Compare commits
17 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 9698b06fef | |||
| 406dd68863 | |||
| 2ff04fd9b5 | |||
| 97a3bc0c43 | |||
| 485b374d09 | |||
| 25f0b936c0 | |||
| 776d4d23ac | |||
| 9f285306f3 | |||
| f569ea06ff | |||
| 50defcfa5d | |||
| 56c7502686 | |||
| 7c66acdd2e | |||
| 4806645316 | |||
| 05a41bc4d5 | |||
| 75eb241552 | |||
| d7ce68863e | |||
| 095f9d48ef |
Vendored
+8
@@ -1,3 +1,11 @@
|
|||||||
|
shadow (1:4.13+dfsg1-2) unstable; urgency=medium
|
||||||
|
|
||||||
|
The previous entry falsely states that PREVENT_NO_AUTH in /etc/login.defs
|
||||||
|
affects authentication. The historical default of letting all users with
|
||||||
|
empty password field in without authentication is still in effect.
|
||||||
|
|
||||||
|
-- Balint Reczey <balint@balintreczey.hu> Mon, 25 Sep 2023 17:04:09 +0200
|
||||||
|
|
||||||
shadow (1:4.11.1+dfsg1-0exp1) experimental; urgency=medium
|
shadow (1:4.11.1+dfsg1-0exp1) experimental; urgency=medium
|
||||||
|
|
||||||
Login now prevents an empty password field to be interpreted as
|
Login now prevents an empty password field to be interpreted as
|
||||||
|
|||||||
Vendored
+42
@@ -1,3 +1,45 @@
|
|||||||
|
shadow (1:4.13+dfsg1-4.1) unstable; urgency=medium
|
||||||
|
|
||||||
|
* Enhance the manpage for vipw (closes #1064940).
|
||||||
|
|
||||||
|
-- Toni Mueller <toni@debian.org> Thu, 29 Feb 2024 16:37:32 +0000
|
||||||
|
|
||||||
|
shadow (1:4.13+dfsg1-4) unstable; urgency=medium
|
||||||
|
|
||||||
|
[ Helmut Grohne ]
|
||||||
|
* DEP17: Move login and shadowconfig to /usr. (Closes: #1059915)
|
||||||
|
|
||||||
|
-- Serge Hallyn <serge@hallyn.com> Sun, 04 Feb 2024 20:28:27 +0000
|
||||||
|
|
||||||
|
shadow (1:4.13+dfsg1-3) unstable; urgency=medium
|
||||||
|
|
||||||
|
* Team upload
|
||||||
|
* Remove myself from uploaders
|
||||||
|
|
||||||
|
-- Balint Reczey <balint@balintreczey.hu> Sun, 15 Oct 2023 19:10:52 +0200
|
||||||
|
|
||||||
|
shadow (1:4.13+dfsg1-2) unstable; urgency=medium
|
||||||
|
|
||||||
|
[ Balint Reczey ]
|
||||||
|
* debian/gitlab-ci.yml: Use sudo to fix reprotest test
|
||||||
|
* debian/login.pam: Drop reference to Debian Etch (Closes: #1040064)
|
||||||
|
* debian/NEWS: Fix false claim about PREVENT_NO_AUTH affecting authentication.
|
||||||
|
Also drop setting PREVENT_NO_AUTH in shipped login.defs. (Closes: #1041547)
|
||||||
|
* Cherry-pick upstream patch to fix gpasswd passwd leak
|
||||||
|
(CVE-2023-4641) (Closes: #1051062)
|
||||||
|
* Cherry-pick upstream patch to fix chfn vulnerability allowing injection of
|
||||||
|
control characters into some /etc/passwd fields.
