674,6 +676,14 @@ +@@ -728,6 +730,14 @@ su_failure (tty); } } diff --git a/debian/patches/008_su_no_sanitize_env b/debian/patches/008_su_no_sanitize_env index 87733380..625eb478 100644 --- a/debian/patches/008_su_no_sanitize_env +++ b/debian/patches/008_su_no_sanitize_env @@ -1,13 +1,11 @@ -Index: shadow-4.1.0/src/su.c -=================================================================== ---- shadow-4.1.0.orig/src/su.c -+++ shadow-4.1.0/src/su.c -@@ -326,7 +326,7 @@ +--- a/src/su.c ++++ b/src/su.c +@@ -342,7 +342,7 @@ #endif #endif /* !USE_PAM */ - sanitize_env (); + /* sanitize_env (); */ - setlocale (LC_ALL, ""); - bindtextdomain (PACKAGE, LOCALEDIR); + (void) setlocale (LC_ALL, ""); + (void) bindtextdomain (PACKAGE, LOCALEDIR); diff --git a/debian/patches/401_cppw_src.dpatch b/debian/patches/401_cppw_src.dpatch index 8522052c..8dab4587 100755 --- a/debian/patches/401_cppw_src.dpatch +++ b/debian/patches/401_cppw_src.dpatch @@ -5,10 +5,8 @@ ## DP: Add cppw / cpgr @DPATCH@ -Index: shadow-4.1.0/src/cppw.c -=================================================================== --- /dev/null -+++ shadow-4.1.0/src/cppw.c ++++ b/src/cppw.c @@ -0,0 +1,199 @@ +/* + cppw, cpgr copy with locking given file over the password or group file @@ -209,10 +207,8 @@ Index: shadow-4.1.0/src/cppw.c + + return 0; +} -Index: shadow-4.1.0/src/Makefile.am -=================================================================== ---- shadow-4.1.0.orig/src/Makefile.am -+++ shadow-4.1.0/src/Makefile.am +--- a/src/Makefile.am ++++ b/src/Makefile.am @@ -25,6 +25,7 @@ sbin_PROGRAMS = nologin ubin_PROGRAMS = faillog lastlog chage chfn chsh expiry gpasswd newgrp passwd @@ -221,19 +217,17 @@ Index: shadow-4.1.0/src/Makefile.am chgpasswd \ chpasswd \ groupadd \ -@@ -59,6 +60,7 @@ +@@ -75,6 +76,7 @@ chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT) - chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT) $(LIBSKEY) $(LIBMD) + chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT) +cppw_LDADD = $(LDADD) $(LIBSELINUX) gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -Index: shadow-4.1.0/po/POTFILES.in -=================================================================== ---- shadow-4.1.0.orig/po/POTFILES.in -+++ shadow-4.1.0/po/POTFILES.in -@@ -61,6 +61,7 @@ +--- a/po/POTFILES.in ++++ b/po/POTFILES.in +@@ -79,6 +79,7 @@ src/chgpasswd.c src/chpasswd.c src/chsh.c diff --git a/debian/patches/402_cppw_selinux b/debian/patches/402_cppw_selinux index bf917503..5beb3a9e 100644 --- a/debian/patches/402_cppw_selinux +++ b/debian/patches/402_cppw_selinux @@ -9,10 +9,8 @@ Status wrt upstream: cppw is not available upstream. Depends on 401_cppw_src.dpatch -Index: shadow-4.1.2/src/cppw.c -=================================================================== ---- shadow-4.1.2.orig/src/cppw.c 2008-09-12 01:22:46.328002759 +0200 -+++ shadow-4.1.2/src/cppw.c 2008-09-12 01:34:43.212006991 +0200 +--- a/src/cppw.c ++++ b/src/cppw.c @@ -34,6 +34,9 @@ #include #include @@ -23,7 +21,7 @@ Index: shadow-4.1.2/src/cppw.c #include "prototypes.h" #include "pwio.h" #include "shadowio.h" -@@ -114,6 +117,22 @@ +@@ -115,6 +118,22 @@ filenewname = filenew; if (access(file, F_OK)) cppwexit(file, 1, 1); @@ -46,7 +44,7 @@ Index: shadow-4.1.2/src/cppw.c if (!file_lock()) cppwexit("Couldn't lock file", errno, 5); filelocked = 1; -@@ -134,6 +153,15 @@ +@@ -135,6 +154,15 @@ cppwexit(0,0,1); } diff --git a/debian/patches/428_grpck_add_prune_option b/debian/patches/428_grpck_add_prune_option index c6ecc3cb..8d5592ba 100644 --- a/debian/patches/428_grpck_add_prune_option +++ b/debian/patches/428_grpck_add_prune_option @@ -5,19 +5,17 @@ Fixes: #103385 Status wrt upstream: It could certainly be submitted to upstream. -Index: shadow-4.1.0/src/grpck.c -=================================================================== ---- shadow-4.1.0.orig/src/grpck.c -+++ shadow-4.1.0/src/grpck.c -@@ -139,6 +139,7 @@ +--- a/src/grpck.c ++++ b/src/grpck.c +@@ -79,6 +79,7 @@ /* Options */ static bool read_only = false; static bool sort_mode = false; +static bool prune = false; /* local function prototypes */ - static void usage (void); -@@ -163,7 +164,7 @@ + static void fail_exit (int status); +@@ -178,7 +179,7 @@ /* * Parse the command line arguments */ @@ -26,7 +24,7 @@ Index: shadow-4.1.0/src/grpck.c switch (arg) { case 'q': /* quiet - ignored for now */ -@@ -174,6 +175,9 @@ +@@ -189,6 +190,9 @@ case 's': sort_mode = true; break; @@ -36,7 +34,7 @@ Index: shadow-4.1.0/src/grpck.c default: usage (); } -@@ -296,9 +300,14 @@ +@@ -474,7 +478,12 @@ /* * prompt the user to delete the entry or not */ @@ -50,5 +48,3 @@ Index: shadow-4.1.0/src/grpck.c continue; } - /* - * All group file deletions wind up here. This code diff --git a/debian/patches/429_login_FAILLOG_ENAB b/debian/patches/429_login_FAILLOG_ENAB index 43b3749d..a6a1e34c 100644 --- a/debian/patches/429_login_FAILLOG_ENAB +++ b/debian/patches/429_login_FAILLOG_ENAB @@ -7,10 +7,8 @@ Fixes: #192849 Note: It could be removed if pam_tally could report the number of failures preceding a successful login. -Index: shadow-4.1.3.1/src/login.c -=================================================================== ---- shadow-4.1.3.1.orig/src/login.c 2009-05-04 19:38:24.668839562 +0200 -+++ shadow-4.1.3.1/src/login.c 2009-05-04 19:50:43.360832944 +0200 +--- a/src/login.c ++++ b/src/login.c @@ -131,9 +131,9 @@ const char *host, /*@null@*/const struct utmp *utent); @@ -24,13 +22,13 @@ Index: shadow-4.1.3.1/src/login.c #else @@ -792,6 +792,9 @@ SYSLOG ((LOG_NOTICE, - "TOO MANY LOGIN TRIES (%d)%s FOR '%s'", + "TOO MANY LOGIN TRIES (%u)%s FOR '%s'", failcount, fromhost, failent_user)); + if ((NULL != pwd) && getdef_bool("FAILLOG_ENAB")) { + failure (pwd->pw_uid, tty, &faillog); + } fprintf(stderr, - _("Maximum number of tries exceeded (%d)\n"), + _("Maximum number of tries exceeded (%u)\n"), failcount); @@ -809,6 +812,14 @@ pam_strerror (pamh, retcode))); @@ -58,7 +56,7 @@ Index: shadow-4.1.3.1/src/login.c if (getdef_str("FTMP_FILE") != NULL) { #ifdef USE_UTMPX struct utmpx *failent = -@@ -1281,6 +1296,7 @@ +@@ -1282,6 +1297,7 @@ */ #ifndef