[Pkg-shadow-commits] r918 - trunk/debian/patches
Christian Perrier
bubulle at costa.debian.org
Tue Mar 21 08:58:47 UTC 2006
Author: bubulle
Date: 2006-03-21 08:58:43 +0000 (Tue, 21 Mar 2006)
New Revision: 918
Removed:
trunk/debian/patches/302_fix_generated_man_pages
trunk/debian/patches/303_passwd.1-synopsis
trunk/debian/patches/333_login_more_LOG_UNKFAIL_ENAB
trunk/debian/patches/339_su_PAM_session
trunk/debian/patches/381_userdel_remove_remove_group
trunk/debian/patches/386_nowarn
trunk/debian/patches/390_link_selinux_only_when_needed
trunk/debian/patches/390_useradd_always_unlock_group_databases
trunk/debian/patches/437_su_-c_option
trunk/debian/patches/459_better_document_useradd_-d
trunk/debian/patches/478_nologin.8.xml
trunk/debian/patches/484_su-p_preserve_PATH
trunk/debian/patches/485_shell-env-exitcodes
trunk/debian/patches/489_useradd_allow_non_uniq_uid
trunk/debian/patches/493_selinux_no_proc
trunk/debian/patches/999-2_build_using_cdbs
Log:
Remove patches applied in 4.0.15
Deleted: trunk/debian/patches/302_fix_generated_man_pages
===================================================================
--- trunk/debian/patches/302_fix_generated_man_pages 2006-03-20 21:28:53 UTC (rev 917)
+++ trunk/debian/patches/302_fix_generated_man_pages 2006-03-21 08:58:43 UTC (rev 918)
@@ -1,60 +0,0 @@
-Goal: Fix the man pages generation on Debian
- The occurences "’" generated some "’"
-
-Fixes: #341489
-
-Status wrt upstream: will be in 4.0.15 (committed at 2006-01-07)
-
-Note: this could probably be removed if docbook-xsl was updated (1.69.1
- IIRC)
-
-Index: shadow-4.0.14/man/passwd.1.xml
-===================================================================
---- shadow-4.0.14.orig/man/passwd.1.xml 2006-01-03 08:25:06.786563200 +0100
-+++ shadow-4.0.14/man/passwd.1.xml 2006-01-03 08:25:08.843145652 +0100
-@@ -185,8 +185,8 @@
- </term>
- <listitem>
- <para>
-- Immediately expire an account’s password. This in effect can
-- force a user to change his/her password at the user’s next login.
-+ Immediately expire an account's password. This in effect can
-+ force a user to change his/her password at the user's next login.
- </para>
- </listitem>
- </varlistentry>
-@@ -271,7 +271,7 @@
- <listitem>
- <para>
- Display account status information. The status information
-- consists of 7 fields. The first field is the user’s login name.
-+ consists of 7 fields. The first field is the user's login name.
- The second field indicates if the user account is locked (L),
- has no password (NP), or has a usable password (P). The third
- field gives the date of the last password change. The next four
-Index: shadow-4.0.14/man/login.1.xml
-===================================================================
---- shadow-4.0.14.orig/man/login.1.xml 2006-01-03 08:23:47.177723987 +0100
-+++ shadow-4.0.14/man/login.1.xml 2006-01-03 08:25:08.843145652 +0100
-@@ -39,7 +39,7 @@
- <para>
- <command>login</command> is used to establish a new session with the
- system. It is normally invoked automatically by responding to the
-- <emphasis remap='I'>login:</emphasis> prompt on the user´s
-+ <emphasis remap='I'>login:</emphasis> prompt on the user's
- terminal. <command>login</command> may be special to the shell and may
- not be invoked as a sub-process. Typically, <command>login</command>
- is treated by the shell as <emphasis remap='B'>exec login</emphasis>
-Index: shadow-4.0.14/man/su.1.xml
-===================================================================
---- shadow-4.0.14.orig/man/su.1.xml 2006-01-03 08:23:47.178723784 +0100
-+++ shadow-4.0.14/man/su.1.xml 2006-01-03 08:25:08.844145449 +0100
-@@ -42,7 +42,7 @@
-
- <para>
- Additional arguments may be provided after the username, in which case
-- they are supplied to the user´s login shell. In particular, an
-+ they are supplied to the user's login shell. In particular, an
- argument of <option>-c</option> will cause the next argument to be
- treated as a command by most command interpreters. The command will be
- executed by the shell specified in <filename>/etc/passwd</filename>
Deleted: trunk/debian/patches/303_passwd.1-synopsis
===================================================================
--- trunk/debian/patches/303_passwd.1-synopsis 2006-03-20 21:28:53 UTC (rev 917)
+++ trunk/debian/patches/303_passwd.1-synopsis 2006-03-21 08:58:43 UTC (rev 918)
@@ -1,35 +0,0 @@
-Goal: Use of a consistent command synopsis for passwd.1
-
-Fixes: #352136
-
-Status wrt to upstream: Will be in 4.0.15
-
-Index: shadow-4.0.14/man/passwd.1.xml
-===================================================================
---- shadow-4.0.14.orig/man/passwd.1.xml 2006-02-22 06:59:27.406418326 +0100
-+++ shadow-4.0.14/man/passwd.1.xml 2006-02-28 18:43:39.510787920 +0100
-@@ -16,22 +16,9 @@
- <refsynopsisdiv id='synopsis'>
- <cmdsynopsis>
- <command>passwd</command>
-- <arg choice='opt'>-x <replaceable>max</replaceable></arg>
-- <arg choice='opt'>-n <replaceable>min</replaceable></arg>
-- <arg choice='opt'>-w <replaceable>warn</replaceable></arg>
-- <arg choice='opt'>-i <replaceable>inact</replaceable></arg>
-- <arg choice='plain'><replaceable>login</replaceable>
-+ <arg choice='opt'>
-+ <replaceable>options</replaceable>
- </arg>
-- </cmdsynopsis>
-- <cmdsynopsis>
-- <command>passwd</command>
-- <group choice='opt'>
-- <arg choice='plain'>-l </arg>
-- <arg choice='plain'>-u </arg>
-- <arg choice='plain'>-d </arg>
-- <arg choice='plain'>-S </arg>
-- <arg choice='plain'>-e </arg>
-- </group>
- <arg choice='plain'><replaceable>login</replaceable></arg>
- </cmdsynopsis>
- </refsynopsisdiv>
Deleted: trunk/debian/patches/333_login_more_LOG_UNKFAIL_ENAB
===================================================================
--- trunk/debian/patches/333_login_more_LOG_UNKFAIL_ENAB 2006-03-20 21:28:53 UTC (rev 917)
+++ trunk/debian/patches/333_login_more_LOG_UNKFAIL_ENAB 2006-03-21 08:58:43 UTC (rev 918)
@@ -1,163 +0,0 @@
-Goal: the username should be logged as UNKNOWN if LOG_UNKFAIL_ENAB is not set.
-
-Status wrt upstream: will be in 4.0.15
-
-Notes:
- * This patch also adds the following minor changes (which are not easy to
- extract from this patch):
- + TOO MANY LOGIN... logged if PAM_MAXTRIES or failcount >= retries.
- Upstream only test PAM_MAXTRIES.
- + Print to stderr (in addition to syslog) in case of maximum number of
- tries exceeded.
- + Always prints the number of tries in the syslog entry.
- + add special handling for PAM_ABORT
- * This patch also adds the following non-minor change:
- + add an entry to failog, as when USE_PAM is not defined. (#53164)
- * The patch changed pam_end to PAM_END. This is certainly a mistake.
- PAM_END is pam_close_seesion + pam_end. Here, the session is still not
- open, we don't have to close it.
- * a HAVE_PAM_FAIL_DELAY is missing
-
-Index: shadow-4.0.14/src/login.c
-===================================================================
---- shadow-4.0.14.orig/src/login.c 2006-01-03 08:25:01.557624818 +0100
-+++ shadow-4.0.14/src/login.c 2006-01-03 08:25:01.887557833 +0100
-@@ -629,68 +629,60 @@
- * pay attention to failure count and get rid of
- * MAX_LOGIN_TRIES?
