Compare commits
11 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 92410b1c76 | |||
| c91a226797 | |||
| b0619a14cd | |||
| 6605806a6d | |||
| e649b28033 | |||
| 4f3dfcdadd | |||
| ccaa7ea01e | |||
| 1eaf9012b1 | |||
| a5e0d00442 | |||
| ade65b0204 | |||
| a23a040247 |
Vendored
+9
@@ -1,3 +1,12 @@
|
||||
shadow (1:4.16.0-5) unstable; urgency=medium
|
||||
|
||||
/var/log/faillog and the programs to read it are no longer part since
|
||||
1:4.15.2-2.
|
||||
The file isn't cleaned up automatically, which should be done manually,
|
||||
unless it is still needed for special reasons.
|
||||
|
||||
-- Chris Hofstaedtler <zeha@debian.org> Sat, 16 Nov 2024 15:48:35 +0100
|
||||
|
||||
shadow (1:4.13+dfsg1-2) unstable; urgency=medium
|
||||
|
||||
The previous entry falsely states that PREVENT_NO_AUTH in /etc/login.defs
|
||||
|
||||
Vendored
+26
@@ -1,3 +1,29 @@
|
||||
shadow (1:4.16.0-7) unstable; urgency=medium
|
||||
|
||||
[ Florent 'Skia' Jacquet ]
|
||||
* d/patches: fix 'upstream' test suite
|
||||
|
||||
-- Chris Hofstaedtler <zeha@debian.org> Fri, 06 Dec 2024 13:51:40 +0100
|
||||
|
||||
shadow (1:4.16.0-6) unstable; urgency=medium
|
||||
|
||||
* Add NEWS entry about faillog (Closes: #1074320)
|
||||
|
||||
-- Chris Hofstaedtler <zeha@debian.org> Fri, 06 Dec 2024 13:29:54 +0100
|
||||
|
||||
shadow (1:4.16.0-5) unstable; urgency=medium
|
||||
|
||||
[ Chris Hofstaedtler ]
|
||||
* Always build with btrfs support on linux-any (Closes: #856557)
|
||||
* debputy.manifest: merge path-metadata entries
|
||||
* login.defs: remove info about write(1)
|
||||
Which is not part of Debian trixie. (Closes: #1087519)
|
||||
|
||||
[ Pino Toscano ]
|
||||
* Include <utmpx.h>, fixing the build on GNU/Hurd
|
||||
|
||||
-- Chris Hofstaedtler <zeha@debian.org> Fri, 15 Nov 2024 20:30:32 +0100
|
||||
|
||||
shadow (1:4.16.0-4) unstable; urgency=medium
|
||||
|
||||
* Drop Debian-only cppw, cpgr tools (Closes: #750752)
|
||||
|
||||
Vendored
+11
-19
@@ -3,30 +3,22 @@ packages:
|
||||
passwd:
|
||||
transformations:
|
||||
- path-metadata:
|
||||
path: usr/bin/chfn
|
||||
paths:
|
||||
- usr/bin/chfn
|
||||
- usr/bin/chsh
|
||||
- usr/bin/gpasswd
|
||||
- usr/bin/passwd
|
||||
mode: "u=rwxs,go=rx"
|
||||
- path-metadata:
|
||||
path: usr/bin/chsh
|
||||
mode: "u=rwxs,go=rx"
|
||||
- path-metadata:
|
||||
path: usr/bin/gpasswd
|
||||
mode: "u=rwxs,go=rx"
|
||||
- path-metadata:
|
||||
path: usr/bin/passwd
|
||||
mode: "u=rwxs,go=rx"
|
||||
- path-metadata:
|
||||
path: usr/bin/chage
|
||||
group: "shadow"
|
||||
mode: "u=rwx,go=rxs"
|
||||
- path-metadata:
|
||||
path: usr/bin/expiry
|
||||
paths:
|
||||
- usr/bin/chage
|
||||
- usr/bin/expiry
|
||||
group: "shadow"
|
||||
mode: "u=rwx,go=rxs"
|
||||
uidmap:
|
||||
transformations:
|
||||
- path-metadata:
|
||||
path: usr/bin/newgidmap
|
||||
mode: "u=rwxs,go=rx"
|
||||
- path-metadata:
|
||||
path: usr/bin/newuidmap
|
||||
paths:
|
||||
- usr/bin/newgidmap
|
||||
- usr/bin/newuidmap
|
||||
mode: "u=rwxs,go=rx"
|
||||
|
||||
+27
-24
@@ -5,12 +5,13 @@ Subject: Adapt login.defs for Debian
|
||||
Remove settings only applicable to shadow's su, which we do not use.