|
||||||
|
(CVE-2023-29383) (Closes: #1034482)
|
||||||
|
|
||||||
|
[ Gioele Barabucci ]
|
||||||
|
* Support <nodoc> build profile
|
||||||
|
`xsltproc`, `docbook` and all other XML-related packages are not needed
|
||||||
|
when the `<nodoc>` build profile is active, as long as `./configure` is
|
||||||
|
called with `--disable-man`. (Closes: #1051827)
|
||||||
|
|
||||||
|
|
||||||
|
-- Balint Reczey <balint@balintreczey.hu> Tue, 26 Sep 2023 22:01:52 +0200
|
||||||
|
|
||||||
shadow (1:4.13+dfsg1-1) unstable; urgency=medium
|
shadow (1:4.13+dfsg1-1) unstable; urgency=medium
|
||||||
|
|
||||||
[ Balint Reczey ]
|
[ Balint Reczey ]
|
||||||
|
|||||||
Vendored
+6
-7
@@ -1,7 +1,6 @@
|
|||||||
Source: shadow
|
Source: shadow
|
||||||
Maintainer: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
|
Maintainer: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
|
||||||
Uploaders: Balint Reczey <balint@balintreczey.hu>,
|
Uploaders: Serge Hallyn <serge@hallyn.com>
|
||||||
Serge Hallyn <serge@hallyn.com>
|
|
||||||
Section: admin
|
Section: admin
|
||||||
Priority: required
|
Priority: required
|
||||||
Build-Depends: debhelper-compat (= 13),
|
Build-Depends: debhelper-compat (= 13),
|
||||||
@@ -9,13 +8,13 @@ Build-Depends: debhelper-compat (= 13),
|
|||||||
libcrypt-dev,
|
libcrypt-dev,
|
||||||
libpam0g-dev,
|
libpam0g-dev,
|
||||||
quilt,
|
quilt,
|
||||||
xsltproc,
|
xsltproc <!nodoc>,
|
||||||
docbook-xsl,
|
docbook-xsl <!nodoc>,
|
||||||
docbook-xml,
|
docbook-xml <!nodoc>,
|
||||||
libxml2-utils,
|
libxml2-utils <!nodoc>,
|
||||||
libselinux1-dev [linux-any],
|
libselinux1-dev [linux-any],
|
||||||
libsemanage-dev [linux-any],
|
libsemanage-dev [linux-any],
|
||||||
itstool,
|
itstool <!nodoc>,
|
||||||
bison,
|
bison,
|
||||||
libaudit-dev [linux-any]
|
libaudit-dev [linux-any]
|
||||||
Standards-Version: 4.6.1
|
Standards-Version: 4.6.1
|
||||||
|
|||||||
Vendored
+3
-1
@@ -1,5 +1,7 @@
|
|||||||
variables:
|
variables:
|
||||||
RELEASE: 'unstable'
|
RELEASE: 'unstable'
|
||||||
|
# workaround for https://salsa.debian.org/salsa-ci-team/pipeline/-/issues/259
|
||||||
|
SALSA_CI_REPROTEST_ARGS: --vary=domain_host.use_sudo=1
|
||||||
include:
|
include:
|
||||||
- https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
|
- https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
|
||||||
- https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml
|
- https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml
|
||||||
|
|||||||
Vendored
-8
@@ -337,14 +337,6 @@ NONEXISTENT /nonexistent
|
|||||||
#
|
#
|
||||||
#GRANT_AUX_GROUP_SUBIDS yes
|
#GRANT_AUX_GROUP_SUBIDS yes
|
||||||
|
|
||||||
#
|
|
||||||
# Prevents an empty password field to be interpreted as "no authentication
|
|
||||||
# required".
|
|
||||||
# Set to "yes" to prevent for all accounts
|
|
||||||
# Set to "superuser" to prevent for UID 0 / root (default)
|
|
||||||
# Set to "no" to not prevent for any account (dangerous, historical default)
|
|
||||||
PREVENT_NO_AUTH superuser
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# Select the HMAC cryptography algorithm.