- */
-- retcode = pam_authenticate (pamh, 0);
-- while ((failcount++ < retries) &&
-- ((retcode == PAM_AUTH_ERR) ||
-- (retcode == PAM_USER_UNKNOWN) ||
-- (retcode == PAM_CRED_INSUFFICIENT) ||
-- (retcode == PAM_AUTHINFO_UNAVAIL))) {
-- pam_get_item (pamh, PAM_USER,
-- (const void **) &pam_user);
-- SYSLOG ((LOG_NOTICE,
-- "FAILED LOGIN %d FROM %s FOR %s, %s",
-- failcount, hostname, pam_user,
-- pam_strerror (pamh, retcode)));
--#ifdef HAVE_PAM_FAIL_DELAY
-- pam_fail_delay (pamh, 1000000 * delay);
--#endif
--#ifdef WITH_AUDIT
-- {
-- struct passwd *pw;
-- char buf[64];
--
-- audit_fd = audit_open ();
-- pw = getpwnam (username);
-- if (pw) {
-- snprintf (buf, sizeof (buf),
-- "uid=%d", pw->pw_uid);
-- audit_log_user_message
-- (audit_fd, AUDIT_USER_LOGIN,
-- buf, hostname, NULL,
-- tty, 0);
-- } else {
-- snprintf (buf, sizeof (buf),
-- "acct=%s", username);
-- audit_log_user_message
-- (audit_fd, AUDIT_USER_LOGIN,
-- buf, hostname, NULL,
-- tty, 0);
-- }
-- close (audit_fd);
-- }
--#endif /* WITH_AUDIT */
--
-- fprintf (stderr, _("\nLogin incorrect\n"));
-- pam_set_item (pamh, PAM_USER, NULL);
-- retcode = pam_authenticate (pamh, 0);
-- }
--
-- if (retcode != PAM_SUCCESS) {
-- pam_get_item (pamh, PAM_USER,
-- (const void **) &pam_user);
--
-- if (retcode == PAM_MAXTRIES)
-- SYSLOG ((LOG_NOTICE,
-- "TOO MANY LOGIN TRIES (%d) FROM %s FOR %s, %s",
-- failcount, hostname,
-- pam_user,
-- pam_strerror (pamh, retcode)));
-- else
-- SYSLOG ((LOG_NOTICE,
-- "FAILED LOGIN SESSION FROM %s FOR %s, %s",
-- hostname, pam_user,
-- pam_strerror (pamh, retcode)));
-+ failcount = 0;
-+ while (1) {
-+ const char *failent_user;
-+ failed = 0;
-+
-+ failcount++;
-+ if (delay > 0)
-+ retcode = pam_fail_delay(pamh, 1000000*delay);
-+
-+ retcode = pam_authenticate (pamh, 0);
-+
-+ pam_get_item (pamh, PAM_USER,
-+ (const void **) &pam_user);
-+
-+ if (pam_user && pam_user[0]) {
-+ pwd = getpwnam(pam_user);
-+ if (pwd) {
-+ pwent = *pwd;
-+ failent_user = pwent.pw_name;
-+ } else {
-+ if (getdef_bool("LOG_UNKFAIL_ENAB") && pam_user)
-+ failent_user = pam_user;
-+ else
-+ failent_user = "UNKNOWN";
-+ }
-+ } else {
-+ pwd = NULL;
-+ failent_user = "UNKNOWN";
-+ }
-+
-+ if (retcode == PAM_MAXTRIES || failcount >= retries) {
-+ SYSLOG ((LOG_NOTICE,
-+ "TOO MANY LOGIN TRIES (%d)%s FOR `%s'",
-+ failcount, fromhost, failent_user));
-+ fprintf(stderr,
-+ _("Maximum number of tries exceeded (%d)\n"),
-+ failcount);
-+ PAM_END;
-+ exit(0);
-+ } else if (retcode == PAM_ABORT) {
-+ /* Serious problems, quit now */
-+ fprintf(stderr,_("login: abort requested by PAM\n"));
-+ SYSLOG ((LOG_ERR,"PAM_ABORT returned from pam_authenticate()"));
-+ PAM_END;
-+ exit(99);
-+ } else if (retcode != PAM_SUCCESS) {
-+ SYSLOG ((LOG_NOTICE,"FAILED LOGIN (%d)%s FOR `%s', %s",
-+ failcount, fromhost, failent_user,
-+ pam_strerror (pamh, retcode)));
-+ failed = 1;
-+ }
-
-+ if (!failed)
-+ break;
-
- #ifdef WITH_AUDIT
- {
-@@ -718,11 +710,13 @@
- }
- #endif /* WITH_AUDIT */
-
-- fprintf (stderr, "\nLogin incorrect\n");
-- pam_end (pamh, retcode);
-- exit (0);
-+ fprintf(stderr,"\nLogin incorrect\n");
-+
-+ /* Let's give it another go around */
-+ pam_set_item(pamh,PAM_USER,NULL);
- }
-
-+ /* We don't get here unless they were authenticated above */
- retcode = pam_acct_mgmt (pamh, 0);
-
- if (retcode == PAM_NEW_AUTHTOK_REQD) {
Deleted: trunk/debian/patches/339_su_PAM_session
===================================================================
--- trunk/debian/patches/339_su_PAM_session 2006-03-20 21:28:53 UTC (rev 917)
+++ trunk/debian/patches/339_su_PAM_session 2006-03-21 08:58:43 UTC (rev 918)
@@ -1,29 +0,0 @@
-Goal: add pam session ability to su (patch from Topi Miettinen)
-Fixes: #57526, #55873, #57532
-
-Note: this is a rewrite of the previous 439_su_PAM_session
- One difference may be that the session is not closed as root (changing
- this will require a major rewrite of su).
-
-Status wrt upstream: will be in 4.0.15
-
-Index: shadow-4.0.14/src/su.c
-===================================================================
---- shadow-4.0.14.orig/src/su.c 2006-01-03 08:25:00.575824149 +0100
-+++ shadow-4.0.14/src/su.c 2006-01-03 08:25:00.899758382 +0100
-@@ -771,6 +771,7 @@
- SYSLOG ((LOG_ERR, "pam_open_session: %s",
- pam_strerror (pamh, ret)));
- fprintf (stderr, _("%s: %s\n"), Prog, pam_strerror (pamh, ret));
-+ pam_setcred(pamh, PAM_DELETE_CRED);
- pam_end (pamh, ret);
- exit (1);
- }
-@@ -794,6 +795,7 @@
-
- /* become the new user */
- if (change_uid (&pwent)) {
-+ pam_close_session(pamh, 0);
- pam_setcred (pamh, PAM_DELETE_CRED);
- pam_end (pamh, PAM_ABORT);
- exit (1);
Deleted: trunk/debian/patches/381_userdel_remove_remove_group
===================================================================
--- trunk/debian/patches/381_userdel_remove_remove_group 2006-03-20 21:28:53 UTC (rev 917)
+++ trunk/debian/patches/381_userdel_remove_remove_group 2006-03-21 08:58:43 UTC (rev 918)
@@ -1,119 +0,0 @@
-Goal: avoid a warning when removing an user.
-
-The user's group is already removed by update_groups. remove_group is not
-needed.
-Thus userdel reports a warning:
-userdel: error removing group entry
-userdel: error removing shadow group entry
-
-Status wrt upstream: will be in 4.0.15
-
-Index: shadow-4.0.14/src/userdel.c
-===================================================================
---- shadow-4.0.14.orig/src/userdel.c 2006-01-09 21:27:19.000000000 +0100
-+++ shadow-4.0.14/src/userdel.c 2006-01-09 21:59:33.000000000 +0100
-@@ -66,9 +66,7 @@
- #define E_HOMEDIR 12 /* can't remove home directory */
- static char *user_name;
- static uid_t user_id;
--static gid_t user_gid;
- static char *user_home;
--static char *user_group;
-
- static char *Prog;
- static int fflg = 0, rflg = 0;
-@@ -265,65 +263,6 @@
- }
-
- /*
-- * remove_group - remove the user's group unless it is not really a user-private group
-- */
--static void remove_group ()
--{
-- char *glist_name;
-- struct group *gr;
-- struct passwd *pwd;
--
-- if (user_group == NULL || user_name == NULL)
-- return;
--
-- if (strcmp (user_name, user_group)) {
-- return;
-- }
--
-- glist_name = NULL;
-- gr = getgrnam (user_group);
-- if (gr)
-- glist_name = *(gr->gr_mem);
-- while (glist_name) {
-- while (glist_name && *glist_name) {
-- if (strncmp (glist_name, user_name, 16)) {
-- return;
-- }
-- glist_name++;
-- }
-- }
--
-- setpwent ();
-- while ((pwd = getpwent ())) {
-- if (strcmp (pwd->pw_name, user_name) == 0)
-- continue;
--
-- if (pwd->pw_gid == user_gid) {
-- return;
-- }
-- }
--
-- /* now actually do the removal if we haven't already returned */
--
-- if (!gr_remove (user_group)) {
-- fprintf (stderr, _("%s: error removing group entry\n"), Prog);
-- }
--#ifdef SHADOWGRP
--
-- /*
-- * Delete the shadow group entries as well.
-- */
--
-- if (is_shadow_grp && !sgr_remove (user_group)) {
-- fprintf (stderr, _("%s: error removing shadow group entry\n"),
-- Prog);
-- }
--#endif /* SHADOWGRP */
-- SYSLOG ((LOG_INFO, "remove group `%s'\n", user_group));
-- return;
--}
--
--/*
- * close_files - close all of the files that were opened
- *
- * close_files() closes all of the files that were opened for this
-@@ -658,7 +597,6 @@
- int main (int argc, char **argv)
- {
- struct passwd *pwd;
-- struct group *grp;
- int arg;
- int errors = 0;
-
-@@ -766,10 +704,6 @@
- #endif
- user_id = pwd->pw_uid;
- user_home = xstrdup (pwd->pw_dir);
-- user_gid = pwd->pw_gid;
-- grp = getgrgid (user_gid);
-- if (grp)
-- user_group = xstrdup (grp->gr_name);
- /*
- * Check to make certain the user isn't logged in.
- */
-@@ -823,9 +757,6 @@
- }
- #endif
-
-- /* Remove the user's group if appropriate. */
-- remove_group ();
--
- if (rflg) {
- if (remove_tree (user_home)
- || rmdir (user_home)) {
Deleted: trunk/debian/patches/386_nowarn
===================================================================
--- trunk/debian/patches/386_nowarn 2006-03-20 21:28:53 UTC (rev 917)
+++ trunk/debian/patches/386_nowarn 2006-03-21 08:58:43 UTC (rev 918)
@@ -1,280 +0,0 @@
-Goal: make possible compilation of shadow with -Wall -Werror
-
-Eliminates several reasons for warnings:
-* unused variables
-* non-declared static functions
-* missing extern declarations like nscd_flush_cache ("nscd.h")
-* ambiguaos "else"
-* ??? (what else I forgot)
-
-Status wrt upstream: will be in 4.0.15
-
-Index: shadow-4.0.14/libmisc/setupenv.c
-===================================================================
---- shadow-4.0.14.orig/libmisc/setupenv.c 2006-01-16 18:12:10.862077290 +0200
-+++ shadow-4.0.14/libmisc/setupenv.c 2006-01-16 18:18:17.185919272 +0200
-@@ -43,6 +43,8 @@
- #include "defines.h"
- #include <pwd.h>
- #include "getdef.h"
-+
-+#ifndef USE_PAM
- static void
- addenv_path (const char *varname, const char *dirname, const char *filename)
- {
-@@ -54,8 +56,6 @@
- free (buf);
- }
-
--
--#ifndef USE_PAM
- static void read_env_file (const char *filename)
- {
- FILE *fp;
-Index: shadow-4.0.14/src/login.c
-===================================================================
---- shadow-4.0.14.orig/src/login.c 2006-01-16 18:12:11.252045186 +0200
-+++ shadow-4.0.14/src/login.c 2006-01-16 18:19:31.372811754 +0200
-@@ -261,7 +261,10 @@
-
- static void init_env (void)
- {
-- char *cp, *tmp;
-+#ifndef USE_PAM
-+ char *cp;
-+#endif
-+ char *tmp;
-
- if ((tmp = getenv ("LANG"))) {
- addenv ("LANG", tmp);
-Index: shadow-4.0.14/src/chage.c
-===================================================================
---- shadow-4.0.14.orig/src/chage.c 2006-01-16 18:12:10.735087745 +0200
-+++ shadow-4.0.14/src/chage.c 2006-01-16 18:21:42.643004789 +0200
-@@ -338,7 +338,6 @@
-
- int main (int argc, char **argv)
- {
-- int flag;
- const struct spwd *sp;
- struct spwd spwd;
- uid_t ruid;
-Index: shadow-4.0.14/src/chsh.c
-===================================================================
---- shadow-4.0.14.orig/src/chsh.c 2006-01-16 18:12:11.025063872 +0200
-+++ shadow-4.0.14/src/chsh.c 2006-01-16 18:23:17.887163708 +0200
-@@ -68,6 +68,7 @@
- /* local function prototypes */
- static void usage (void);
- static void new_fields (void);
-+static int check_shell (const char *);
- static int restricted_shell (const char *);
-
- /*
-@@ -117,7 +118,7 @@
- * If getusershell() is available (Linux, *BSD, possibly others), use it
- * instead of re-implementing it.