|
||||
Remove settings only applicable without PAM support enabled.
|
||||
Remove obscure commented-out settings.
|
||||
Remove explanation about write(1), which Debian does not ship anymore.
|
||||
---
|
||||
etc/login.defs | 372 ++++++++-------------------------------------------------
|
||||
1 file changed, 51 insertions(+), 321 deletions(-)
|
||||
etc/login.defs | 375 ++++++++-------------------------------------------------
|
||||
1 file changed, 47 insertions(+), 328 deletions(-)
|
||||
|
||||
diff --git a/etc/login.defs b/etc/login.defs
|
||||
index 33622c2..f44f381 100644
|
||||
index 33622c2..91d3ec4 100644
|
||||
--- a/etc/login.defs
|
||||
+++ b/etc/login.defs
|
||||
@@ -1,24 +1,38 @@
|
||||
@@ -176,7 +177,7 @@ index 33622c2..f44f381 100644
|
||||
#
|
||||
# If defined, file which inhibits all the usual chatter during the login
|
||||
# sequence. If a full pathname, then hushed mode will be enabled if the
|
||||
@@ -139,27 +55,12 @@ MAIL_DIR /var/spool/mail
|
||||
@@ -139,40 +55,21 @@ MAIL_DIR /var/spool/mail
|
||||
HUSHLOGIN_FILE .hushlogin
|
||||
#HUSHLOGIN_FILE /etc/hushlogins
|
||||
|
||||
@@ -205,22 +206,24 @@ index 33622c2..f44f381 100644
|
||||
+ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
|
||||
|
||||
#
|
||||
# Terminal permissions
|
||||
@@ -172,6 +73,13 @@ ENV_PATH PATH=/bin:/usr/bin
|
||||
# and TTYPERM as 0620. Otherwise leave TTYGROUP commented out and
|
||||
# set TTYPERM to either 622 or 600.
|
||||
-# Terminal permissions
|
||||
+# Terminal permissions for terminals after login(1).
|
||||
+# These settings are ignored for remote and other logins.
|
||||
#
|
||||
+# In Debian, write(1) similar programs are setgid tty.
|
||||
+# However, the default and recommended value for TTYPERM is still 0600
|
||||
+# to not allow anyone to write to anyone else console or terminal.
|
||||
+#
|
||||
+# Users can still allow other people to write them by issuing
|
||||
+# the "mesg y" command.
|
||||
+#
|
||||
TTYGROUP tty
|
||||
# TTYGROUP Login tty will be assigned this group ownership.
|
||||
# TTYPERM Login tty will be set to this permission.
|
||||
#
|
||||
-# If you have a write(1) program which is "setgid" to a special group
|
||||
-# which owns the terminals, define TTYGROUP as the number of such group
|
||||
-# and TTYPERM as 0620. Otherwise leave TTYGROUP commented out and
|
||||
-# set TTYPERM to either 622 or 600.