USE_PAM motd (); /* print the message of the day */ @@ -66,7 +64,7 @@ Index: shadow-4.1.3.1/src/login.c if ( getdef_bool ("FAILLOG_ENAB") && (0 != faillog.fail_cnt)) { failprint (&faillog); -@@ -1293,6 +1309,7 @@ +@@ -1294,6 +1310,7 @@ username, (int) faillog.fail_cnt)); } } @@ -74,10 +72,8 @@ Index: shadow-4.1.3.1/src/login.c if ( getdef_bool ("LASTLOG_ENAB") && (ll.ll_time != 0)) { time_t ll_time = ll.ll_time; -Index: shadow-4.1.3.1/lib/getdef.c -=================================================================== ---- shadow-4.1.3.1.orig/lib/getdef.c 2009-05-04 19:38:24.672844662 +0200 -+++ shadow-4.1.3.1/lib/getdef.c 2009-05-04 19:50:14.720839237 +0200 +--- a/lib/getdef.c ++++ b/lib/getdef.c @@ -61,6 +61,7 @@ {"ENV_SUPATH", NULL}, {"ERASECHAR", NULL}, diff --git a/debian/patches/463_login_delay_obeys_to_PAM b/debian/patches/463_login_delay_obeys_to_PAM index 5ec5df49..4173aee4 100644 --- a/debian/patches/463_login_delay_obeys_to_PAM +++ b/debian/patches/463_login_delay_obeys_to_PAM @@ -7,11 +7,9 @@ Status wrt upstream: Forwarded but not applied yet Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs -Index: shadow-4.1.0/src/login.c -=================================================================== ---- shadow-4.1.0.orig/src/login.c -+++ shadow-4.1.0/src/login.c -@@ -331,7 +331,6 @@ +--- a/src/login.c ++++ b/src/login.c +@@ -525,7 +525,6 @@ #if defined(HAVE_STRFTIME) && !defined(USE_PAM) char ptime[80]; #endif @@ -19,15 +17,15 @@ Index: shadow-4.1.0/src/login.c unsigned int retries; bool failed; bool subroot = false; -@@ -354,6 +353,7 @@ - char *pam_user; - char **ptr_pam_user = &pam_user; +@@ -546,6 +545,7 @@ + pid_t child; + char *pam_user = NULL; #else + unsigned int delay; struct spwd *spwd = NULL; #endif /* -@@ -578,7 +578,6 @@ +@@ -706,7 +706,6 @@ } environ = newenvp; /* make new environment active */ @@ -35,7 +33,7 @@ Index: shadow-4.1.0/src/login.c retries = getdef_unum ("LOGIN_RETRIES", RETRIES); #ifdef USE_PAM -@@ -594,20 +593,15 @@ +@@ -722,8 +721,7 @@ /* * hostname & tty are either set to NULL or their correct values, @@ -45,8 +43,7 @@ Index: shadow-4.1.0/src/login.c * * PAM_RHOST and PAM_TTY are used for authentication, only use * information coming from login or from the caller (e.g. no utmp) - */ - retcode = pam_set_item (pamh, PAM_RHOST, hostname); +@@ -732,10 +730,6 @@ PAM_FAIL_CHECK; retcode = pam_set_item (pamh, PAM_TTY, tty); PAM_FAIL_CHECK; @@ -55,9 +52,9 @@ Index: shadow-4.1.0/src/login.c - PAM_FAIL_CHECK; -#endif /* if fflg, then the user has already been authenticated */ - if (!fflg || (getuid () != 0)) { - int failcount = 0; -@@ -645,12 +639,6 @@ + if (!fflg) { + unsigned int failcount = 0; +@@ -776,12 +770,6 @@ failed = false; failcount++; @@ -70,7 +67,7 @@ Index: shadow-4.1.0/src/login.c retcode = pam_authenticate (pamh, 0); -@@ -956,14 +948,17 @@ +@@ -1100,14 +1088,17 @@ free (username); username = NULL; @@ -83,16 +80,14 @@ Index: shadow-4.1.0/src/login.c + delay = getdef_unum ("FAIL_DELAY", 1); if (delay > 0) { (void) sleep (delay); - } + } +#endif - puts (_("Login