|
# Select the HMAC cryptography algorithm.
|
||||||
# Used in pam_timestamp module to calculate the keyed-hash message
|
# Used in pam_timestamp module to calculate the keyed-hash message
|
||||||
|
|||||||
Vendored
+1
-1
@@ -4,4 +4,4 @@ sbin/nologin usr/sbin
|
|||||||
usr/bin/faillog
|
usr/bin/faillog
|
||||||
usr/bin/lastlog
|
usr/bin/lastlog
|
||||||
usr/bin/newgrp
|
usr/bin/newgrp
|
||||||
bin/login
|
bin/login usr/bin
|
||||||
|
|||||||
Vendored
+1
-1
@@ -49,7 +49,7 @@ session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux
|
|||||||
#
|
#
|
||||||
# parsing /etc/environment needs "readenv=1"
|
# parsing /etc/environment needs "readenv=1"
|
||||||
session required pam_env.so readenv=1
|
session required pam_env.so readenv=1
|
||||||
# locale variables are also kept into /etc/default/locale in etch
|
# locale variables can also be set in /etc/default/locale
|
||||||
# reading this file *in addition to /etc/environment* does not hurt
|
# reading this file *in addition to /etc/environment* does not hurt
|
||||||
session required pam_env.so readenv=1 envfile=/etc/default/locale
|
session required pam_env.so readenv=1 envfile=/etc/default/locale
|
||||||
|
|
||||||
|
|||||||
Vendored
+1
-1
@@ -1,5 +1,5 @@
|
|||||||
debian/default/useradd etc/default
|
debian/default/useradd etc/default
|
||||||
debian/shadowconfig sbin
|
debian/shadowconfig usr/sbin
|
||||||
usr/bin/chage
|
usr/bin/chage
|
||||||
usr/bin/chfn
|
usr/bin/chfn
|
||||||
usr/bin/chsh
|
usr/bin/chsh
|
||||||
|
|||||||
@@ -0,0 +1,137 @@
|
|||||||
|
From 65c88a43a23c2391dcc90c0abda3e839e9c57904 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Alejandro Colomar <alx@kernel.org>
|
||||||
|
Date: Sat, 10 Jun 2023 16:20:05 +0200
|
||||||
|
Subject: [PATCH] gpasswd(1): Fix password leak
|
||||||
|
|
||||||
|
How to trigger this password leak?
|
||||||
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
When gpasswd(1) asks for the new password, it asks twice (as is usual
|
||||||
|
for confirming the new password). Each of those 2 password prompts
|
||||||
|
uses agetpass() to get the password. If the second agetpass() fails,
|
||||||
|
the first password, which has been copied into the 'static' buffer
|
||||||
|
'pass' via STRFCPY(), wasn't being zeroed.
|
||||||
|
|
||||||
|
agetpass() is defined in <./libmisc/agetpass.c> (around line 91), and
|
||||||
|
can fail for any of the following reasons:
|
||||||
|
|
||||||
|
- malloc(3) or readpassphrase(3) failure.
|
||||||
|
|
||||||
|
These are going to be difficult to trigger. Maybe getting the system
|
||||||
|
to the limits of memory utilization at that exact point, so that the
|
||||||
|
next malloc(3) gets ENOMEM, and possibly even the OOM is triggered.
|
||||||
|
About readpassphrase(3), ENFILE and EINTR seem the only plausible
|
||||||
|
ones, and EINTR probably requires privilege or being the same user;
|
||||||
|
but I wouldn't discard ENFILE so easily, if a process starts opening
|
||||||
|
files.
|
||||||
|
|
||||||
|
- The password is longer than PASS_MAX.
|
||||||
|
|
||||||
|
The is plausible with physical access. However, at that point, a
|
||||||
|
keylogger will be a much simpler attack.
|
||||||
|
|
||||||
|
And, the attacker must be able to know when the second password is being
|
||||||
|
introduced, which is not going to be easy.
|
||||||
|
|
||||||
|
How to read the password after the leak?
|
||||||
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
Provoking the leak yourself at the right point by entering a very long
|
||||||
|
password is easy, and inspecting the process stack at that point should
|
||||||
|
be doable. Try to find some consistent patterns.
|
||||||
|
|
||||||
|
Then, search for those patterns in free memory, right after the victim
|
||||||
|
leaks their password.
|
||||||
|
|
||||||
|
Once you get the leak, a program should read all the free memory
|
||||||
|
searching for patterns that gpasswd(1) leaves nearby the leaked
|
||||||
|
password.
|
||||||
|
|
||||||
|
On 6/10/23 03:14, Seth Arnold wrote:
|
||||||
|
> An attacker process wouldn't be able to use malloc(3) for this task.
|
||||||
|
> There's a handful of tools available for userspace to allocate memory:
|
||||||
|
>
|
||||||
|
> - brk / sbrk
|
||||||
|
> - mmap MAP_ANONYMOUS
|
||||||
|
> - mmap /dev/zero
|
||||||
|
> - mmap some other file
|
||||||
|
> - shm_open
|
||||||
|
> - shmget
|
||||||
|
>
|
||||||
|
> Most of these return only pages of zeros to a process. Using mmap of an
|
||||||
|
> existing file, you can get some of the contents of the file demand-loaded
|
||||||
|
> into the memory space on the first use.
|
||||||
|
>
|
||||||
|
> The MAP_UNINITIALIZED flag only works if the kernel was compiled with
|
||||||
|
> CONFIG_MMAP_ALLOW_UNINITIALIZED. This is rare.