|
||||
-#
|
||||
-TTYGROUP tty
|
||||
+#TTYGROUP tty
|
||||
TTYPERM 0600
|
||||
|
||||
@@ -180,61 +88,35 @@ TTYPERM 0600
|
||||
#
|
||||
@@ -180,61 +77,35 @@ TTYPERM 0600
|
||||
#
|
||||
# ERASECHAR Terminal ERASE character ('\010' = backspace).
|
||||
# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
|
||||
@@ -285,7 +288,7 @@ index 33622c2..f44f381 100644
|
||||
# Extra per user uids
|
||||
SUB_UID_MIN 100000
|
||||
SUB_UID_MAX 600100000
|
||||
@@ -246,8 +128,8 @@ SUB_UID_COUNT 65536
|
||||
@@ -246,8 +117,8 @@ SUB_UID_COUNT 65536
|
||||
GID_MIN 1000
|
||||
GID_MAX 60000
|
||||
# System accounts
|
||||
@@ -296,7 +299,7 @@ index 33622c2..f44f381 100644
|
||||
# Extra per user group ids
|
||||
SUB_GID_MIN 100000
|
||||
SUB_GID_MAX 600100000
|
||||
@@ -255,6 +137,9 @@ SUB_GID_COUNT 65536
|
||||
@@ -255,6 +126,9 @@ SUB_GID_COUNT 65536
|
||||
|
||||
#
|
||||
# Max number of login(1) retries if password is bad
|
||||
@@ -306,7 +309,7 @@ index 33622c2..f44f381 100644
|
||||
#
|
||||
LOGIN_RETRIES 5
|
||||
|
||||
@@ -263,28 +148,6 @@ LOGIN_RETRIES 5
|
||||
@@ -263,28 +137,6 @@ LOGIN_RETRIES 5
|
||||
#
|
||||
LOGIN_TIMEOUT 60
|
||||
|
||||
@@ -335,7 +338,7 @@ index 33622c2..f44f381 100644
|
||||
#
|
||||
# Which fields may be changed by regular users using chfn(1) - use
|
||||
# any combination of letters "frwh" (full name, room number, work
|
||||
@@ -294,29 +157,6 @@ CHFN_AUTH yes
|
||||
@@ -294,29 +146,6 @@ CHFN_AUTH yes
|
||||
CHFN_RESTRICT rwh
|
||||
|
||||
#
|
||||
@@ -365,7 +368,7 @@ index 33622c2..f44f381 100644
|
||||
# If set to MD5, MD5-based algorithm will be used for encrypting password
|
||||
# If set to SHA256, SHA256-based algorithm will be used for encrypting password
|
||||
# If set to SHA512, SHA512-based algorithm will be used for encrypting password
|
||||
@@ -326,66 +166,10 @@ CHFN_RESTRICT rwh
|
||||
@@ -326,66 +155,10 @@ CHFN_RESTRICT rwh
|
||||
# MD5 and DES should not be used for new hashes, see crypt(5) for recommendations.
|
||||
# Overrides the MD5_CRYPT_ENAB option
|
||||
#
|
||||
@@ -434,7 +437,7 @@ index 33622c2..f44f381 100644
|
||||
|
||||
#
|
||||
# Should login be allowed if we can't cd to the home directory?
|
||||
@@ -401,12 +185,6 @@ DEFAULT_HOME yes
|
||||
@@ -401,12 +174,6 @@ DEFAULT_HOME yes
|
||||
#
|
||||
NONEXISTENT /nonexistent
|
||||
|
||||
@@ -447,7 +450,7 @@ index 33622c2..f44f381 100644
|
||||
#
|
||||
# If defined, this command is run when removing a user.
|
||||
# It should remove any at/cron/print jobs etc. owned by
|
||||
@@ -415,59 +193,11 @@ ENVIRON_FILE /etc/environment
|
||||
@@ -415,59 +182,11 @@ ENVIRON_FILE /etc/environment
|
||||
#USERDEL_CMD /usr/sbin/userdel_local
|
||||
|
||||
#
|
||||
|
||||
@@ -19,4 +19,4 @@ index 79c2fc9..bf2699f 100644
|
||||
+basedir := $(BUILD_BASE_DIR)
|
||||
|
||||
test_nss: test_nss.c $(basedir)/lib/nss.c
|
||||
gcc -c -I$(basedir)/lib/ -I$(basedir)-o test_nss.o test_nss.c
|
||||
gcc -c -I$(basedir)/lib/ -I$(basedir) -o test_nss.o test_nss.c
|
||||
|
||||
Vendored
+1
@@ -9,3 +9,4 @@ debian/tests-libsubid-04_nss-fix-setting-basedir.patch
|
||||
debian/Adapt-login.defs-for-Debian.patch
|
||||
debian/Define-LOGIN_NAME_MAX-on-HURD.patch
|
||||
debian/Stop-building-programs-we-do-not-install.patch
|
||||
upstream/lib-user_busy.c-Include-utmpx.h.patch
|
||||
|
||||
@@ -0,0 +1,27 @@
|
||||
From: Pino Toscano <toscano.pino@tiscali.it>
|
||||
Date: Tue, 10 Sep 2024 14:36:49 +0200
|
||||
Subject: [PATCH] lib/user_busy.c: Include <utmpx.h>
|
||||
|
||||
Since:
|
||||
- utmpx APIs are used in non-Linux code blocks
|
||||
- <utmpx.h> is already unconditionally included in Linux parts in other
|
||||
files
|
||||
then unconditionally include it in this file as well.