incorrect")); + (void) puts (_("Login incorrect")); -Index: shadow-4.1.0/lib/getdef.c -=================================================================== ---- shadow-4.1.0.orig/lib/getdef.c -+++ shadow-4.1.0/lib/getdef.c -@@ -56,7 +56,6 @@ +--- a/lib/getdef.c ++++ b/lib/getdef.c +@@ -60,7 +60,6 @@ {"ENV_PATH", NULL}, {"ENV_SUPATH", NULL}, {"ERASECHAR", NULL}, @@ -100,7 +95,7 @@ Index: shadow-4.1.0/lib/getdef.c {"FAILLOG_ENAB", NULL}, {"FAKE_SHELL", NULL}, {"FTMP_FILE", NULL}, -@@ -94,6 +93,7 @@ +@@ -104,6 +103,7 @@ {"ENV_HZ", NULL}, {"ENVIRON_FILE", NULL}, {"ENV_TZ", NULL}, diff --git a/debian/patches/483_su_fakelogin_wrong_arg0 b/debian/patches/483_su_fakelogin_wrong_arg0 index e21edb88..de877b62 100644 --- a/debian/patches/483_su_fakelogin_wrong_arg0 +++ b/debian/patches/483_su_fakelogin_wrong_arg0 @@ -2,11 +2,9 @@ Goal: shell's name must be -su when a su fakes a login Status wrt upstream: not reported yet -Index: shadow-4.1.0/src/su.c -=================================================================== ---- shadow-4.1.0.orig/src/su.c -+++ shadow-4.1.0/src/su.c -@@ -924,7 +924,7 @@ +--- a/src/su.c ++++ b/src/su.c +@@ -1001,7 +1001,7 @@ * Use the shell and create an argv * with the rest of the command line included. */ diff --git a/debian/patches/501_commonio_group_shadow b/debian/patches/501_commonio_group_shadow index 4ad8a34f..4c227dff 100644 --- a/debian/patches/501_commonio_group_shadow +++ b/debian/patches/501_commonio_group_shadow @@ -2,11 +2,9 @@ Goal: save the [g]shadow files with the 'shadow' group and mode 0440 Fixes: #166793 -Index: shadow-4.1.0/lib/commonio.c -=================================================================== ---- shadow-4.1.0.orig/lib/commonio.c -+++ shadow-4.1.0/lib/commonio.c -@@ -13,6 +13,7 @@ +--- a/lib/commonio.c ++++ b/lib/commonio.c +@@ -44,6 +44,7 @@ #include #include #include @@ -14,7 +12,7 @@ Index: shadow-4.1.0/lib/commonio.c #include "nscd.h" #ifdef WITH_SELINUX #include -@@ -712,13 +713,20 @@ +@@ -868,13 +869,20 @@ goto fail; } } else { diff --git a/debian/patches/503_shadowconfig.8 b/debian/patches/503_shadowconfig.8 index 01078d47..9d78adf4 100644 --- a/debian/patches/503_shadowconfig.8 +++ b/debian/patches/503_shadowconfig.8 @@ -3,10 +3,8 @@ Goal: Document the shadowconfig utility Status wrt upstream: The shadowconfig utility is debian specific. Its man page also (but it used to be distributed) -Index: shadow-4.1.0/man/shadowconfig.8 -=================================================================== --- /dev/null -+++ shadow-4.1.0/man/shadowconfig.8 ++++ b/man/shadowconfig.8 @@ -0,0 +1,41 @@ +.\"Generated by db2man.xsl. Don't modify this, modify the source. +.de Sh \" Subsection @@ -49,10 +47,8 @@ Index: shadow-4.1.0/man/shadowconfig.8 +.PP +Note that turning shadow passwords off and on again will lose all password aging information\&. + -Index: shadow-4.1.0/man/shadowconfig.8.xml -=================================================================== --- /dev/null -+++ shadow-4.1.0/man/shadowconfig.8.xml ++++ b/man/shadowconfig.8.xml @@ -0,0 +1,52 @@ + + + + -Index: shadow-4.1.0/man/fr/shadowconfig.8 -=================================================================== --- /dev/null -+++ shadow-4.1.0/man/fr/shadowconfig.8 ++++ b/man/fr/shadowconfig.8 @@ -0,0 +1,26 @@ +.