|
||||||
|
>
|
||||||
|
> malloc(3) doesn't zero memory, to our collective frustration, but all the
|
||||||
|
> garbage in the allocations is from previous allocations in the current
|
||||||
|
> process. It isn't leftover from other processes.
|
||||||
|
>
|
||||||
|
> The avenues available for reading the memory:
|
||||||
|
> - /dev/mem and /dev/kmem (requires root, not available with Secure Boot)
|
||||||
|
> - /proc/pid/mem (requires ptrace privileges, mediated by YAMA)
|
||||||
|
> - ptrace (requires ptrace privileges, mediated by YAMA)
|
||||||
|
> - causing memory to be swapped to disk, and then inspecting the swap
|
||||||
|
>
|
||||||
|
> These all require a certain amount of privileges.
|
||||||
|
|
||||||
|
How to fix it?
|
||||||
|
~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
memzero(), which internally calls explicit_bzero(3), or whatever
|
||||||
|
alternative the system provides with a slightly different name, will
|
||||||
|
make sure that the buffer is zeroed in memory, and optimizations are not
|
||||||
|
allowed to impede this zeroing.
|
||||||
|
|
||||||
|
This is not really 100% effective, since compilers may place copies of
|
||||||
|
the string somewhere hidden in the stack. Those copies won't get zeroed
|
||||||
|
by explicit_bzero(3). However, that's arguably a compiler bug, since
|
||||||
|
compilers should make everything possible to avoid optimizing strings
|
||||||
|
that are later passed to explicit_bzero(3). But we all know that
|
||||||
|
sometimes it's impossible to have perfect knowledge in the compiler, so
|
||||||
|
this is plausible. Nevertheless, there's nothing we can do against such
|
||||||
|
issues, except minimizing the time such passwords are stored in plain
|
||||||
|
text.
|
||||||
|
|
||||||
|
Security concerns
|
||||||
|
~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
We believe this isn't easy to exploit. Nevertheless, and since the fix
|
||||||
|
is trivial, this fix should probably be applied soon, and backported to
|
||||||
|
all supported distributions, to prevent someone else having more
|
||||||
|
imagination than us to find a way.
|
||||||
|
|
||||||
|
Affected versions
|
||||||
|
~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
All. Bug introduced in shadow 19990709. That's the second commit in
|
||||||
|
the git history.
|
||||||
|
|
||||||
|
Fixes: 45c6603cc86c ("[svn-upgrade] Integrating new upstream version, shadow (19990709)")
|
||||||
|
Reported-by: Alejandro Colomar <alx@kernel.org>
|
||||||
|
Cc: Serge Hallyn <serge@hallyn.com>
|
||||||
|
Cc: Iker Pedrosa <ipedrosa@redhat.com>
|
||||||
|
Cc: Seth Arnold <seth.arnold@canonical.com>
|
||||||
|
Cc: Christian Brauner <christian@brauner.io>
|
||||||
|
Cc: Balint Reczey <rbalint@debian.org>
|
||||||
|
Cc: Sam James <sam@gentoo.org>
|
||||||
|
Cc: David Runge <dvzrv@archlinux.org>
|
||||||
|
Cc: Andreas Jaeger <aj@suse.de>
|
||||||
|
Cc: <~hallyn/shadow@lists.sr.ht>
|
||||||
|
Signed-off-by: Alejandro Colomar <alx@kernel.org>
|
||||||
|
---
|
||||||
|
src/gpasswd.c | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
--- a/src/gpasswd.c
|
||||||
|
+++ b/src/gpasswd.c
|
||||||
|
@@ -896,6 +896,7 @@
|
||||||
|
strzero (cp);
|
||||||
|
cp = getpass (_("Re-enter new password: "));
|
||||||
|
if (NULL == cp) {
|
||||||
|
+ memzero (pass, sizeof pass);
|
||||||
|
exit (1);
|
||||||
|
}
|
||||||
|
|
||||||
@@ -0,0 +1,45 @@
|
|||||||
|
From e5905c4b84d4fb90aefcd96ee618411ebfac663d Mon Sep 17 00:00:00 2001
|
||||||
|
From: tomspiderlabs <128755403+tomspiderlabs@users.noreply.github.com>
|
||||||
|
Date: Thu, 23 Mar 2023 23:39:38 +0000
|
||||||
|
Subject: [PATCH] Added control character check
|
||||||
|
|
||||||
|
Added control character check, returning -1 (to "err") if control characters are present.
