Update changelog for 1:4.13+dfsg1-5 release

Signed-off-by: Serge Hallyn <serge@hallyn.com>

debian/NEWS

@@ -1,3 +1,11 @@
+shadow (1:4.13+dfsg1-2) unstable; urgency=medium
+
+  The previous entry falsely states that PREVENT_NO_AUTH in /etc/login.defs
+  affects authentication.  The historical default of letting all users with
+  empty password field in without authentication is still in effect.
+
+ -- Balint Reczey <balint@balintreczey.hu>  Mon, 25 Sep 2023 17:04:09 +0200
+
 shadow (1:4.11.1+dfsg1-0exp1) experimental; urgency=medium
 
   Login now prevents an empty password field to be interpreted as

debian/changelog

@@ -1,3 +1,52 @@
+shadow (1:4.13+dfsg1-5) unstable; urgency=medium
+
+  * Add myself to Uploaders, per discussion with Serge Hallyn
+  * Apply wrap-and-sort -kas style
+  * Use debputy to avoid Rules-Requires-Root: binary-targets
+  * libsubid4: tighten package-internal dependencies
+
+  [ Serge Hallyn ]
+  * Drop pam_lastlog.so from config. (Closes: #1068229)
+  * Stop installing lastlog binary.
+
+ -- Chris Hofstaedtler <zeha@debian.org>  Sun, 02 Jun 2024 20:01:51 +0200
+
+shadow (1:4.13+dfsg1-4) unstable; urgency=medium
+
+  [ Helmut Grohne ]
+  * DEP17: Move login and shadowconfig to /usr. (Closes: #1059915)
+
+ -- Serge Hallyn <serge@hallyn.com>  Sun, 04 Feb 2024 20:28:27 +0000
+
+shadow (1:4.13+dfsg1-3) unstable; urgency=medium
+
+  * Team upload
+  * Remove myself from uploaders
+
+ -- Balint Reczey <balint@balintreczey.hu>  Sun, 15 Oct 2023 19:10:52 +0200
+
+shadow (1:4.13+dfsg1-2) unstable; urgency=medium
+
+  [ Balint Reczey ]
+  * debian/gitlab-ci.yml: Use sudo to fix reprotest test
+  * debian/login.pam: Drop reference to Debian Etch (Closes: #1040064)
+  * debian/NEWS: Fix false claim about PREVENT_NO_AUTH affecting authentication.
+    Also drop setting PREVENT_NO_AUTH in shipped login.defs. (Closes: #1041547)
+  * Cherry-pick upstream patch to fix gpasswd passwd leak
+    (CVE-2023-4641) (Closes: #1051062)
+  * Cherry-pick upstream patch to fix chfn vulnerability allowing injection of
+    control characters into some /etc/passwd fields.
+    (CVE-2023-29383) (Closes: #1034482)
+
+  [ Gioele Barabucci ]
+  * Support <nodoc> build profile
+    `xsltproc`, `docbook` and all other XML-related packages are not needed
+    when the `<nodoc>` build profile is active, as long as `./configure` is
+    called with `--disable-man`. (Closes: #1051827)
+
+
+ -- Balint Reczey <balint@balintreczey.hu>  Tue, 26 Sep 2023 22:01:52 +0200
+
 shadow (1:4.13+dfsg1-1) unstable; urgency=medium
 
   [ Balint Reczey ]

