Compare commits

...

4 Commits

Author SHA1 Message Date
Chris Hofstaedtler 302d4ef809 Update changelog for 1:4.17.3-2 release 2025-03-16 14:52:53 +01:00
Chris Hofstaedtler 73d57c09a1 d/gbp.conf: enable pristine-tar 2025-03-16 14:52:53 +01:00
Chris Hofstaedtler 6360940c7f Refresh patches 2025-03-16 13:48:32 +01:00
Chris Hofstaedtler 0e6f426896 Do not warn about useradd --system with Debian-globally allocated uids 2025-03-16 13:48:32 +01:00
7 changed files with 70 additions and 22 deletions
+8
View File
@@ -1,3 +1,11 @@
shadow (1:4.17.3-2) unstable; urgency=medium
* Do not warn about useradd --system with Debian-globally allocated uids
(Closes: #1100563)
* Refresh patches
-- Chris Hofstaedtler <zeha@debian.org> Sun, 16 Mar 2025 13:39:58 +0100
shadow (1:4.17.3-1) unstable; urgency=medium
* New upstream version 4.17.3
+5
View File
@@ -1,2 +1,7 @@
[DEFAULT]
upstream-branch = upstream
pristine-tar = True
sign-tags = True
[pq]
patch-numbers = False
+13 -16
View File
@@ -7,8 +7,8 @@ Remove settings only applicable without PAM support enabled.
Remove obscure commented-out settings.
Remove explanation about write(1), which Debian does not ship anymore.
---
etc/login.defs | 375 ++++++++-------------------------------------------------
1 file changed, 47 insertions(+), 328 deletions(-)
etc/login.defs | 369 +++++++--------------------------------------------------
1 file changed, 44 insertions(+), 325 deletions(-)
diff --git a/etc/login.defs b/etc/login.defs
index 33622c2..91d3ec4 100644
@@ -21,22 +21,14 @@ index 33622c2..91d3ec4 100644
-# $Id$
-#
-#
-# Delay in seconds before being allowed another attempt after a login failure
-# Note: When PAM is used, some modules may enforce a minimum delay (e.g.
-# pam_unix(8) enforces a 2s delay)
-#
-FAIL_DELAY 3
-
-#
-# Enable logging and display of /var/log/faillog login(1) failure info.
-#
-FAILLOG_ENAB yes
+# REQUIRED for useradd/userdel/usermod
+# Directory where mailboxes reside, _or_ name of file, relative to the
+# home directory. If you _do_ define MAIL_DIR and MAIL_FILE,
+# MAIL_DIR takes precedence.
+#
#
-# Delay in seconds before being allowed another attempt after a login failure
-# Note: When PAM is used, some modules may enforce a minimum delay (e.g.
-# pam_unix(8) enforces a 2s delay)
+# Essentially:
+# - MAIL_DIR defines the location of users mail spool files
+# (for mbox use) by appending the username to MAIL_DIR as defined
@@ -44,13 +36,18 @@ index 33622c2..91d3ec4 100644
+# - MAIL_FILE defines the location of the users mail spool files as the
+# fully-qualified filename obtained by prepending the user home
+# directory before $MAIL_FILE
+#
#
-FAIL_DELAY 3
-
+# NOTE: This is no more used for setting up users MAIL environment variable
+# which is, starting from shadow 4.0.12-1 in Debian, entirely the
+# job of the pam_mail PAM modules
+# See default PAM configuration files provided for
+# login, su, etc.
+#
#
-# Enable logging and display of /var/log/faillog login(1) failure info.
-#
-FAILLOG_ENAB yes
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
@@ -0,0 +1,37 @@
From: Chris Hofstaedtler <zeha@debian.org>
Date: Sun, 16 Mar 2025 13:29:45 +0100
Subject: Exclude Debian-globally allocated UIDs from sys_uid range warning
Bug: http://bugs.debian.org/1100563
---
src/useradd.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/src/useradd.c b/src/useradd.c
index 5e4eb2c..dd12cdf 100644
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -2430,14 +2430,21 @@ static void create_mail (void)
#endif
}
+/* See Debian Policy 9.2.2 "UID and GID classes"
+ * https://www.debian.org/doc/debian-policy/ch-opersys.html#uid-and-gid-classes
+ */
+#define DEBIAN_GLOBAL_UID_MIN ((uid_t)60000)
+#define DEBIAN_GLOBAL_UID_MAX ((uid_t)64999)
+
static void check_uid_range(int rflg, uid_t user_id)
{
uid_t uid_min ;
uid_t uid_max ;
if (rflg) {
uid_max = getdef_ulong("SYS_UID_MAX",getdef_ulong("UID_MIN",1000UL)-1);
- if (user_id > uid_max) {
- fprintf(stderr, _("%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"), Prog, user_name, user_id, uid_max);
+ if (user_id > uid_max
+ && (!(user_id >= DEBIAN_GLOBAL_UID_MIN && user_id <= DEBIAN_GLOBAL_UID_MAX))) {
+ fprintf(stderr, _("%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"), Prog, user_name, user_id, uid_max);
}
}else{
uid_min = getdef_ulong("UID_MIN", 1000UL);
@@ -57,7 +57,7 @@ index b485a5a..e20be0f 100644
case 'h':
usage (E_SUCCESS);
diff --git a/src/useradd.c b/src/useradd.c
index 5e4eb2c..be9ec2e 100644
index dd12cdf..ba0eb50 100644
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -895,7 +895,7 @@ static void usage (int status)
+1
View File
@@ -1,5 +1,6 @@
debian/Set-group-and-mode-for-g-shadow-files.patch
debian/Keep-using-Debian-adduser-defaults.patch
debian/Exclude-Debian-globally-allocated-UIDs-from-sys_uid-range.patch
debian/Document-the-shadowconfig-utility.patch
debian/Recommend-using-adduser-and-deluser.patch
debian/tests-disable-su.patch
@@ -30,17 +30,17 @@ index 4c96fba..f06cb44 100644
*/
static char *copy_field (char *in, char *out, char *extra)
{
- while (NULL != in) {
- char *f;
+ char *cp = NULL;
- f = strsep(&in, ",");
+ while (NULL != in) {
+
while (NULL != in) {
- char *f;
+ cp = strchr (in, ',');
+ if (NULL != cp) {
+ *cp++ = '\0';
+ }
- f = strsep(&in, ",");
-
- if (strchr(f, '=') == NULL)
+ if (strchr (in, '=') == NULL) {
break;