\" This file was generated with po4a. Translate the source file. +.\" @@ -137,10 +131,8 @@ Index: shadow-4.1.0/man/fr/shadowconfig.8 +.SH TRADUCTION +Nicolas FRANÇOIS, 2004. +Veuillez signaler toute erreur à <\fIdebian\-l10\-french@lists.debian.org\fR>. -Index: shadow-4.1.0/man/ja/shadowconfig.8 -=================================================================== --- /dev/null -+++ shadow-4.1.0/man/ja/shadowconfig.8 ++++ b/man/ja/shadowconfig.8 @@ -0,0 +1,25 @@ +.\" all right reserved, +.\" Translated Tue Oct 30 11:59:11 JST 2001 @@ -167,10 +159,8 @@ Index: shadow-4.1.0/man/ja/shadowconfig.8 + +.I /usr/share/doc/passwd/README.debian.gz +には shadow パスワードとそれに関する特徴の簡単な紹介が書かれている。 -Index: shadow-4.1.0/man/pl/shadowconfig.8 -=================================================================== --- /dev/null -+++ shadow-4.1.0/man/pl/shadowconfig.8 ++++ b/man/pl/shadowconfig.8 @@ -0,0 +1,27 @@ +.\" $Id: shadowconfig.8,v 1.3 2001/08/23 23:10:51 kloczek Exp $ +.\" {PTM/WK/1999-09-14} diff --git a/debian/patches/505_useradd_recommend_adduser b/debian/patches/505_useradd_recommend_adduser index b6d5654e..0c3f247b 100644 --- a/debian/patches/505_useradd_recommend_adduser +++ b/debian/patches/505_useradd_recommend_adduser @@ -4,11 +4,9 @@ Fixes: #406046 Status wrt upstream: Debian specific patch. -Index: shadow-4.1.0/man/useradd.8.xml -=================================================================== ---- shadow-4.1.0.orig/man/useradd.8.xml -+++ shadow-4.1.0/man/useradd.8.xml -@@ -45,6 +45,12 @@ +--- a/man/useradd.8.xml ++++ b/man/useradd.8.xml +@@ -78,6 +78,12 @@ DESCRIPTION @@ -19,13 +17,11 @@ Index: shadow-4.1.0/man/useradd.8.xml + + When invoked without the option, the - useradd command creates a new user account using + useradd command creates a new user account using the values specified on the command line plus the default values from -Index: shadow-4.1.0/man/userdel.8.xml -=================================================================== ---- shadow-4.1.0.orig/man/userdel.8.xml -+++ shadow-4.1.0/man/userdel.8.xml -@@ -30,6 +30,12 @@ +--- a/man/userdel.8.xml ++++ b/man/userdel.8.xml +@@ -59,6 +59,12 @@ DESCRIPTION diff --git a/debian/patches/506_relaxed_usernames b/debian/patches/506_relaxed_usernames index 0054b7c2..89a6b560 100755 --- a/debian/patches/506_relaxed_usernames +++ b/debian/patches/506_relaxed_usernames @@ -17,21 +17,19 @@ Details: than '-' as the leading character). Thus, the maintenance tools don't anymore. closes: #79682, #166798, #171179 -Index: shadow-4.1.0/libmisc/chkname.c -=================================================================== ---- shadow-4.1.0.orig/libmisc/chkname.c -+++ shadow-4.1.0/libmisc/chkname.c -@@ -17,6 +17,7 @@ - #endif - static int good_name (const char *name) +--- a/libmisc/chkname.c ++++ b/libmisc/chkname.c +@@ -48,6 +48,7 @@ + + static