|
||||||
|
---
|
||||||
|
lib/fields.c | 11 +++++++----
|
||||||
|
1 file changed, 7 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/fields.c b/lib/fields.c
|
||||||
|
index 640be931..fb51b582 100644
|
||||||
|
--- a/lib/fields.c
|
||||||
|
+++ b/lib/fields.c
|
||||||
|
@@ -21,9 +21,9 @@
|
||||||
|
*
|
||||||
|
* The supplied field is scanned for non-printable and other illegal
|
||||||
|
* characters.
|
||||||
|
- * + -1 is returned if an illegal character is present.
|
||||||
|
- * + 1 is returned if no illegal characters are present, but the field
|
||||||
|
- * contains a non-printable character.
|
||||||
|
+ * + -1 is returned if an illegal or control character is present.
|
||||||
|
+ * + 1 is returned if no illegal or control characters are present,
|
||||||
|
+ * but the field contains a non-printable character.
|
||||||
|
* + 0 is returned otherwise.
|
||||||
|
*/
|
||||||
|
int valid_field (const char *field, const char *illegal)
|
||||||
|
@@ -45,10 +45,13 @@ int valid_field (const char *field, const char *illegal)
|
||||||
|
}
|
||||||
|
|
||||||
|
if (0 == err) {
|
||||||
|
- /* Search if there are some non-printable characters */
|
||||||
|
+ /* Search if there are non-printable or control characters */
|
||||||
|
for (cp = field; '\0' != *cp; cp++) {
|
||||||
|
if (!isprint (*cp)) {
|
||||||
|
err = 1;
|
||||||
|
+ }
|
||||||
|
+ if (!iscntrl (*cp)) {
|
||||||
|
+ err = -1;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
|
|
||||||
+61
@@ -0,0 +1,61 @@
|
|||||||
|
From 2eaea70111f65b16d55998386e4ceb4273c19eb4 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
|
||||||
|
Date: Fri, 31 Mar 2023 14:46:50 +0200
|
||||||
|
Subject: [PATCH] Overhaul valid_field()
|
||||||
|
|
||||||
|
e5905c4b ("Added control character check") introduced checking for
|
||||||
|
control characters but had the logic inverted, so it rejects all
|
||||||
|
characters that are not control ones.
|
||||||
|
|
||||||
|
Cast the character to `unsigned char` before passing to the character
|
||||||
|
checking functions to avoid UB.
|
||||||
|
|
||||||
|
Use strpbrk(3) for the illegal character test and return early.
|
||||||
|
---
|
||||||
|
lib/fields.c | 24 ++++++++++--------------
|
||||||
|
1 file changed, 10 insertions(+), 14 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/fields.c b/lib/fields.c
|
||||||
|
index fb51b582..53929248 100644
|
||||||
|
--- a/lib/fields.c
|
||||||
|
+++ b/lib/fields.c
|
||||||
|
@@ -37,26 +37,22 @@ int valid_field (const char *field, const char *illegal)
|
||||||
|
|
||||||
|
/* For each character of field, search if it appears in the list
|
||||||
|
* of illegal characters. */
|
||||||
|
+ if (illegal && NULL != strpbrk (field, illegal)) {
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /* Search if there are non-printable or control characters */
|
||||||
|
for (cp = field; '\0' != *cp; cp++) {
|
||||||
|
- if (strchr (illegal, *cp) != NULL) {
|
||||||
|
+ unsigned char c = *cp;
|
||||||
|
+ if (!isprint (c)) {
|
||||||
|
+ err = 1;
|
||||||
|
+ }
|
||||||
|
+ if (iscntrl (c)) {
|
||||||
|
err = -1;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (0 == err) {
|
||||||
|
- /* Search if there are non-printable or control characters */
|
||||||
|
- for (cp = field; '\0' != *cp; cp++) {
|
||||||
|
- if (!isprint (*cp)) {
|
||||||
|
- err = 1;
|
||||||
|
- }
|
||||||
|
- if (!iscntrl (*cp)) {
|
||||||
|
- err = -1;
|
||||||
|
- break;
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
return err;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
|