debian/control

@@ -1,36 +1,39 @@
 Source: shadow
 Maintainer: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
-Uploaders: Balint Reczey <balint@balintreczey.hu>,
-           Serge Hallyn <serge@hallyn.com>
+Uploaders:
+ Serge Hallyn <serge@hallyn.com>,
+ Chris Hofstaedtler <zeha@debian.org>
 Section: admin
 Priority: required
-Build-Depends: debhelper-compat (= 13),
-               gettext,
-               libcrypt-dev,
-               libpam0g-dev,
-               quilt,
-               xsltproc,
-               docbook-xsl,
-               docbook-xml,
-               libxml2-utils,
-               libselinux1-dev [linux-any],
-               libsemanage-dev [linux-any],
-               itstool,
-               bison,
-               libaudit-dev [linux-any]
+Build-Depends:
+ bison,
+ debhelper-compat (= 13),
+ dh-sequence-zz-debputy-rrr (>= 0.1.23~),
+ docbook-xml <!nodoc>,
+ docbook-xsl <!nodoc>,
+ gettext,
+ itstool <!nodoc>,
+ libaudit-dev [linux-any],
+ libcrypt-dev,
+ libpam0g-dev,
+ libselinux1-dev [linux-any],
+ libsemanage-dev [linux-any],
+ libxml2-utils <!nodoc>,
+ quilt,
+ xsltproc <!nodoc>
 Standards-Version: 4.6.1
 Vcs-Git: https://salsa.debian.org/debian/shadow.git -b master
 Vcs-Browser: https://salsa.debian.org/debian/shadow
 Homepage: https://github.com/shadow-maint/shadow
-Rules-Requires-Root: binary-targets
+Rules-Requires-Root: no
 
 Package: passwd
 Architecture: any
 Multi-Arch: foreign
-Depends: ${shlibs:Depends},
-         ${misc:Depends},
-         libpam-modules
-Recommends: sensible-utils
+Depends:
+ libpam-modules
+Recommends:
+ sensible-utils
 Description: change and administer password and group data
  This package includes passwd, chsh, chfn, and many other programs to
  maintain password and group data.
@@ -41,13 +44,15 @@ Package: login
 Architecture: any
 Multi-Arch: foreign
 Essential: yes
-Pre-Depends: ${shlibs:Depends},
-             ${misc:Depends},
-             libpam-runtime,
-             libpam-modules
-Breaks: hurd (<< 20140206~) [hurd-any]
-Conflicts: python-4suite (<< 0.99cvs20060405-1)
-Replaces: hurd (<< 20140206~) [hurd-any]
+Pre-Depends:
+ libpam-modules,
+ libpam-runtime
+Breaks:
+ hurd (<< 20140206~) [hurd-any]
+Conflicts:
+ python-4suite (<< 0.99cvs20060405-1)
+Replaces:
+ hurd (<< 20140206~) [hurd-any]
 Description: system login tools
  This package provides some required infrastructure for logins and for
  changing effective user or group IDs, including:
@@ -58,8 +63,6 @@ Package: uidmap
 Architecture: any
 Multi-Arch: foreign
 Priority: optional
-Depends: ${shlibs:Depends},
-         ${misc:Depends}
 Description: programs to help use subuids
  These programs help unprivileged users to create uid and gid mappings in
  user namespaces.
@@ -69,8 +72,6 @@ Section: libs
 Priority: optional
 Architecture: any
 Multi-Arch: same
-Pre-Depends: ${misc:Pre-Depends}
-Depends: ${shlibs:Depends}, ${misc:Depends}
 Description: subordinate id handling library -- shared library
  The library provides an interface for querying, granding and ungranting
  subordinate user and group ids.
@@ -80,7 +81,8 @@ Section: libdevel
 Priority: optional
 Architecture: any
 Multi-Arch: same
-Depends: ${misc:Depends}, libsubid4 (= ${binary:Version})
+Depends:
+ libsubid4 (= ${binary:Version})
 Description: subordinate id handling library -- shared library
  The library provides an interface for querying, granding and ungranting
  subordinate user and group ids.