- */
--int check_shell (const char *sh)
-+static int check_shell (const char *sh)
- {
- char *cp;
- int found = 0;
-Index: shadow-4.0.14/src/gpasswd.c
-===================================================================
---- shadow-4.0.14.orig/src/gpasswd.c 2005-12-06 23:24:59.000000000 +0200
-+++ shadow-4.0.14/src/gpasswd.c 2006-01-16 18:24:46.917834159 +0200
-@@ -45,6 +45,7 @@
- #ifdef SHADOWGRP
- #include "sgroupio.h"
- #endif
-+#include "nscd.h"
- /*
- * Global variables
- */
-Index: shadow-4.0.14/src/newgrp.c
-===================================================================
---- shadow-4.0.14.orig/src/newgrp.c 2006-01-16 18:12:11.253045104 +0200
-+++ shadow-4.0.14/src/newgrp.c 2006-01-16 18:25:52.712417546 +0200
-@@ -485,8 +485,8 @@
- /* wake child when resumed */
- kill (child, SIGCONT);
- }
-- } while (pid == child && WIFSTOPPED (cst) ||
-- pid != child && errno == EINTR);
-+ } while ((pid == child && WIFSTOPPED (cst)) ||
-+ (pid != child && errno == EINTR));
- SYSLOG ((LOG_INFO,
- "user `%s' (login `%s' on %s) returned to group `%s'",
- name, loginname, tty,
-Index: shadow-4.0.14/src/passwd.c
-===================================================================
---- shadow-4.0.14.orig/src/passwd.c 2005-12-06 23:25:00.000000000 +0200
-+++ shadow-4.0.14/src/passwd.c 2006-01-16 18:26:49.170769550 +0200
-@@ -603,7 +603,6 @@
- */
- int main (int argc, char **argv)
- {
-- int flag; /* Current option to process */
- const struct passwd *pw; /* Password file entry for user */
-
- #ifndef USE_PAM
-@@ -898,11 +897,12 @@
-
- SYSLOG ((LOG_INFO, "password for `%s' changed by `%s'", name, myname));
- closelog ();
-- if (!qflg)
-+ if (!qflg) {
- if (!eflg)
- printf (_("Password changed.\n"));
- else
- printf (_("Password set to expire.\n"));
-+ }
- exit (E_SUCCESS);
- /* NOT REACHED */
- }
-Index: shadow-4.0.14/src/groupadd.c
-===================================================================
---- shadow-4.0.14.orig/src/groupadd.c 2006-01-16 18:12:10.736087663 +0200
-+++ shadow-4.0.14/src/groupadd.c 2006-01-16 18:27:32.077237227 +0200
-@@ -86,7 +86,6 @@
- static void grp_update (void);
- static void find_new_gid (void);
- static void check_new_name (void);
--static void process_flags (int, char **);
- static void close_files (void);
- static void open_files (void);
- static void fail_exit (int);
-Index: shadow-4.0.14/src/groupdel.c
-===================================================================
---- shadow-4.0.14.orig/src/groupdel.c 2006-01-16 18:12:10.736087663 +0200
-+++ shadow-4.0.14/src/groupdel.c 2006-01-16 18:28:08.534235864 +0200
-@@ -346,4 +346,5 @@
- #endif
- exit (errors == 0 ? E_SUCCESS : E_GRP_UPDATE);
- /* NOT REACHED */
-+ return 0;
- }
-Index: shadow-4.0.14/src/grpck.c
-===================================================================
---- shadow-4.0.14.orig/src/grpck.c 2006-01-16 18:12:11.004065601 +0200
-+++ shadow-4.0.14/src/grpck.c 2006-01-16 18:29:36.566988470 +0200
-@@ -40,6 +40,7 @@
- #include "defines.h"
- #include "groupio.h"
- #include "prototypes.h"
-+#include "nscd.h"
- extern void __gr_del_entry (const struct commonio_entry *);
- extern struct commonio_entry *__gr_get_head (void);
-
-Index: shadow-4.0.14/src/grpconv.c
-===================================================================
---- shadow-4.0.14.orig/src/grpconv.c 2005-12-06 23:25:00.000000000 +0200
-+++ shadow-4.0.14/src/grpconv.c 2006-01-16 18:30:05.539603267 +0200
-@@ -20,6 +20,7 @@
- #include <time.h>
- #include <unistd.h>
- #include "prototypes.h"
-+#include "nscd.h"
- #ifdef SHADOWGRP
- #include "groupio.h"
- #include "sgroupio.h"
-Index: shadow-4.0.14/src/grpunconv.c
-===================================================================
---- shadow-4.0.14.orig/src/grpunconv.c 2005-12-06 23:25:00.000000000 +0200
-+++ shadow-4.0.14/src/grpunconv.c 2006-01-16 18:30:19.012494096 +0200
-@@ -20,6 +20,7 @@
- #include <unistd.h>
- #include <grp.h>
- #include "prototypes.h"
-+#include "nscd.h"
- #ifdef SHADOWGRP
- #include "groupio.h"
- #include "sgroupio.h"
-Index: shadow-4.0.14/src/newusers.c
-===================================================================
---- shadow-4.0.14.orig/src/newusers.c 2006-01-16 18:12:10.738087498 +0200
-+++ shadow-4.0.14/src/newusers.c 2006-01-16 18:30:47.998107823 +0200
-@@ -53,6 +53,7 @@
- #include "pwio.h"
- #include "groupio.h"
- #include "shadowio.h"
-+#include "nscd.h"
- /*
- * Global variables
- */
-Index: shadow-4.0.14/src/pwck.c
-===================================================================
---- shadow-4.0.14.orig/src/pwck.c 2006-01-16 18:12:11.004065601 +0200
-+++ shadow-4.0.14/src/pwck.c 2006-01-16 18:31:19.454518139 +0200
-@@ -42,6 +42,7 @@
- #include "pwio.h"
- #include "shadowio.h"
- #include "getdef.h"
-+#include "nscd.h"
- extern void __pw_del_entry (const struct commonio_entry *);
- extern struct commonio_entry *__pw_get_head (void);
-
-Index: shadow-4.0.14/src/pwconv.c
-===================================================================
---- shadow-4.0.14.orig/src/pwconv.c 2005-12-06 23:25:00.000000000 +0200
-+++ shadow-4.0.14/src/pwconv.c 2006-01-16 18:31:41.501703080 +0200
-@@ -43,6 +43,7 @@
- #include "prototypes.h"
- #include "pwio.h"
- #include "shadowio.h"
-+#include "nscd.h"
- /*
- * exit status values
- */
-Index: shadow-4.0.14/src/usermod.c
-===================================================================
---- shadow-4.0.14.orig/src/usermod.c 2006-01-16 18:12:10.741087251 +0200
-+++ shadow-4.0.14/src/usermod.c 2006-01-16 18:34:40.291983971 +0200
-@@ -88,19 +88,21 @@
- static gid_t user_gid;
- static gid_t user_newgid;
- static char *user_comment;
--static char *user_newcomment; /* Audit */
- static char *user_home;
- static char *user_newhome;
- static char *user_shell;
--static char *user_newshell; /* Audit */
--
- static long user_expire;
--static long user_newexpire; /* Audit */
- static long user_inactive;
--static long user_newinactive; /* Audit */
- static long sys_ngroups;
- static char **user_groups; /* NULL-terminated list */
-
-+#ifdef WITH_AUDIT
-+static char *user_newcomment; /* Audit */
-+static char *user_newshell; /* Audit */
-+static long user_newexpire; /* Audit */
-+static long user_newinactive; /* Audit */
-+#endif
-+
- static char *Prog;
-
- static int
-@@ -841,7 +843,6 @@
-
- const struct spwd *spwd = NULL;
- int anyflag = 0;
-- int arg;
-
- if (argc == 1 || argv[argc - 1][0] == '-')
- usage ();
-Index: shadow-4.0.14/src/vipw.c
-===================================================================
---- shadow-4.0.14.orig/src/vipw.c 2006-01-16 18:12:10.982067412 +0200
-+++ shadow-4.0.14/src/vipw.c 2006-01-16 18:34:58.995444188 +0200
-@@ -241,7 +241,6 @@
-
- int main (int argc, char **argv)
- {
-- int flag;
- int editshadow = 0;
- char *a;
- int do_vipw;
Deleted: trunk/debian/patches/390_link_selinux_only_when_needed
===================================================================
--- trunk/debian/patches/390_link_selinux_only_when_needed 2006-03-20 21:28:53 UTC (rev 917)
+++ trunk/debian/patches/390_link_selinux_only_when_needed 2006-03-21 08:58:43 UTC (rev 918)
@@ -1,72 +0,0 @@
-Goal: Do not link login and su (and others) with libselinux
-
-Status wrt upstream: will be in 4.0.15
-
-Index: shadow-4.0.14/lib/Makefile.am
-===================================================================
---- shadow-4.0.14.orig/lib/Makefile.am 2005-08-31 19:16:44.000000000 +0200
-+++ shadow-4.0.14/lib/Makefile.am 2006-02-09 14:29:37.000000000 +0100
-@@ -6,7 +6,7 @@
- lib_LTLIBRARIES = libshadow.la
-
- libshadow_la_LDFLAGS = -version-info 0:0:0
--libshadow_la_LIBADD = $(INTLLIBS) $(LIBCRYPT) $(LIBSKEY) $(LIBMD) $(LIBSELINUX)