bool is_valid_name (const char *name) { +#if 0 /* * User/group names must match [a-z_][a-z0-9_-]*[$] */ -@@ -30,6 +31,20 @@ - (*name == '$' && *(name + 1) == '\0'))) - return 0; +@@ -66,6 +67,20 @@ + return false; + } } +#endif + /* @@ -48,21 +46,19 @@ Index: shadow-4.1.0/libmisc/chkname.c + return 0; + while (*++name); - return 1; + return true; } -Index: shadow-4.1.0/man/useradd.8.xml -=================================================================== ---- shadow-4.1.0.orig/man/useradd.8.xml -+++ shadow-4.1.0/man/useradd.8.xml -@@ -195,6 +195,7 @@ - default is to not create the directory and to not copy any - files. +--- a/man/useradd.8.xml ++++ b/man/useradd.8.xml +@@ -197,6 +197,7 @@ + variable in + /etc/default/useradd, or -1 by default. + This option may not function correctly if the username has a / in it. -@@ -372,10 +373,15 @@ +@@ -607,12 +608,17 @@ @@ -71,19 +67,19 @@ Index: shadow-4.1.0/man/useradd.8.xml followed by lower case letters, digits, underscores, or dashes. They can end with a dollar sign. In regular expression terms: [a-z_][a-z0-9_-]*[$]? -+ -+ + + + On Debian, the only constraints are that usernames must neither start + with a dash ('-') nor contain a colon (':') or a whitespace (space:' ', + end of line: '\n', tabulation: '\t', etc.). ++ ++ + Usernames may only be up to 32 characters long. - -Index: shadow-4.1.1/man/groupadd.8.xml -=================================================================== ---- shadow-4.1.1.orig/man/groupadd.8.xml 2008-08-15 09:07:37.033120372 -0300 -+++ shadow-4.1.1/man/groupadd.8.xml 2008-08-15 09:10:24.961112507 -0300 -@@ -170,10 +170,15 @@ +--- a/man/groupadd.8.xml ++++ b/man/groupadd.8.xml +@@ -223,12 +223,17 @@ CAVEATS @@ -92,11 +88,13 @@ Index: shadow-4.1.1/man/groupadd.8.xml followed by lower case letters, digits, underscores, or dashes. They can end with a dollar sign. In regular expression terms: [a-z_][a-z0-9_-]*[$]? -+ -+ + + + On Debian, the only constraints are that usernames must neither start + with a dash ('-') nor contain a colon (':') or a whitespace (space:' ', + end of line: '\n', tabulation: '\t', etc.). ++ ++ + Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long. - Groupnames may only be up to 16 characters long. diff --git a/debian/patches/508_nologin_in_usr_sbin b/debian/patches/508_nologin_in_usr_sbin index f93642ea..f1247b9f 100644 --- a/debian/patches/508_nologin_in_usr_sbin +++ b/debian/patches/508_nologin_in_usr_sbin @@ -1,7 +1,5 @@ -Index: shadow-4.1.0/src/Makefile.am -=================================================================== ---- shadow-4.1.0.orig/src/Makefile.am -+++ shadow-4.1.0/src/Makefile.am +--- a/src/Makefile.am ++++ b/src/Makefile.am @@ -22,7 +22,6 @@ # $prefix/bin and $prefix/sbin, no install-data hacks...) diff --git a/debian/patches/523_su_arguments_are_concatenated b/debian/patches/523_su_arguments_are_concatenated index 003f0730..397fe498 100644 --- a/debian/patches/523_su_arguments_are_concatenated +++ b/debian/patches/523_su_arguments_are_concatenated @@ -8,11 +8,9 @@ Status wrt