debian/debputy.manifest

@@ -0,0 +1,37 @@
+manifest-version: '0.1'
+packages:
+  passwd:
+    transformations:
+    - path-metadata:
+        path: usr/bin/chfn
+        mode: "u=rwxs,go=rx"
+    - path-metadata:
+        path: usr/bin/chsh
+        mode: "u=rwxs,go=rx"
+    - path-metadata:
+        path: usr/bin/gpasswd
+        mode: "u=rwxs,go=rx"
+    - path-metadata:
+        path: usr/bin/passwd
+        mode: "u=rwxs,go=rx"
+    - path-metadata:
+        path: usr/bin/chage
+        group: "shadow"
+        mode: "u=rwx,go=rxs"
+    - path-metadata:
+        path: usr/bin/expiry
+        group: "shadow"
+        mode: "u=rwx,go=rxs"
+  login:
+    transformations:
+    - path-metadata:
+        path: usr/bin/newgrp
+        mode: "u=rwxs,go=rx"
+  uidmap:
+    transformations:
+    - path-metadata:
+        path: usr/bin/newgidmap
+        mode: "u=rwxs,go=rx"
+    - path-metadata:
+        path: usr/bin/newuidmap
+        mode: "u=rwxs,go=rx"

debian/gitlab-ci.yml

@@ -1,5 +1,7 @@
 variables:
- RELEASE: 'unstable'
+  RELEASE: 'unstable'
+  # workaround for https://salsa.debian.org/salsa-ci-team/pipeline/-/issues/259
+  SALSA_CI_REPROTEST_ARGS: --vary=domain_host.use_sudo=1
 include:
  - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
  - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml

debian/login.defs

@@ -337,14 +337,6 @@ NONEXISTENT	/nonexistent
 #
 #GRANT_AUX_GROUP_SUBIDS yes
 
-#
-# Prevents an empty password field to be interpreted as "no authentication
-# required".
-# Set to "yes" to prevent for all accounts
-# Set to "superuser" to prevent for UID 0 / root (default)
-# Set to "no" to not prevent for any account (dangerous, historical default)
-PREVENT_NO_AUTH superuser
-
 #
 # Select the HMAC cryptography algorithm.
 # Used in pam_timestamp module to calculate the keyed-hash message

debian/login.install

@@ -1,7 +1,6 @@
+bin/login usr/bin
 debian/login.defs etc
-usr/share/locale/*/LC_MESSAGES/shadow.mo
 sbin/nologin usr/sbin
 usr/bin/faillog
-usr/bin/lastlog
 usr/bin/newgrp
-bin/login
+usr/share/locale/*/LC_MESSAGES/shadow.mo

debian/login.manpages

@@ -4,7 +4,6 @@ usr/share/man/*/man1/sg.1
 usr/share/man/*/man5/faillog.5
 usr/share/man/*/man5/login.defs.5
 usr/share/man/*/man8/faillog.8
-usr/share/man/*/man8/lastlog.8
 usr/share/man/*/man8/nologin.8
 usr/share/man/man1/login.1
 usr/share/man/man1/newgrp.1
@@ -12,5 +11,4 @@ usr/share/man/man1/sg.1
 usr/share/man/man5/faillog.5
 usr/share/man/man5/login.defs.5
 usr/share/man/man8/faillog.8
-usr/share/man/man8/lastlog.8
 usr/share/man/man8/nologin.8

debian/login.pam

@@ -49,7 +49,7 @@ session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux
 # 
 # parsing /etc/environment needs "readenv=1"
 session       required   pam_env.so readenv=1
-# locale variables are also kept into /etc/default/locale in etch
+# locale variables can also be set in /etc/default/locale
 # reading this file *in addition to /etc/environment* does not hurt
 session       required   pam_env.so readenv=1 envfile=/etc/default/locale
 
@@ -77,10 +77,6 @@ auth       optional   pam_group.so
 # (Replaces the use of /etc/limits in old login)
 session    required   pam_limits.so
 