-+libshadow_la_LIBADD = $(INTLLIBS) $(LIBCRYPT) $(LIBSKEY) $(LIBMD)
-
- libshadow_la_SOURCES = \
- commonio.c \
-Index: shadow-4.0.14/src/Makefile.am
-===================================================================
---- shadow-4.0.14.orig/src/Makefile.am 2006-02-09 14:21:44.000000000 +0100
-+++ shadow-4.0.14/src/Makefile.am 2006-02-09 14:45:25.000000000 +0100
-@@ -52,29 +52,37 @@
- $(top_builddir)/lib/libshadow.la
- AM_CPPFLAGS = -DLOCALEDIR=\"$(datadir)/locale\"
-
--chage_LDADD = $(LDADD) $(LIBAUDIT)
--chfn_LDADD = $(LDADD) $(LIBPAM)
--chsh_LDADD = $(LDADD) $(LIBPAM)
--chpasswd_LDADD = $(LDADD)
--gpasswd_LDADD = $(LDADD) $(LIBAUDIT)
--groupadd_LDADD = $(LDADD) $(LIBAUDIT)
--groupdel_LDADD = $(LDADD) $(LIBAUDIT)
--groupmod_LDADD = $(LDADD) $(LIBAUDIT)
-+chage_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX)
-+chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX)
-+chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX)
-+chpasswd_LDADD = $(LDADD) $(LIBSELINUX)
-+gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX)
-+groupadd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX)
-+groupdel_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX)
-+groupmod_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX)
- login_SOURCES = \
- login.c \
- login_nopam.c
- login_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT)
- newgrp_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT)
--newusers_LDADD = $(LDADD)
-+newusers_LDADD = $(LDADD) $(LIBSELINUX)
- nologin_LDADD =
--passwd_LDADD = $(LDADD) $(LIBPAM) $(LIBCRACK) $(LIBAUDIT)
-+passwd_LDADD = $(LDADD) $(LIBPAM) $(LIBCRACK) $(LIBAUDIT) $(LIBSELINUX)
- su_SOURCES = \
- su.c \
- suauth.c
- su_LDADD = $(LDADD) $(LIBPAM)
--useradd_LDADD = $(LDADD) $(LIBAUDIT)
--userdel_LDADD = $(LDADD) $(LIBAUDIT)
--usermod_LDADD = $(LDADD) $(LIBAUDIT)
-+useradd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX)
-+userdel_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX)
-+usermod_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX)
-+grpck_LDADD = $(LDADD) $(LIBSELINUX)
-+grpconv_LDADD = $(LDADD) $(LIBSELINUX)
-+grpunconv_LDADD = $(LDADD) $(LIBSELINUX)
-+pwck_LDADD = $(LDADD) $(LIBSELINUX)
-+pwconv_LDADD = $(LDADD) $(LIBSELINUX)
-+pwunconv_LDADD = $(LDADD) $(LIBSELINUX)
-+vipw_LDADD = $(LDADD) $(LIBSELINUX)
-+cppw_LDADD = $(LDADD) $(LIBSELINUX)
-
- install-am: all-am
- $(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
Deleted: trunk/debian/patches/390_useradd_always_unlock_group_databases
===================================================================
--- trunk/debian/patches/390_useradd_always_unlock_group_databases 2006-03-20 21:28:53 UTC (rev 917)
+++ trunk/debian/patches/390_useradd_always_unlock_group_databases 2006-03-21 08:58:43 UTC (rev 918)
@@ -1,38 +0,0 @@
-Goal: A lock is always created on the group and gshadow databases, it
- should always be removed (not only if do_grp_update).
-
-Fixes: #348250
-
-Status wrt upstream: will be in 4.0.15
-
-Index: shadow-4.0.14/src/useradd.c
-===================================================================
---- shadow-4.0.14.orig/src/useradd.c 2006-02-07 13:11:46.000000000 +0100
-+++ shadow-4.0.14/src/useradd.c 2006-02-07 13:13:15.000000000 +0100
-@@ -1273,7 +1273,6 @@
- _("%s: cannot rewrite group file\n"), Prog);
- fail_exit (E_GRP_UPDATE);
- }
-- gr_unlock ();
- #ifdef SHADOWGRP
- if (is_shadow_grp && !sgr_close ()) {
- fprintf (stderr,
-@@ -1282,13 +1281,16 @@
- Prog);
- fail_exit (E_GRP_UPDATE);
- }
-- if (is_shadow_grp)
-- sgr_unlock ();
- #endif
- }
- if (is_shadow_pwd)
- spw_unlock ();
- pw_unlock ();
-+ gr_unlock ();
-+#ifdef SHADOWGRP
-+ if (is_shadow_grp)
-+ sgr_unlock ();
-+#endif
- }
-
- /*
Deleted: trunk/debian/patches/437_su_-c_option
===================================================================
--- trunk/debian/patches/437_su_-c_option 2006-03-20 21:28:53 UTC (rev 917)
+++ trunk/debian/patches/437_su_-c_option 2006-03-21 08:58:43 UTC (rev 918)
@@ -1,94 +0,0 @@
-Status wrt upstream: will be in 4.0.15 (committed at 2006-01-07)
-
-Index: shadow-4.0.14/src/su.c
-===================================================================
---- shadow-4.0.14.orig/src/su.c 2006-01-04 22:34:17.000000000 +0100
-+++ shadow-4.0.14/src/su.c 2006-01-04 22:34:46.000000000 +0100
-@@ -274,6 +274,7 @@
- fprintf (stderr, _("Usage: su [options] [login]\n"
- "\n"
- "Options:\n"
-+ " -c, --command COMMAND pass COMMAND to the invoked shell using its -c option\n"
- " -h, --help display this help message and exit\n"
- " -, -l, --login make the shell a login shell\n"
- " -m, -p,\n"
-@@ -304,7 +305,7 @@
- uid_t my_uid;
- struct passwd *pw = 0;
- char **envp = environ;
-- char *shellstr = 0;
-+ char *command = 0, *shellstr = 0;
- char *tmp_name;
-
- #ifdef USE_PAM
-@@ -347,6 +348,7 @@
- int option_index = 0;
- int c;
- static struct option long_options[] = {
-+ {"command", required_argument, NULL, 'c'},
- {"help", no_argument, NULL, 'h'},
- {"login", no_argument, NULL, 'l'},
- {"preserve-environment", no_argument, NULL, 'p'},
-@@ -355,7 +357,7 @@
- };
-
- while ((c =
-- getopt_long (argc, argv, "-hlmps:", long_options,
-+ getopt_long (argc, argv, "-c:hlmps:", long_options,
- &option_index)) != -1) {
- switch (c) {
- case 1:
-@@ -368,6 +370,9 @@
- optind--;
- goto end_su_options;
- break; /* NOT REACHED */
-+ case 'c':
-+ command = optarg;
-+ break;
- case 'h':
- usage ();
- break;
-@@ -449,6 +454,8 @@
- }
-
- doshell = argc == optind; /* any arguments remaining? */
-+ if (command)
-+ doshell = 0;
-
- /*
- * Get the user's real name. The current UID is used to determine
-@@ -868,6 +875,11 @@
- if (!doshell) {
- /* Position argv to the remaining arguments */
- argv += optind;
-+ if (command) {
-+ argv -= 2;
-+ argv[0] = "-c";
-+ argv[1] = command;
-+ }
- /*
- * Use the shell and create an argv
- * with the rest of the command line included.
-Index: shadow-4.0.14/man/su.1.xml
-===================================================================
---- shadow-4.0.14.orig/man/su.1.xml 2006-01-04 22:34:24.000000000 +0100
-+++ shadow-4.0.14/man/su.1.xml 2006-01-04 22:35:38.000000000 +0100
-@@ -82,6 +82,18 @@
- <variablelist remap='IP'>
- <varlistentry>
- <term>
-+ <option>-c</option>, <option>--command</option>
-+ <replaceable>SHELL</replaceable>
-+ </term>
-+ <listitem>
-+ <para>
-+ Specify a command that will be invoked by the shell using its
-+ <option>-c</option>.
-+ </para>
-+ </listitem>
-+ </varlistentry>
-+ <varlistentry>
-+ <term>
- <option>-</option>, <option>-l</option>, <option>--login</option>
- </term>
- <listitem>
Deleted: trunk/debian/patches/459_better_document_useradd_-d
===================================================================
--- trunk/debian/patches/459_better_document_useradd_-d 2006-03-20 21:28:53 UTC (rev 917)
+++ trunk/debian/patches/459_better_document_useradd_-d 2006-03-21 08:58:43 UTC (rev 918)
@@ -1,32 +0,0 @@
-Goal: Better document that -d will not add the user's home directory
- if it does not already exist
-
-Status wrt upstream: will be in 4.0.15 (committed at 2006-01-07)
-
-Fixes: #154996
-
-Index: shadow-4.0.14/man/useradd.8.xml
-===================================================================
---- shadow-4.0.14.orig/man/useradd.8.xml 2006-01-03 08:25:06.117698998 +0100
-+++ shadow-4.0.14/man/useradd.8.xml 2006-01-03 08:25:07.784360617 +0100
-@@ -73,8 +73,8 @@
- The default base directory for the system if <option>-d</option>
- dir is not specified. <replaceable>BASE_DIR</replaceable> is
- concatenated with the account name to define the home directory.
-- If the <option>-m</option> option is not used, base_dir must
-- exist.