|
||||
|
||||
Signed-off-by: Pino Toscano <toscano.pino@tiscali.it>
|
||||
---
|
||||
lib/user_busy.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/lib/user_busy.c b/lib/user_busy.c
|
||||
index a622376..b559405 100644
|
||||
--- a/lib/user_busy.c
|
||||
+++ b/lib/user_busy.c
|
||||
@@ -17,6 +17,7 @@
|
||||
#include <dirent.h>
|
||||
#include <fcntl.h>
|
||||
#include <unistd.h>
|
||||
+#include <utmpx.h>
|
||||
#include "defines.h"
|
||||
#include "prototypes.h"
|
||||
#ifdef ENABLE_SUBIDS
|
||||
@@ -80,7 +80,7 @@ index dd5acf7..79c2fc9 100644
|
||||
+basedir := $(BASE_TEST_DIR)
|
||||
+
|
||||
+test_nss: test_nss.c $(basedir)/lib/nss.c
|
||||
+ gcc -c -I$(basedir)/lib/ -I$(basedir)-o test_nss.o test_nss.c
|
||||
+ gcc -c -I$(basedir)/lib/ -I$(basedir) -o test_nss.o test_nss.c
|
||||
+ gcc -o test_nss test_nss.o $(basedir)/lib/.libs/libshadow.a -ldl
|
||||
|
||||
libsubid_zzz.so: libsubid_zzz.c
|
||||
|
||||
Vendored
+1
@@ -27,6 +27,7 @@ DEB_CONFIGURE_EXTRA_FLAGS := \
|
||||
|
||||
ifeq ($(DEB_HOST_ARCH_OS),linux)
|
||||
DEB_CONFIGURE_EXTRA_FLAGS += --with-audit
|
||||
DEB_CONFIGURE_EXTRA_FLAGS += --with-btrfs
|
||||
endif
|
||||
|
||||
ifneq ($(filter nodoc,$(DEB_BUILD_PROFILES)),)
|
||||
|
||||
Vendored
+40
@@ -0,0 +1,40 @@
|
||||
---
|
||||
include: https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
|
||||
|
||||
extract-source:
|
||||
extends: .provisioning-extract-source
|
||||
|
||||
variables:
|
||||
RELEASE: 'unstable'
|
||||
|
||||
build:
|
||||
extends: .build-package
|
||||
|
||||
test-build-any:
|
||||
extends: .test-build-package-any
|
||||
|
||||
test-build-all:
|
||||
extends: .test-build-package-all
|
||||
|
||||
lintian:
|
||||
extends: .test-lintian
|
||||
|
||||
autopkgtest:
|
||||
extends: .test-autopkgtest
|
||||
|
||||
blhc:
|
||||
extends: .test-blhc
|
||||
|
||||
reprotest:
|
||||
extends: .test-reprotest
|
||||
|
||||
variables:
|
||||
SALSA_CI_ENABLE_BUILD_PACKAGE_PROFILES: 1
|
||||
|
||||
test-build-profiles:
|
||||
extends: .test-build-package-profiles
|
||||
parallel:
|
||||
matrix:
|
||||
- BUILD_PROFILES: nocheck
|
||||
- BUILD_PROFILES: nodoc
|
||||
|
||||
Reference in New Issue
Block a user