-# Prints the last login info upon successful login
-# (Replaces the `LASTLOG_ENAB' option from login.defs)
-session    optional   pam_lastlog.so
-
 # Prints the status of the user's mailbox upon successful login
 # (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
 #

debian/not-installed

@@ -15,6 +15,7 @@ etc/pam.d/passwd
 etc/pam.d/useradd
 etc/pam.d/userdel
 etc/pam.d/usermod
+usr/bin/lastlog
 usr/bin/sg
 usr/lib/*/libsubid.la
 usr/sbin/logoutd
@@ -25,6 +26,7 @@ usr/share/man/*/man1/su.1
 usr/share/man/*/man3/getspnam.3
 usr/share/man/*/man3/shadow.3
 usr/share/man/*/man5/suauth.5
+usr/share/man/*/man8/lastlog.8
 usr/share/man/*/man8/logoutd.8
 usr/share/man/man1/groups.1
 usr/share/man/man1/logoutd.1
@@ -32,5 +34,6 @@ usr/share/man/man1/su.1
 usr/share/man/man3/getspnam.3
 usr/share/man/man3/shadow.3
 usr/share/man/man5/suauth.5
+usr/share/man/man8/lastlog.8
 usr/share/man/man8/logoutd.8
 

debian/passwd.dirs

@@ -1,2 +1,2 @@
-usr/share/lintian/overrides
 etc/default
+usr/share/lintian/overrides

debian/passwd.install

@@ -1,18 +1,18 @@
 debian/default/useradd etc/default
-debian/shadowconfig sbin
+debian/shadowconfig usr/sbin
 usr/bin/chage
 usr/bin/chfn
 usr/bin/chsh
 usr/bin/expiry
 usr/bin/gpasswd
 usr/bin/passwd
-usr/sbin/chpasswd
 usr/sbin/chgpasswd
+usr/sbin/chpasswd
 usr/sbin/cppw
 usr/sbin/groupadd
 usr/sbin/groupdel
-usr/sbin/groupmod
 usr/sbin/groupmems
+usr/sbin/groupmod
 usr/sbin/grpck
 usr/sbin/grpconv
 usr/sbin/grpunconv

debian/passwd.links

@@ -1,2 +1,2 @@
-usr/sbin/vipw usr/sbin/vigr
 usr/sbin/cppw usr/sbin/cpgr
+usr/sbin/vipw usr/sbin/vigr

debian/passwd.manpages

@@ -6,17 +6,17 @@ usr/share/man/*/man1/chsh.1
 usr/share/man/*/man1/expiry.1
 usr/share/man/*/man1/gpasswd.1
 usr/share/man/*/man1/passwd.1
+usr/share/man/*/man5/gshadow.5
 usr/share/man/*/man5/passwd.5
+usr/share/man/*/man5/shadow.5
 usr/share/man/*/man5/subgid.5
 usr/share/man/*/man5/subuid.5
-usr/share/man/*/man5/shadow.5
-usr/share/man/*/man5/gshadow.5
-usr/share/man/*/man8/chpasswd.8
 usr/share/man/*/man8/chgpasswd.8
+usr/share/man/*/man8/chpasswd.8
 usr/share/man/*/man8/groupadd.8
 usr/share/man/*/man8/groupdel.8
-usr/share/man/*/man8/groupmod.8
 usr/share/man/*/man8/groupmems.8
+usr/share/man/*/man8/groupmod.8
 usr/share/man/*/man8/grpck.8
 usr/share/man/*/man8/grpconv.8
 usr/share/man/*/man8/grpunconv.8
@@ -35,11 +35,11 @@ usr/share/man/man1/chsh.1
 usr/share/man/man1/expiry.1
 usr/share/man/man1/gpasswd.1
 usr/share/man/man1/passwd.1
+usr/share/man/man5/gshadow.5
 usr/share/man/man5/passwd.5
 usr/share/man/man5/shadow.5
-usr/share/man/man5/gshadow.5
-usr/share/man/man5/subuid.5
 usr/share/man/man5/subgid.5
+usr/share/man/man5/subuid.5
 usr/share/man/man8/chgpasswd.8
 usr/share/man/man8/chpasswd.8
 usr/share/man/man8/groupadd.8