-+ If the <option>-m</option> option is not used,
-+ <replaceable>BASE_DIR</replaceable> must exist.
- </para>
- </listitem>
- </varlistentry>
-@@ -90,7 +90,8 @@
- login directory. The default is to append the
- <replaceable>LOGIN</replaceable> name to
- <replaceable>BASE_DIR</replaceable> and use that as the login
-- directory name.
-+ directory name. The directory <replaceable>HOME_DIR</replaceable>
-+ does not have to exist but will not be created if it is missing.
- </para>
- </listitem>
- </varlistentry>
Deleted: trunk/debian/patches/478_nologin.8.xml
===================================================================
--- trunk/debian/patches/478_nologin.8.xml 2006-03-20 21:28:53 UTC (rev 917)
+++ trunk/debian/patches/478_nologin.8.xml 2006-03-21 08:58:43 UTC (rev 918)
@@ -1,120 +0,0 @@
-Status wrt upstream: will be in 4.0.15 (committed at 2006-01-07)
-
-Index: shadow-4.0.14/man/Makefile.am
-===================================================================
---- shadow-4.0.14.orig/man/Makefile.am 2006-01-03 08:23:46.980763965 +0100
-+++ shadow-4.0.14/man/Makefile.am 2006-01-03 08:25:10.219866135 +0100
-@@ -26,6 +26,7 @@
- logoutd.8.xml \
- newgrp.1.xml \
- newusers.8.xml \
-+ nologin.8.xml \
- passwd.1.xml \
- passwd.5.xml \
- porttime.5.xml \
-@@ -67,6 +68,7 @@
- logoutd.8 \
- newgrp.1 \
- newusers.8 \
-+ nologin.8 \
- passwd.1 \
- passwd.5 \
- porttime.5 \
-@@ -175,6 +177,9 @@
- newusers.8: newusers.8.xml
- $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $<
-
-+nologin.8: nologin.8.xml
-+ $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $<
-+
- passwd.1: passwd.1.xml
- $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $<
-
-Index: shadow-4.0.14/man/nologin.8.xml
-===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ shadow-4.0.14/man/nologin.8.xml 2006-01-03 08:25:10.219866135 +0100
-@@ -0,0 +1,83 @@
-+<?xml version="1.0" encoding="UTF-8"?>
-+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
-+ "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
-+<refentry id='newusers.8'>
-+ <!-- $Id: $ -->
-+ <!--
-+ Conversion to XML from the nologin.8 man page distributed by FreeBSD:
-+
-+ Copyright (c) 1993
-+ The Regents of the University of California. All rights reserved.
-+
-+ Redistribution and use in source and binary forms, with or without
-+ modification, are permitted provided that the following conditions
-+ are met:
-+ 1. Redistributions of source code must retain the above copyright
-+ notice, this list of conditions and the following disclaimer.
-+ 2. Redistributions in binary form must reproduce the above copyright
-+ notice, this list of conditions and the following disclaimer in the
-+ documentation and/or other materials provided with the distribution.
-+ 4. Neither the name of the University nor the names of its contributors
-+ may be used to endorse or promote products derived from this software
-+ without specific prior written permission.
-+
-+ THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-+ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-+ ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-+ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-+ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-+ OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-+ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-+ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-+ SUCH DAMAGE.-->
-+ <refmeta>
-+ <refentrytitle>nologin</refentrytitle>
-+ <manvolnum>8</manvolnum>
-+ <refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
-+ </refmeta>
-+ <refnamediv id='name'>
-+ <refname>nologin</refname>
-+ <refpurpose>politely refuse a login</refpurpose>
-+ </refnamediv>
-+ <!-- body begins here -->
-+ <refsynopsisdiv id='synopsis'>
-+ <cmdsynopsis>
-+ <command>nologin</command>
-+ </cmdsynopsis>
-+ </refsynopsisdiv>
-+
-+ <refsect1 id='description'>
-+ <title>DESCRIPTION</title>
-+ <para>
-+ <command>nologin</command> displays a message that an account is not
-+ available and exits non-zero. It is intended as a replacement shell field
-+ for accounts that have been disabled.
-+ </para>
-+ <para>
-+ To disable all logins, investigate
-+ <citerefentry><refentrytitle>nologin</refentrytitle><manvolnum>5</manvolnum>
-+ </citerefentry>.
-+ </para>
-+ </refsect1>
-+
-+ <refsect1 id='see_also'>
-+ <title>SEE ALSO</title>
-+ <para>
-+ <citerefentry>
-+ <refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
-+ </citerefentry>,
-+ <citerefentry>
-+ <refentrytitle>nologin</refentrytitle><manvolnum>5</manvolnum>
-+ </citerefentry>.
-+ </para>
-+ </refsect1>
-+
-+ <refsect1 id='history'>
-+ <title>HYSTORY</title>
-+ <para>
-+ The <command>nologin</command> command appeared in BSD 4.4.
-+ </para>
-+ </refsect1>
-+</refentry>
Deleted: trunk/debian/patches/484_su-p_preserve_PATH
===================================================================
--- trunk/debian/patches/484_su-p_preserve_PATH 2006-03-20 21:28:53 UTC (rev 917)
+++ trunk/debian/patches/484_su-p_preserve_PATH 2006-03-21 08:58:43 UTC (rev 918)
@@ -1,166 +0,0 @@
-Goal: preserve the environment when -p is used and su starts a shell
-Fixes: #347935
-
-When su -p started a shell, some environment variables were not preserved
-(e.g. PATH). Problem was caused by shell() function from libmisc/shell.c
-using global variable "newenvp" for passing environment, while in other
-places global variable "environ" is used/assumed.
-
-Patch replaces shell() calls in su.c with shelle() ones, which explicitly
-pass environment as 3rd parameter.
-
-Status wrt upstream: will be in 4.0.15
-
-Note: On Linux, shell() doesn't provide anything significant. Just an
-execv could be simplier.
-shell/shelle() vs. execv() differences:
-1. exits/returns EINVAL when 1st argument (name of executable) is NULL
-2. when ARGV is NULL, forges argv[0] by prepending "-" to image name
-3. prints "Executing shell ..." message when built with DEBUG
-4. handles non-Linux ENOEXEC
-5. prints "Cannot execute ..." error message when execle() fails
-
-(1) probably isn't possible when calling shell() from su.c -- it's always
-being provided with executable filename.
-
-Index: shadow-4.0.14/src/su.c
-===================================================================
---- shadow-4.0.14.orig/src/su.c 2006-01-16 02:51:03.000000000 +0200
-+++ shadow-4.0.14/src/su.c 2006-01-16 03:23:07.000000000 +0200
-@@ -174,7 +174,8 @@
- * have been applied. Some work was needed to get it integrated into
- * su.c from shadow.
- */
--static void run_shell (const char *shellstr, char *args[], int doshell)
-+static void run_shell (const char *shellstr, char *args[], int doshell,
-+ char *const envp[])
- {
- int child;
- sigset_t ourset;
-@@ -186,9 +187,9 @@
- pam_end (pamh, PAM_SUCCESS);
-
- if (doshell)
-- shell (shellstr, (char *) args[0]);
-+ shelle (shellstr, (char *) args[0], envp);
- else
-- (void) execv (shellstr, (char **) args);
-+ (void) execve (shellstr, (char **) args, envp);
- {
- int exit_status = (errno == ENOENT ? 127 : 126);
-
-@@ -307,6 +308,7 @@
- char **envp = environ;
- char *command = 0, *shellstr = 0;
- char *tmp_name;
-+ int exit_status = 0;
-
- #ifdef USE_PAM
- int ret;
-@@ -904,19 +906,22 @@
- */
- argv[-1] = cp;
- #ifndef USE_PAM
-- (void) execv (shellstr, &argv[-1]);
--#else
-- run_shell (shellstr, &argv[-1], 0);
--#endif
-+ (void) execve (shellstr, &argv[-1], environ);
-+ exit_status = errno == ENOENT ? 127 : 126;
- (void) fprintf (stderr, _("No shell\n"));
- SYSLOG ((LOG_WARN, "Cannot execute %s", shellstr));
- closelog ();
-- exit (1);
-+ exit (exit_status);
-+#else
-+ run_shell (shellstr, &argv[-1], 0, environ); /* no return */
-+#endif
- }
- #ifndef USE_PAM
-- shell (shellstr, cp);
-+ exit_status = shelle (shellstr, cp, environ);
-+ exit_status = exit_status == ENOENT ? 127 : 126;
-+ exit (exit_status);
- #else
-- run_shell (shellstr, &cp, 1);
-+ run_shell (shellstr, &cp, 1, environ);
- #endif
- /* NOT REACHED */
- exit (1);
-Index: shadow-4.0.14/lib/prototypes.h
-===================================================================
---- shadow-4.0.14.orig/lib/prototypes.h 2006-01-16 02:50:22.000000000 +0200
-+++ shadow-4.0.14/lib/prototypes.h 2006-01-16 03:22:27.000000000 +0200
-@@ -150,6 +150,7 @@
-
- /* shell.c */
- extern void shell (const char *, const char *);
-+extern int shelle (const char *, const char *, char *const *);
-
- /* strtoday.c */
- extern long strtoday (const char *);
-Index: shadow-4.0.14/libmisc/shell.c
-===================================================================
---- shadow-4.0.14.orig/libmisc/shell.c 2006-01-16 02:50:22.000000000 +0200
-+++ shadow-4.0.14/libmisc/shell.c 2006-01-16 03:24:12.000000000 +0200
-@@ -38,8 +38,15 @@
- extern char **newenvp;
- extern size_t newenvc;
-
-+/* shell - left here for compatibility (actually being frontend to shelle) */
-+void shell (const char *file, const char *arg) {
-+ int err;
-+ err = shelle (file, arg, newenvp);
-+ if (err) exit (1);
-+}
-+
- /*
-- * shell - execute the named program
-+ * shelle - execute the named program
- *
- * shell begins by trying to figure out what argv[0] is going to
- * be for the named process. The user may pass in that argument,
-@@ -51,13 +58,15 @@
- * the file. If all that fails, give up in disgust ...