upstream: This is a Debian specific patch. Note: the fix of the man page is still missing. (to be taken from the trunk) -Index: shadow-4.1.0/src/su.c -=================================================================== ---- shadow-4.1.0.orig/src/su.c -+++ shadow-4.1.0/src/su.c -@@ -887,6 +887,35 @@ +--- a/src/su.c ++++ b/src/su.c +@@ -953,6 +953,35 @@ argv[0] = "-c"; argv[1] = command; } diff --git a/debian/patches/523_su_arguments_are_no_more_concatenated_by_default b/debian/patches/523_su_arguments_are_no_more_concatenated_by_default index 40213c6b..42e5fb16 100644 --- a/debian/patches/523_su_arguments_are_no_more_concatenated_by_default +++ b/debian/patches/523_su_arguments_are_no_more_concatenated_by_default @@ -8,13 +8,11 @@ Etch. Status wrt upstream: This patch is Debian specific. -Index: shadow-4.1.0/src/su.c -=================================================================== ---- shadow-4.1.0.orig/src/su.c -+++ shadow-4.1.0/src/su.c -@@ -76,6 +76,19 @@ +--- a/src/su.c ++++ b/src/su.c +@@ -86,6 +86,19 @@ /* If nonzero, change some environment vars to indicate the user su'd to. */ - static int change_environment; + static bool change_environment; +/* + * If nonzero, keep the old Debian behavior: @@ -31,8 +29,8 @@ Index: shadow-4.1.0/src/su.c + #ifdef USE_PAM static pam_handle_t *pamh = NULL; - static int caught = 0; -@@ -328,6 +341,8 @@ + static bool caught = false; +@@ -344,6 +357,8 @@ #endif #endif /* !USE_PAM */ @@ -40,9 +38,9 @@ Index: shadow-4.1.0/src/su.c + /* sanitize_env (); */ - setlocale (LC_ALL, ""); -@@ -891,7 +906,7 @@ - * resulted string is always given to the shell with its + (void) setlocale (LC_ALL, ""); +@@ -957,7 +972,7 @@ + * resulting string is always given to the shell with its * -c option. */ - { diff --git a/debian/patches/542_useradd-O_option b/debian/patches/542_useradd-O_option index 5508dfa1..44b24348 100644 --- a/debian/patches/542_useradd-O_option +++ b/debian/patches/542_useradd-O_option @@ -5,11 +5,9 @@ Note: useradd.8 needs to be regenerated. Status wrt upstream: not included as this is just specific backward compatibility for Debian -Index: shadow-4.1.0/man/useradd.8.xml -=================================================================== ---- shadow-4.1.0.orig/man/useradd.8.xml -+++ shadow-4.1.0/man/useradd.8.xml -@@ -224,6 +224,11 @@ +--- a/man/useradd.8.xml ++++ b/man/useradd.8.xml +@@ -300,6 +300,11 @@ UID_MIN=10,UID_MAX=499 doesn't work yet. @@ -21,11 +19,9 @@ Index: shadow-4.1.0/man/useradd.8.xml -Index: shadow-4.1.0/src/useradd.c -=================================================================== ---- shadow-4.1.0.orig/src/useradd.c -+++ shadow-4.1.0/src/useradd.c -@@ -1009,9 +1009,9 @@ +--- a/src/useradd.c ++++ b/src/useradd.c +@@ -996,9 +996,9 @@ }; while ((c = getopt_long (argc, argv, #ifdef WITH_SELINUX @@ -37,8 +33,8 @@ Index: shadow-4.1.0/src/useradd.c #endif long_options, NULL)) != -1) { switch (c) { -@@ -1125,6 +1125,7 @@ - kflg++; +@@ -1120,6 +1120,7 @@ + kflg = true; break; case 'K': + case 'O': /* compatibility with previous Debian useradd */