debian/patches/0001-gpasswd-1-Fix-password-leak.patch

@@ -0,0 +1,137 @@
+From 65c88a43a23c2391dcc90c0abda3e839e9c57904 Mon Sep 17 00:00:00 2001
+From: Alejandro Colomar <alx@kernel.org>
+Date: Sat, 10 Jun 2023 16:20:05 +0200
+Subject: [PATCH] gpasswd(1): Fix password leak
+
+How to trigger this password leak?
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+When gpasswd(1) asks for the new password, it asks twice (as is usual
+for confirming the new password).  Each of those 2 password prompts
+uses agetpass() to get the password.  If the second agetpass() fails,
+the first password, which has been copied into the 'static' buffer
+'pass' via STRFCPY(), wasn't being zeroed.
+
+agetpass() is defined in <./libmisc/agetpass.c> (around line 91), and
+can fail for any of the following reasons:
+
+-  malloc(3) or readpassphrase(3) failure.
+
+   These are going to be difficult to trigger.  Maybe getting the system
+   to the limits of memory utilization at that exact point, so that the
+   next malloc(3) gets ENOMEM, and possibly even the OOM is triggered.
+   About readpassphrase(3), ENFILE and EINTR seem the only plausible
+   ones, and EINTR probably requires privilege or being the same user;
+   but I wouldn't discard ENFILE so easily, if a process starts opening
+   files.
+
+-  The password is longer than PASS_MAX.
+
+   The is plausible with physical access.  However, at that point, a
+   keylogger will be a much simpler attack.
+
+And, the attacker must be able to know when the second password is being
+introduced, which is not going to be easy.
+
+How to read the password after the leak?
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Provoking the leak yourself at the right point by entering a very long
+password is easy, and inspecting the process stack at that point should
+be doable.  Try to find some consistent patterns.
+
+Then, search for those patterns in free memory, right after the victim
+leaks their password.
+
+Once you get the leak, a program should read all the free memory
+searching for patterns that gpasswd(1) leaves nearby the leaked
+password.
+
+On 6/10/23 03:14, Seth Arnold wrote:
+> An attacker process wouldn't be able to use malloc(3) for this task.
+> There's a handful of tools available for userspace to allocate memory:
+>
+> -  brk / sbrk
+> -  mmap MAP_ANONYMOUS
+> -  mmap /dev/zero
+> -  mmap some other file
+> -  shm_open
+> -  shmget
+>
+> Most of these return only pages of zeros to a process.  Using mmap of an
+> existing file, you can get some of the contents of the file demand-loaded
+> into the memory space on the first use.
+>
+> The MAP_UNINITIALIZED flag only works if the kernel was compiled with
+> CONFIG_MMAP_ALLOW_UNINITIALIZED.  This is rare.
+>
+> malloc(3) doesn't zero memory, to our collective frustration, but all the
+> garbage in the allocations is from previous allocations in the current
+> process.  It isn't leftover from other processes.
+>
+> The avenues available for reading the memory:
+> -  /dev/mem and /dev/kmem (requires root, not available with Secure Boot)
+> -  /proc/pid/mem (requires ptrace privileges, mediated by YAMA)
+> -  ptrace (requires ptrace privileges, mediated by YAMA)
+> -  causing memory to be swapped to disk, and then inspecting the swap
+>
+> These all require a certain amount of privileges.
+
+How to fix it?
+~~~~~~~~~~~~~~
+
+memzero(), which internally calls explicit_bzero(3), or whatever
+alternative the system provides with a slightly different name, will
+make sure that the buffer is zeroed in memory, and optimizations are not
+allowed to impede this zeroing.
+
+This is not really 100% effective, since compilers may place copies of
+the string somewhere hidden in the stack.  Those copies won't get zeroed
+by explicit_bzero(3).  However, that's arguably a compiler bug, since
+compilers should make everything possible to avoid optimizing strings
+that are later passed to explicit_bzero(3).  But we all know that
+sometimes it's impossible to have perfect knowledge in the compiler, so
+this is plausible.  Nevertheless, there's nothing we can do against such
+issues, except minimizing the time such passwords are stored in plain
+text.
+
+Security concerns
+~~~~~~~~~~~~~~~~~
+
+We believe this isn't easy to exploit.  Nevertheless, and since the fix
+is trivial, this fix should probably be applied soon, and backported to
+all supported distributions, to prevent someone else having more
+imagination than us to find a way.
+
+Affected versions
+~~~~~~~~~~~~~~~~~
+
+All.  Bug introduced in shadow 19990709.  That's the second commit in
+the git history.
+
+Fixes: 45c6603cc86c ("[svn-upgrade] Integrating new upstream version, shadow (19990709)")
+Reported-by: Alejandro Colomar <alx@kernel.org>
+Cc: Serge Hallyn <serge@hallyn.com>
+Cc: Iker Pedrosa <ipedrosa@redhat.com>
+Cc: Seth Arnold <seth.arnold@canonical.com>
+Cc: Christian Brauner <christian@brauner.io>
+Cc: Balint Reczey <rbalint@debian.org>
+Cc: Sam James <sam@gentoo.org>
+Cc: David Runge <dvzrv@archlinux.org>
+Cc: Andreas Jaeger <aj@suse.de>
+Cc: <~hallyn/shadow@lists.sr.ht>
+Signed-off-by: Alejandro Colomar <alx@kernel.org>
+---
+ src/gpasswd.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/src/gpasswd.c
++++ b/src/gpasswd.c
+@@ -896,6 +896,7 @@
+ 		strzero (cp);
+ 		cp = getpass (_("Re-enter new password: "));
+ 		if (NULL == cp) {
++			memzero (pass, sizeof pass);
+ 			exit (1);
+ 		}
+ 