- */
-
--void shell (const char *file, const char *arg)
-+int shelle (const char *file, const char *arg, char *const envp[])
- {
- char arg0[1024];
- int err;
-
-- if (file == (char *) 0)
-- exit (1);
-+ if (file == (char *) 0) {
-+ errno = EINVAL;
-+ return errno;
-+ }
-
- /*
- * The argv[0]'th entry is usually the path name, but
-@@ -80,7 +89,7 @@
- * grief.
- */
-
-- execle (file, arg, (char *) 0, newenvp);
-+ execle (file, arg, (char *) 0, envp);
- err = errno;
-
- /* Linux handles #! in the kernel, and bash doesn't make
-@@ -100,7 +109,7 @@
- if (getc (fp) == '#' && getc (fp) == '!') {
- fclose (fp);
- execle ("/bin/sh", "sh",
-- file, (char *) 0, newenvp);
-+ file, (char *) 0, envp);
- err = errno;
- } else {
- fclose (fp);
-@@ -118,5 +127,5 @@
- snprintf (arg0, sizeof arg0, _("Cannot execute %s"), file);
- errno = err;
- perror (arg0);
-- exit (1);
-+ return err;
- }
Deleted: trunk/debian/patches/485_shell-env-exitcodes
===================================================================
--- trunk/debian/patches/485_shell-env-exitcodes 2006-03-20 21:28:53 UTC (rev 917)
+++ trunk/debian/patches/485_shell-env-exitcodes 2006-03-21 08:58:43 UTC (rev 918)
@@ -1,285 +0,0 @@
-Goal: change shell() prototype and introduce E_CMD_{NOEXEC|NOTFOUND}
-
-Status wrt upstream: will be in 4.0.15
-
-Index: shadow-4.0.14/src/sulogin.c
-===================================================================
---- shadow-4.0.14.orig/src/sulogin.c 2006-01-20 22:34:15.000000000 +0200
-+++ shadow-4.0.14/src/sulogin.c 2006-01-20 22:34:53.000000000 +0200
-@@ -39,6 +39,7 @@
- #include "getdef.h"
- #include "prototypes.h"
- #include "pwauth.h"
-+#include "exitcodes.h"
- /*
- * Global variables
- */
-@@ -76,6 +77,7 @@
- char *cp;
- char **envp = environ;
- TERMIO termio;
-+ int err = 0;
-
- #ifdef USE_TERMIO
- ioctl (0, TCGETA, &termio);
-@@ -220,6 +222,8 @@
- #ifdef USE_SYSLOG
- closelog ();
- #endif
-- shell (pwent.pw_shell, (char *) 0); /* exec the shell finally. */
-- /*NOTREACHED*/ return (0);
-+ /* exec the shell finally. */
-+ err = shell (pwent.pw_shell, (char *) 0, environ);
-+ exit (err == ENOENT ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
-+ /*NOTREACHED*/ return (0);
- }
-Index: shadow-4.0.14/lib/exitcodes.h
-===================================================================
---- shadow-4.0.14.orig/lib/exitcodes.h 2006-01-20 22:34:15.000000000 +0200
-+++ shadow-4.0.14/lib/exitcodes.h 2006-01-20 22:34:53.000000000 +0200
-@@ -11,3 +11,5 @@
- #define E_SHADOW_NOTFOUND 15 /* not found shadow password file */
- #define E_GROUP_NOTFOUND 16 /* not found group file */
- #define E_GSHADOW_NOTFOUND 17 /* not found shadow group file */
-+#define E_CMD_NOEXEC 126 /* can't run command/shell */
-+#define E_CMD_NOTFOUND 127 /* can't find command/shell to run */
-Index: shadow-4.0.14/src/login.c
-===================================================================
---- shadow-4.0.14.orig/src/login.c 2006-01-20 22:34:15.000000000 +0200
-+++ shadow-4.0.14/src/login.c 2006-01-20 22:34:53.000000000 +0200
-@@ -47,6 +47,7 @@
- #include "getdef.h"
- #include "prototypes.h"
- #include "pwauth.h"
-+#include "exitcodes.h"
- #ifdef USE_PAM
- #include "pam_defs.h"
-
-@@ -333,6 +334,7 @@
- int flag;
- int subroot = 0;
- int is_console;
-+ int err;
- const char *cp;
- char *tmp;
- char fromhost[512];
-@@ -1151,10 +1153,12 @@
- SYSLOG ((LOG_INFO, "`%s' logged in %s", username, fromhost));
- #endif
- closelog ();
-- if ((tmp = getdef_str ("FAKE_SHELL")) != NULL) {
-- shell (tmp, pwent.pw_shell); /* fake shell */
-- }
-- shell (pwent.pw_shell, (char *) 0); /* exec the shell finally. */
-+ if ((tmp = getdef_str ("FAKE_SHELL")) != NULL)
-+ err = shell (tmp, pwent.pw_shell, newenvp); /* fake shell */
-+ else
-+ /* exec the shell finally */
-+ err = shell (pwent.pw_shell, (char *) 0, newenvp);
-+ exit (err == ENOENT ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
- /* NOT REACHED */
- return 0;
- }
-Index: shadow-4.0.14/src/newgrp.c
-===================================================================
---- shadow-4.0.14.orig/src/newgrp.c 2006-01-20 22:34:15.000000000 +0200
-+++ shadow-4.0.14/src/newgrp.c 2006-01-20 22:34:54.000000000 +0200
-@@ -38,9 +38,11 @@
- #include "defines.h"
- #include "getdef.h"
- #include "prototypes.h"
-+#include "exitcodes.h"
- /*
- * Global variables
- */
-+extern char **newenvp;
- extern char **environ;
-
- #ifdef HAVE_SETGROUPS
-@@ -103,6 +105,7 @@
- int needspasswd = 0;
- int i;
- int cflag = 0;
-+ int err = 0;
- gid_t gid;
- char *cp;
- const char *cpasswd, *name, *prog;
-@@ -556,13 +559,8 @@
- audit_logger (AUDIT_USER_START, Prog, "changing",
- NULL, getuid (), 0);
- #endif
-- if (errno == ENOENT) {
-- perror ("/bin/sh");
-- exit (127);
-- } else {
-- perror ("/bin/sh");
-- exit (126);
-- }
-+ perror ("/bin/sh");
-+ exit (errno == ENOENT ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
- }
-
- /*
-@@ -631,7 +629,8 @@
- * Exec the login shell and go away. We are trying to get back to
- * the previous environment which should be the user's login shell.
- */
-- shell (prog, initflag ? (char *) 0 : cp);
-+ err = shell (prog, initflag ? (char *) 0 : cp, newenvp);
-+ exit (err == ENOENT ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
- /* NOTREACHED */
- failure:
-
-Index: shadow-4.0.14/src/su.c
-===================================================================
---- shadow-4.0.14.orig/src/su.c 2006-01-20 22:34:30.000000000 +0200
-+++ shadow-4.0.14/src/su.c 2006-01-20 22:34:54.000000000 +0200
-@@ -187,14 +187,10 @@
- pam_end (pamh, PAM_SUCCESS);
-
- if (doshell)
-- shelle (shellstr, (char *) args[0], envp);
-+ (void) shell (shellstr, (char *) args[0], envp);
- else
- (void) execve (shellstr, (char **) args, envp);
-- {
-- int exit_status = (errno == ENOENT ? 127 : 126);
--
-- exit (exit_status);
-- }
-+ exit (errno == ENOENT ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
- } else if (child == -1) {
- (void) fprintf (stderr, "%s: Cannot fork user shell\n", Prog);
- SYSLOG ((LOG_WARN, "Cannot execute %s", shellstr));
-@@ -308,11 +304,11 @@
- char **envp = environ;
- char *command = 0, *shellstr = 0;
- char *tmp_name;
-- int exit_status = 0;
-
- #ifdef USE_PAM
- int ret;
- #else /* !USE_PAM */
-+ int err = 0;
- RETSIGTYPE (*oldsig) ();
- int is_console = 0;
-
-@@ -907,19 +903,19 @@
- argv[-1] = cp;
- #ifndef USE_PAM
- (void) execve (shellstr, &argv[-1], environ);
-- exit_status = errno == ENOENT ? 127 : 126;
-+ err = errno;
- (void) fprintf (stderr, _("No shell\n"));
- SYSLOG ((LOG_WARN, "Cannot execute %s", shellstr));
- closelog ();
-- exit (exit_status);
-+ exit (err == ENOENT ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
- #else
-- run_shell (shellstr, &argv[-1], 0, environ); /* no return */
-+ run_shell (shellstr, &argv[-1], 0, environ);
-+ /* no return */
- #endif
- }
- #ifndef USE_PAM
-- exit_status = shelle (shellstr, cp, environ);
-- exit_status = exit_status == ENOENT ? 127 : 126;
-- exit (exit_status);
-+ err = shell (shellstr, cp, environ);
-+ exit (err == ENOENT ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
- #else
- run_shell (shellstr, &cp, 1, environ);
- #endif
-Index: shadow-4.0.14/libmisc/age.c
-===================================================================
---- shadow-4.0.14.orig/libmisc/age.c 2006-01-20 22:34:15.000000000 +0200
-+++ shadow-4.0.14/libmisc/age.c 2006-01-20 22:34:54.000000000 +0200
-@@ -35,6 +35,7 @@
- #include <errno.h>
- #include "prototypes.h"
- #include "defines.h"
-+#include "exitcodes.h"
- #include <pwd.h>
- #include <grp.h>
-
-@@ -125,7 +126,7 @@
- execl (PASSWD_PROGRAM, PASSWD_PROGRAM, pw->pw_name, (char *) 0);
- err = errno;
- perror ("Can't execute " PASSWD_PROGRAM);
-- _exit ((err == ENOENT) ? 127 : 126);
-+ _exit (err == ENOENT ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
- } else if (pid == -1) {
- perror ("fork");
- exit (1);
-Index: shadow-4.0.14/src/userdel.c
-===================================================================
---- shadow-4.0.14.orig/src/userdel.c 2006-01-20 22:34:15.000000000 +0200
-+++ shadow-4.0.14/src/userdel.c 2006-01-20 22:34:54.000000000 +0200
-@@ -51,6 +51,7 @@
- #include "pwauth.h"
- #include "pwio.h"
- #include "shadowio.h"
-+#include "exitcodes.h"
- #ifdef SHADOWGRP
- #include "sgroupio.h"
- #endif
-@@ -512,13 +513,8 @@
- pid = fork ();
- if (pid == 0) {
- execl (cmd, cmd, user, (char *) 0);
-- if (errno == ENOENT) {
-- perror (cmd);
-- _exit (127);
-- } else {
-- perror (cmd);
-- _exit (126);
-- }
-+ perror (cmd);
-+ _exit (errno == ENOENT ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
- } else if (pid == -1) {
- perror ("fork");
- return;
-Index: shadow-4.0.14/lib/prototypes.h
-===================================================================
---- shadow-4.0.14.orig/lib/prototypes.h 2006-01-20 22:34:30.000000000 +0200
-+++ shadow-4.0.14/lib/prototypes.h 2006-01-20 22:35:15.000000000 +0200
-@@ -149,8 +149,7 @@
- extern void setup_env (struct passwd *);
-
- /* shell.c */
--extern void shell (const char *, const char *);
--extern int shelle (const char *, const char *, char *const *);
-+extern int shell (const char *, const char *, char *const *);
-
- /* strtoday.c */
- extern long strtoday (const char *);
-Index: shadow-4.0.14/libmisc/shell.c
-===================================================================
---- shadow-4.0.14.orig/libmisc/shell.c 2006-01-20 22:34:30.000000000 +0200
-+++ shadow-4.0.14/libmisc/shell.c 2006-01-20 22:35:30.000000000 +0200
-@@ -38,15 +38,8 @@
- extern char **newenvp;
- extern size_t newenvc;
-
--/* shell - left here for compatibility (actually being frontend to shelle) */
--void shell (const char *file, const char *arg) {
-- int err;
-- err = shelle (file, arg, newenvp);
-- if (err) exit (1);
--}
--
- /*
-- * shelle - execute the named program
-+ * shell - execute the named program
- *
- * shell begins by trying to figure out what argv[0] is going to
- * be for the named process. The user may pass in that argument,
-@@ -58,7 +51,7 @@
- * the file. If all that fails, give up in disgust ...