|
||||||
Vendored
+7
@@ -1,3 +1,10 @@
|
|||||||
|
# CVE-2023-4641
|
||||||
|
0001-gpasswd-1-Fix-password-leak.patch
|
||||||
|
|
||||||
|
# CVE-2023-29383
|
||||||
|
0002-Added-control-character-check.patch
|
||||||
|
0003-Overhaul-valid_field.patch
|
||||||
|
|
||||||
# These patches are only for the testsuite:
|
# These patches are only for the testsuite:
|
||||||
#900_testsuite_groupmems
|
#900_testsuite_groupmems
|
||||||
#901_testsuite_gcov
|
#901_testsuite_gcov
|
||||||
|
|||||||
Vendored
+5
-1
@@ -21,6 +21,10 @@ DEB_CONFIGURE_EXTRA_FLAGS := --without-libcrack \
|
|||||||
--without-tcb \
|
--without-tcb \
|
||||||
SHELL=/bin/sh
|
SHELL=/bin/sh
|
||||||
|
|
||||||
|
ifneq ($(filter nodoc,$(DEB_BUILD_PROFILES)),)
|
||||||
|
DEB_CONFIGURE_EXTRA_FLAGS += --disable-man
|
||||||
|
endif
|
||||||
|
|
||||||
# Set the default editor for vipw/vigr
|
# Set the default editor for vipw/vigr
|
||||||
CFLAGS += -DDEFAULT_EDITOR="\"sensible-editor\""
|
CFLAGS += -DDEFAULT_EDITOR="\"sensible-editor\""
|
||||||
|
|
||||||
@@ -38,7 +42,7 @@ endif
|
|||||||
dh_install -a
|
dh_install -a
|
||||||
ifeq ($(DEB_HOST_ARCH_OS),hurd)
|
ifeq ($(DEB_HOST_ARCH_OS),hurd)
|
||||||
# /bin/login is provided by the hurd package.
|
# /bin/login is provided by the hurd package.
|
||||||
rm -f debian/login/bin/login
|
rm -f debian/login/usr/bin/login
|
||||||
endif
|
endif
|
||||||
|
|
||||||
override_dh_installpam:
|
override_dh_installpam:
|
||||||
|
|||||||
+14
-1
@@ -73,10 +73,20 @@
|
|||||||
the appropriate locks to prevent file corruption. When looking for an
|
the appropriate locks to prevent file corruption. When looking for an
|
||||||
editor, the programs will first try the environment variable
|
editor, the programs will first try the environment variable
|
||||||
<envar>$VISUAL</envar>, then the environment variable
|
<envar>$VISUAL</envar>, then the environment variable
|
||||||
<envar>$EDITOR</envar>, and finally the default editor,
|
<envar>$EDITOR</envar>, then the editor from
|
||||||
|
<filename>~/.selected_editor</filename>, and finally
|
||||||
|
<command>nano</command>.
|
||||||
<citerefentry><refentrytitle>vi</refentrytitle>
|
<citerefentry><refentrytitle>vi</refentrytitle>
|
||||||
<manvolnum>1</manvolnum></citerefentry>.
|
<manvolnum>1</manvolnum></citerefentry>.
|
||||||
</para>
|
</para>
|
||||||
|
<para>
|
||||||
|
On the first run, if the environment variables <envar>$VISUAL</envar>
|
||||||
|
and <envar>$EDITOR</envar> are both unset, this program asks you for
|
||||||
|
an editor and stores your selection in
|
||||||
|
<filename>~/.selected_editor</filename>. If the editor mentioned
|
||||||
|
therein does not exist on your system, the program will fall back
|
||||||
|
to using <command>nano</command>.
|
||||||
|
</para>
|
||||||
</refsect1>
|
</refsect1>
|
||||||
|
|
||||||
<refsect1 id='options'>
|
<refsect1 id='options'>
|
||||||
@@ -210,6 +220,9 @@
|
|||||||
<citerefentry>
|
<citerefentry>
|
||||||
<refentrytitle>gshadow</refentrytitle><manvolnum>5</manvolnum>
|
<refentrytitle>gshadow</refentrytitle><manvolnum>5</manvolnum>
|
||||||
</citerefentry>
|
</citerefentry>
|
||||||
|
<citerefentry>
|
||||||
|
<refentrytitle>~/.selected_editor</refentrytitle><manvolnum>5</manvolnum>
|
||||||
|
</citerefentry>
|
||||||
<citerefentry condition="tcb">
|
<citerefentry condition="tcb">
|
||||||
<refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
|
<refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
|
||||||
</citerefentry>,
|
</citerefentry>,
|
||||||
|
|||||||
Reference in New Issue
Block a user