debian/patches/0002-Added-control-character-check.patch

@@ -0,0 +1,45 @@
+From e5905c4b84d4fb90aefcd96ee618411ebfac663d Mon Sep 17 00:00:00 2001
+From: tomspiderlabs <128755403+tomspiderlabs@users.noreply.github.com>
+Date: Thu, 23 Mar 2023 23:39:38 +0000
+Subject: [PATCH] Added control character check
+
+Added control character check, returning -1 (to "err") if control characters are present.
+---
+ lib/fields.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/lib/fields.c b/lib/fields.c
+index 640be931..fb51b582 100644
+--- a/lib/fields.c
++++ b/lib/fields.c
+@@ -21,9 +21,9 @@
+  *
+  * The supplied field is scanned for non-printable and other illegal
+  * characters.
+- *  + -1 is returned if an illegal character is present.
+- *  +  1 is returned if no illegal characters are present, but the field
+- *       contains a non-printable character.
++ *  + -1 is returned if an illegal or control character is present.
++ *  +  1 is returned if no illegal or control characters are present,
++ *       but the field contains a non-printable character.
+  *  +  0 is returned otherwise.
+  */
+ int valid_field (const char *field, const char *illegal)
+@@ -45,10 +45,13 @@ int valid_field (const char *field, const char *illegal)
+ 	}
+ 
+ 	if (0 == err) {
+-		/* Search if there are some non-printable characters */
++		/* Search if there are non-printable or control characters */
+ 		for (cp = field; '\0' != *cp; cp++) {
+ 			if (!isprint (*cp)) {
+ 				err = 1;
++			}
++			if (!iscntrl (*cp)) {
++				err = -1;
+ 				break;
+ 			}
+ 		}
+-- 
+2.34.1
+