- */
-
--int shelle (const char *file, const char *arg, char *const envp[])
-+int shell (const char *file, const char *arg, char *const envp[])
- {
- char arg0[1024];
- int err;
Deleted: trunk/debian/patches/489_useradd_allow_non_uniq_uid
===================================================================
--- trunk/debian/patches/489_useradd_allow_non_uniq_uid 2006-03-20 21:28:53 UTC (rev 917)
+++ trunk/debian/patches/489_useradd_allow_non_uniq_uid 2006-03-21 08:58:43 UTC (rev 918)
@@ -1,27 +0,0 @@
-Goal: allow non-unique UID
-
-Fixes: #351281
-
-Status wrt upstream: fixed in 4.0.15
-
-Index: shadow-4.0.14/src/useradd.c
-===================================================================
---- shadow-4.0.14.orig/src/useradd.c 2006-01-24 01:13:37.000000000 +0100
-+++ shadow-4.0.14/src/useradd.c 2006-02-04 13:56:09.000000000 +0100
-@@ -1757,10 +1757,12 @@
- */
- open_files ();
-
-- /* first, seek for a valid uid to use for this user.
-- * We do this because later we can use the uid we found as
-- * gid too ... --gafton */
-- find_new_uid ();
-+ if (!oflg){
-+ /* first, seek for a valid uid to use for this user.
-+ * We do this because later we can use the uid we found as
-+ * gid too ... --gafton */
-+ find_new_uid ();
-+ }
-
- /* do we have to add a group for that user? This is why we need to
- * open the group files in the open_files() function --gafton */
Deleted: trunk/debian/patches/493_selinux_no_proc
===================================================================
--- trunk/debian/patches/493_selinux_no_proc 2006-03-20 21:28:53 UTC (rev 917)
+++ trunk/debian/patches/493_selinux_no_proc 2006-03-21 08:58:43 UTC (rev 918)
@@ -1,85 +0,0 @@
-Goal: Do not fail if /proc is not mounted
- (passwd, chfn, chage, chsh)
-
-Fixes: #352494, #353562
-
-Note: It works on non-SELinux systems, and when /proc is not mounted.
- I don't know if it works on SELinux systems.
-
- IMHO, the following should be tested:
- * try to use chage on another user's account
- * try to use chfn on another user's account
- * try to use chsh on another user's account
- * try to chnage the password of another user's account
-
- In the following cases:
- + from an UID=0 account without SELinux permission
- + from an UID!=0 account with SELinux permission
- + from an UID=0 account with SELinux permission
- + from an UID!=0 account with SELinux permission
-
- (only the two laters should be permitted)
-
-The "with SELinux permission" probably means passwd, chfn, chsh or rootok
-in an SELinux policy.
-
-Status wrt to upstream: Will be in 4.0.15
-
-Index: shadow-4.0.14/src/chage.c
-===================================================================
---- shadow-4.0.14.orig/src/chage.c 2006-02-20 20:49:21.000000000 +0100
-+++ shadow-4.0.14/src/chage.c 2006-02-20 20:49:22.000000000 +0100
-@@ -361,11 +361,10 @@
- textdomain (PACKAGE);
-
- ruid = getuid ();
--#ifdef WITH_SELINUX
-- amroot = (ruid == 0
-- && selinux_check_passwd_access (PASSWD__ROOTOK) == 0);
--#else
- amroot = (ruid == 0);
-+#ifdef WITH_SELINUX
-+ if (amroot && is_selinux_enabled () > 0)
-+ amroot = (selinux_check_passwd_access (PASSWD__ROOTOK) == 0);
- #endif
-
- /*
-Index: shadow-4.0.14/src/chfn.c
-===================================================================
---- shadow-4.0.14.orig/src/chfn.c 2006-02-20 20:49:21.000000000 +0100
-+++ shadow-4.0.14/src/chfn.c 2006-02-20 20:49:22.000000000 +0100
-@@ -378,6 +378,7 @@
- * check if the change is allowed by SELinux policy.
- */
- if ((pw->pw_uid != getuid ())
-+ && (is_selinux_enabled () > 0)
- && (selinux_check_passwd_access (PASSWD__CHFN) != 0)) {
- fprintf (stderr, _("%s: Permission denied.\n"), Prog);
- closelog ();
-Index: shadow-4.0.14/src/chsh.c
-===================================================================
---- shadow-4.0.14.orig/src/chsh.c 2006-02-20 20:49:21.000000000 +0100
-+++ shadow-4.0.14/src/chsh.c 2006-02-20 20:49:22.000000000 +0100
-@@ -304,6 +304,7 @@
- * check if the change is allowed by SELinux policy.
- */
- if ((pw->pw_uid != getuid ())
-+ && (is_selinux_enabled () > 0)
- && (selinux_check_passwd_access (PASSWD__CHSH) != 0)) {
- SYSLOG ((LOG_WARN, "can't change shell for `%s'", user));
- closelog ();
-Index: shadow-4.0.14/src/passwd.c
-===================================================================
---- shadow-4.0.14.orig/src/passwd.c 2006-02-20 20:49:21.000000000 +0100
-+++ shadow-4.0.14/src/passwd.c 2006-02-21 23:49:02.000000000 +0100
-@@ -802,7 +802,9 @@
- * check if the change is allowed by SELinux policy.
- */
- if ((pw->pw_uid != getuid ())
-- && (selinux_check_passwd_access (PASSWD__PASSWD) != 0)) {
-+ && (is_selinux_enabled () > 0 ?
-+ (selinux_check_passwd_access (PASSWD__PASSWD) != 0) :
-+ !amroot)) {
- #else
- /*
- * If the UID of the user does not match the current real UID,
Deleted: trunk/debian/patches/999-2_build_using_cdbs
===================================================================
--- trunk/debian/patches/999-2_build_using_cdbs 2006-03-20 21:28:53 UTC (rev 917)
+++ trunk/debian/patches/999-2_build_using_cdbs 2006-03-21 08:58:43 UTC (rev 918)
@@ -1,259 +0,0 @@
-Index: shadow-4.0.14/debian/rules
-===================================================================
---- shadow-4.0.14.orig/debian/rules 2006-01-09 07:14:08.642796673 +0100
-+++ shadow-4.0.14/debian/rules 2006-01-09 07:26:16.505068103 +0100
-@@ -1,105 +1,49 @@
- #!/usr/bin/make -f
-+# -*- mode: makefile; coding: utf-8 -*-
-
--# This is the debhelper compatibility version to use.
--export DH_COMPAT=4
--
--CFLAGS = -g -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
--ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
-- CFLAGS += -O0
--else
-- CFLAGS += -O2
--endif
--export CFLAGS
--
--config_options := --disable-shared --without-libcrack --mandir=/usr/share/man --with-libpam --enable-shadowgrp --enable-man --without-selinux
-+include /usr/share/cdbs/1/rules/debhelper.mk
-+# Specify where dh_install will find the files that it needs to move:
-+DEB_DH_INSTALL_SOURCEDIR=debian/tmp
-+DH_COMPAT = 4
-+
-+include /usr/share/cdbs/1/class/autotools.mk
-+# Automatically update autoconf, etc.