debian/patches/0003-Overhaul-valid_field.patch

@@ -0,0 +1,61 @@
+From 2eaea70111f65b16d55998386e4ceb4273c19eb4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
+Date: Fri, 31 Mar 2023 14:46:50 +0200
+Subject: [PATCH] Overhaul valid_field()
+
+e5905c4b ("Added control character check") introduced checking for
+control characters but had the logic inverted, so it rejects all
+characters that are not control ones.
+
+Cast the character to `unsigned char` before passing to the character
+checking functions to avoid UB.
+
+Use strpbrk(3) for the illegal character test and return early.
+---
+ lib/fields.c | 24 ++++++++++--------------
+ 1 file changed, 10 insertions(+), 14 deletions(-)
+
+diff --git a/lib/fields.c b/lib/fields.c
+index fb51b582..53929248 100644
+--- a/lib/fields.c
++++ b/lib/fields.c
+@@ -37,26 +37,22 @@ int valid_field (const char *field, const char *illegal)
+ 
+ 	/* For each character of field, search if it appears in the list
+ 	 * of illegal characters. */
++	if (illegal && NULL != strpbrk (field, illegal)) {
++		return -1;
++	}
++
++	/* Search if there are non-printable or control characters */
+ 	for (cp = field; '\0' != *cp; cp++) {
+-		if (strchr (illegal, *cp) != NULL) {
++		unsigned char c = *cp;
++		if (!isprint (c)) {
++			err = 1;
++		}
++		if (iscntrl (c)) {
+ 			err = -1;
+ 			break;
+ 		}
+ 	}
+ 
+-	if (0 == err) {
+-		/* Search if there are non-printable or control characters */
+-		for (cp = field; '\0' != *cp; cp++) {
+-			if (!isprint (*cp)) {
+-				err = 1;
+-			}
+-			if (!iscntrl (*cp)) {
+-				err = -1;
+-				break;
+-			}
+-		}
+-	}
+-
+ 	return err;
+ }
+ 
+-- 
+2.34.1
+

debian/patches/series

@@ -1,3 +1,10 @@
+# CVE-2023-4641
+0001-gpasswd-1-Fix-password-leak.patch
+
+# CVE-2023-29383
+0002-Added-control-character-check.patch
+0003-Overhaul-valid_field.patch
+
 # These patches are only for the testsuite:
 #900_testsuite_groupmems
 #901_testsuite_gcov

debian/rules

@@ -21,6 +21,10 @@ DEB_CONFIGURE_EXTRA_FLAGS := --without-libcrack \
 	--without-tcb \
 	 SHELL=/bin/sh
 
+ifneq ($(filter nodoc,$(DEB_BUILD_PROFILES)),)
+DEB_CONFIGURE_EXTRA_FLAGS += --disable-man
+endif
+
 # Set the default editor for vipw/vigr
 CFLAGS += -DDEFAULT_EDITOR="\"sensible-editor\""
 
@@ -38,7 +42,7 @@ endif
 	dh_install -a
 ifeq ($(DEB_HOST_ARCH_OS),hurd)
 	# /bin/login is provided by the hurd package.
-	rm -f debian/login/bin/login
+	rm -f debian/login/usr/bin/login
 endif
 
 override_dh_installpam:
@@ -51,25 +55,6 @@ override_dh_installpam:
 	dh_installpam -p passwd --name=chpasswd
 	dh_installpam -p passwd --name=newusers
 
-override_dh_builddeb-arch:
-	# uidmap
-	chmod u+s debian/uidmap/usr/bin/newuidmap
-	chmod u+s debian/uidmap/usr/bin/newgidmap
-	# login
-	# No real need for login to be setuid root
-	# chmod u+s debian/login/bin/login
-	chmod u+s debian/login/usr/bin/newgrp
-	# passwd
-	chmod u+s debian/passwd/usr/bin/chfn
-	chmod u+s debian/passwd/usr/bin/chsh
-	chmod u+s debian/passwd/usr/bin/gpasswd
-	chmod u+s debian/passwd/usr/bin/passwd
-	chgrp shadow debian/passwd/usr/bin/chage
-	chgrp shadow debian/passwd/usr/bin/expiry
-	chmod g+s debian/passwd/usr/bin/chage
-	chmod g+s debian/passwd/usr/bin/expiry
-	dh_builddeb -a
-
 override_dh_auto_clean:
 	sed -i 's/# Linux only # //' debian/login.pam
 	dh_auto_clean

debian/shlibs.local

@@ -0,0 +1 @@
+deb: libsubid 4 libsubid4 (= ${binary:Version})

debian/uidmap.install

@@ -1,3 +1,3 @@
 bin/getsubids usr/bin
-usr/bin/newuidmap
 usr/bin/newgidmap
+usr/bin/newuidmap