-+DEB_AUTO_UPDATE_ACLOCAL = 1.7
-+DEB_AUTO_UPDATE_AUTOCONF = 1.7
-+DEB_AUTO_UPDATE_AUTOMAKE = 1.7
-
--DEB_HOST_ARCH_OS := $(shell dpkg-architecture -qDEB_HOST_ARCH_OS)
--DEB_BUILD_GNU_TYPE = $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
--DEB_HOST_GNU_TYPE = $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
-+# Adds extra options when calling the configure script:
-+DEB_CONFIGURE_EXTRA_FLAGS := --disable-shared --without-libcrack --mandir=/usr/share/man --with-libpam --enable-shadowgrp
- ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
-- config_options += --host=$(DEB_HOST_GNU_TYPE)
-+ DEB_CONFIGURE_EXTRA_FLAGS += --host=$(DEB_HOST_GNU_TYPE)
- endif
-
--# see /usr/share/doc/autotools-dev/README.Debian.gz
--export DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
--export DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
-+# Automatically controls patching at build time:
-+include /usr/share/cdbs/1/rules/patchsys-quilt.mk
-
--# FOR AUTOCONF 2.52 AND NEWER ONLY
--ifeq ($(DEB_BUILD_GNU_TYPE), $(DEB_HOST_GNU_TYPE))
-- confflags += --build $(DEB_HOST_GNU_TYPE)
-+CFLAGS = -g -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
-+ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
-+ CFLAGS += -O0
- else
-- confflags += --build $(DEB_BUILD_GNU_TYPE) --host $(DEB_HOST_GNU_TYPE)
-+ CFLAGS += -O2
- endif
-+export CFLAGS
-
--# The autotools target adds forced build-time dependencies on
--# autotools-dev (for /usr/share/misc/config.*) and devscripts (for dch)
--# It's also a .PHONY make target.
--autotools:
-- chmod u+x config.sub
-- chmod u+x config.guess
-- OLDDATESUB=`./config.sub -t | tr -d -` ;\
-- OLDDATEGUESS=`./config.guess -t | tr -d -` ;\
-- NEWDATESUB=`/usr/share/misc/config.sub -t | tr -d -` ;\
-- NEWDATEGUESS=`/usr/share/misc/config.guess -t | tr -d -` ;\
-- if [ $$OLDDATESUB -lt $$NEWDATESUB -o \
-- $$OLDDATEGUESS -lt $$NEWDATEGUESS ]; then \
-- cp -f /usr/share/misc/config.sub config.sub ;\
-- cp -f /usr/share/misc/config.guess config.guess ;\
-- echo WARNING: GNU config scripts updated from master copies 1>&2 ;\
-- fi
--
--configure-stamp: patch autotools
-- dh_testdir
-- touch configure-stamp
--
--
--build: configure-stamp build-stamp
--build-stamp:
-- dh_testdir
-- aclocal-1.7
-- autoconf
-- automake-1.7
-- ./configure $(config_options)
-- $(MAKE)
-- touch build-stamp
--
--install: install-stamp
--install-stamp: build-stamp
-- dh_testdir
-- dh_testroot
-- rm -rf debian/tmp
-- mkdir debian/tmp
-- $(MAKE) DESTDIR=$$(pwd)/debian/tmp install
-- /bin/sh ./debian/recode_manpages.sh
-- touch install-stamp
--
--clean: clean-patched unpatch
--
--clean-patched: autotools
-- rm -f build-stamp install-stamp configure-stamp
-- $(checkdir)
-- -$(MAKE) distclean
-- dh_clean
-- rm -rf debian/tmp debian/login debian/passwd
-- rm -f build install debian/*~ debian/substvars # debian/files*
-- # Thanks, lintian
-- rm -f config.log
--
--binary-indep:
--
--binary-arch: build install
-- dh_testdir
-- dh_testroot
-- dh_install -Xlogin.defs --sourcedir debian/tmp
-+# Add extras to the install process:
-+binary-install/login::
-+ dh_installpam -p login
-+ install -c -m 444 debian/login.defs debian/login/etc/login.defs
-+ install -c -m 444 debian/securetty.$(DEB_HOST_ARCH_OS) debian/login/etc/securetty
-+ # Lintian and Linda overrides
-+ install -c -m 444 debian/login.lintian-overrides debian/login/usr/share/lintian/overrides/login
-+ install -c -m 444 debian/login.linda-overrides debian/login/usr/share/linda/overrides/login
- ifeq ($(DEB_HOST_ARCH_OS),hurd)
-- dh_install -p passwd --sourcedir debian/tmp/ --autodest \
-- usr/share/man{/*,}/man5/login.defs.5
-+ install -c -m 444 debian/login.defs debian/passwd/etc/login.defs
- else
-- dh_install -p login --sourcedir debian/tmp/ --autodest \
-- usr/share/man{/*,}/man5/login.defs.5
-+ install -c -m 444 debian/login.defs debian/login/etc/login.defs
- endif
-- dh_installdirs
-- dh_link
-+
-+binary-install/passwd::
- # Bug #288106. This used to be renamed to limits.conf.5
- # but does not reflect what we do in Debian
- # so we'd better forget about that man page
-@@ -111,57 +55,33 @@
- # Distribute the pam.d files; unless for the commands with disabled PAM
- # support (see patch 404_undef_USE_PAM.dpatch)
- dh_installpam -p passwd --name=passwd
--# dh_installpam -p passwd --name=chage
- dh_installpam -p passwd --name=chfn
- dh_installpam -p passwd --name=chsh
--# dh_installpam -p passwd --name=useradd
--# dh_installpam -p passwd --name=userdel
--# dh_installpam -p passwd --name=usermod
--# dh_installpam -p passwd --name=groupadd
--# dh_installpam -p passwd --name=groupdel
--# dh_installpam -p passwd --name=groupmod
--# dh_installpam -p passwd --name=newusers
-- dh_installpam -p login
-- dh_installpam -p login --name=su
- ifeq ($(DEB_HOST_ARCH_OS),hurd)
- install -c -m 444 debian/login.defs debian/passwd/etc/login.defs
--else
-- install -c -m 444 debian/login.defs debian/login/etc/login.defs
- endif
-- install -c -m 444 debian/securetty.$(DEB_HOST_ARCH_OS) debian/login/etc/securetty
- install -c -m 644 debian/useradd.default debian/passwd/etc/default/useradd
- install -d debian/passwd/sbin
- install -c -m 555 debian/shadowconfig.sh debian/passwd/sbin/shadowconfig
- install -c -m 444 debian/cpgr.8 debian/passwd/usr/share/man/man8
- install -c -m 444 debian/cppw.8 debian/passwd/usr/share/man/man8
- # Lintian overrides files
-- install -c -m 444 debian/login.lintian-overrides debian/login/usr/share/lintian/overrides/login
- install -c -m 444 debian/passwd.lintian-overrides debian/passwd/usr/share/lintian/overrides/passwd
- # Linda overrides files
-- install -c -m 444 debian/login.linda-overrides debian/login/usr/share/linda/overrides/login
- install -c -m 444 debian/passwd.linda-overrides debian/passwd/usr/share/linda/overrides/passwd
-
-- dh_installdocs -A NEWS
-- dh_installexamples
-- dh_compress
-- dh_installchangelogs ChangeLog
-- dh_fixperms
-- chmod u+s debian/passwd/usr/bin/chfn
-- chmod u+s debian/passwd/usr/bin/chsh
-- chmod u+s debian/passwd/usr/bin/gpasswd
-- chmod u+s debian/passwd/usr/bin/passwd
-+binary-install/login::
-+ifeq ($(DEB_HOST_ARCH_OS),hurd)
-+ install -c -m 444 debian/login.defs debian/passwd/etc/login.defs
-+else
-+ install -c -m 444 debian/login.defs debian/login/etc/login.defs
-+endif
-+
-+binary-predeb/login::
- # No real need for login to be setuid root
- # chmod u+s debian/login/bin/login
- chmod u+s debian/login/bin/su
- chmod u+s debian/login/usr/bin/newgrp
-- chgrp shadow debian/passwd/usr/bin/chage
-- chgrp shadow debian/passwd/usr/bin/expiry
-- chmod g+s debian/passwd/usr/bin/chage
-- chmod g+s debian/passwd/usr/bin/expiry
-- dh_strip
-- dh_compress
-- dh_shlibdeps
-- dh_installdebconf
- ifeq ($(DEB_HOST_ARCH_OS),hurd)
- echo "loginpam=login, libpam-modules (>= 0.72-5)" >> debian/passwd.substvars
- dh_installdeb -Nlogin
-@@ -170,40 +90,14 @@
- dh_builddeb -Nlogin
- else
- echo "loginpam=login (>= 970502-1), libpam-modules (>= 0.72-5)" >> debian/passwd.substvars
-- dh_installdeb
-- dh_gencontrol
-- dh_md5sums
-- dh_builddeb
- endif
-
--binary: binary-indep binary-arch
--
--.PHONY: autotools build clean checkroot binary-indep binary-arch patch unpatch
--
--
--
--####
--#### The following is the exact content of /usr/share/quilt/quilt.make
--#### but this file was added only in "quilt (<= 0.40)", which is not in sarge.
--#### If we do build-dep on this version one day, we could remplace this by:
--#### include /usr/share/quilt/quilt.make
--#### But I prefer to keep buildable in sarge for now.
--####
--
--# QUILT_STAMPFN: stamp file to use
--QUILT_STAMPFN ?= stamp-patched
--
--# QUILT_PATCH_DIR: where the patches live
--QUILT_PATCH_DIR ?= debian/patches
--
--patch: $(QUILT_STAMPFN)
--$(QUILT_STAMPFN):
-- # quilt exits with 2 as return when there was nothing to do.
-- # That's not an error here (but it's usefull to break loops in crude scripts)
-- QUILT_PATCHES=$(QUILT_PATCH_DIR) quilt push -a || test $$? = 2
-- touch debian/$(QUILT_STAMPFN)
--
--unpatch:
-- QUILT_PATCHES=$(QUILT_PATCH_DIR) quilt pop -a -R || test $$? = 2
-- rm -rf .pc debian/$(QUILT_STAMPFN)
--
-+binary-predeb/passwd::
-+ chmod u+s debian/passwd/usr/bin/chfn
-+ chmod u+s debian/passwd/usr/bin/chsh
-+ chmod u+s debian/passwd/usr/bin/gpasswd
-+ chmod u+s debian/passwd/usr/bin/passwd
-+ chgrp shadow debian/passwd/usr/bin/chage
-+ chgrp shadow debian/passwd/usr/bin/expiry
-+ chmod g+s debian/passwd/usr/bin/chage
-+ chmod g+s debian/passwd/usr/bin/expiry
More information about the Pkg-shadow-commits
mailing list