[Pkg-shadow-commits] r2338 - in debian/trunk: . debian debian/patches
nekral-guest at alioth.debian.org
nekral-guest at alioth.debian.org
Sun Aug 31 19:16:54 UTC 2008
Author: nekral-guest
Date: 2008-08-31 19:16:54 +0000 (Sun, 31 Aug 2008)
New Revision: 2338
Added:
debian/trunk/debian/README.source
debian/trunk/debian/patches/200_Czech_binary_translation
debian/trunk/debian/patches/300_SHA_crypt_method
debian/trunk/debian/patches/301_manpages_missing_options
debian/trunk/debian/patches/302_remove_non_translated_polish_manpages
debian/trunk/debian/patches/302_vim_selinux_support
debian/trunk/debian/patches/494_passwd_lock-no_account_lock
Modified:
debian/trunk/Makefile
debian/trunk/debian/changelog
debian/trunk/debian/control
debian/trunk/debian/login.defs
debian/trunk/debian/login.pam
debian/trunk/debian/patches/008_su_get_PAM_username
debian/trunk/debian/patches/406_vipw_resume_properly
debian/trunk/debian/patches/414_remove-unwise-advices
debian/trunk/debian/patches/434_login_stop_checking_args_after--
debian/trunk/debian/patches/487_passwd_chauthtok_failed_message
debian/trunk/debian/patches/491_configure.in_friendly_selinux_detection
debian/trunk/debian/patches/506_relaxed_usernames
debian/trunk/debian/patches/507_32char_grnames.dpatch
debian/trunk/debian/patches/series
debian/trunk/debian/securetty.linux
Log:
Merge changes from the lenny branch:
svn merge svn://svn.debian.org/svn/pkg-shadow/debian/branches/lenny@2000 svn//svn.debian.org/svn/pkg-shadow/debian/branches/lenny at 2271 svn://svn.debian.org/svn/pkg-shadow/debian/trunk
Previous changes moved to 4.1.2-1 (experimental).
Modified: debian/trunk/Makefile
===================================================================
--- debian/trunk/Makefile 2008-08-31 17:41:03 UTC (rev 2337)
+++ debian/trunk/Makefile 2008-08-31 19:16:54 UTC (rev 2338)
@@ -6,7 +6,7 @@
include /usr/share/quilt/quilt.debbuild.mk
check_cheese:
- @dpkg-parsechangelog | grep -q "\* The \".*\" release\." || { \
+ @dpkg-parsechangelog | grep -q "\* The \".*\".* release\." || { \
echo ""; \
echo " ** **"; \
echo " ** Warning: not a cheesy release! **"; \
Copied: debian/trunk/debian/README.source (from rev 2271, debian/branches/lenny/debian/README.source)
===================================================================
--- debian/trunk/debian/README.source (rev 0)
+++ debian/trunk/debian/README.source 2008-08-31 19:16:54 UTC (rev 2338)
@@ -0,0 +1,17 @@
+This package uses quilt to patch the upstream source.
+
+You can find some info on how to generate the patched source, add a new
+modification, and remove an existing modification on:
+ /usr/share/doc/quilt/README.source
+
+================================================================================
+
+To package a new upstream release, you can use the Makefile:
+ svn://svn.debian.org/svn/pkg-shadow/debian/trunk/Makefile
+
+================================================================================
+
+A testsuite is also available. Instruction on how to run this testsuite
+are available on:
+ svn://svn.debian.org/svn/pkg-shadow/debian/trunk/tests/README
+
Modified: debian/trunk/debian/changelog
===================================================================
--- debian/trunk/debian/changelog 2008-08-31 17:41:03 UTC (rev 2337)
+++ debian/trunk/debian/changelog 2008-08-31 19:16:54 UTC (rev 2338)
@@ -1,6 +1,6 @@
-shadow (1:4.1.1-2) UNRELEASED; urgency=low
+shadow (1:4.1.2-1) experimental; urgency=low
- * The "Brie de Meaux" and "Brie de Melun" double cheese release.
+ * The "" release.
* debian/control: changed the "Replaces" on manpages-zh to a versioned
one on 1.5.1-1
* debian/control: drop all Replaces on manpages-* when the version is
@@ -12,6 +12,83 @@
-- Christian Perrier <bubulle at debian.org> Mon, 07 Apr 2008 23:00:26 +0200
+shadow (1:4.1.1-4) unstable; urgency=low
+
+ * The "Rocamadour" release.
+ * debian/patches/302_remove_non_translated_polish_manpages,
+ debian/patches/series: Remove the (untranslated) su.1 and login.1 polish
+ translation. Closes: #491460
+ * debian/patches/506_relaxed_usernames: Document that the naming policy is
+ also used for the group names policy. Differentiate the Debian
+ constraints in a separate paragraph. Added documentation of the username
+ length restriction. Closes: #493230
+ * debian/patches/507_32char_grnames.dpatch: Update the documentation of the
+ group length restriction. Closes: #493230
+ * debian/login.pam: Replace the "multiple" option of pam_selinux by
+ "select_context". This requires PAM 1.0.1, but is commented.
+ Closes: #493181
+ * debian/patches/494_passwd_lock-no_account_lock: Fix typo (missing
+ parenthesis). Thanks to Moray Allan.
+
+ -- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net> Fri, 15 Aug 2008 12:36:15 -0300
+
+shadow (1:4.1.1-3) unstable; urgency=low
+
+ * The "Morbier" release.
+ * debian/patches/302_vim_selinux_support: Add SE Linux support to vipw/vigr.
+ Thanks to Russell Coker. Closes: #491907
+ * debian/patches/494_passwd_lock-no_account_lock: Restore the previous
+ behavior of passwd -l (which changed in #389183): only lock the user's
+ password, not the user's account. Also explicitly document the
+ differences. This restores a behavior common with the previous versions of
+ passwd and with other implementations. Closes: #492307
+ * debian/patches/494_passwd_lock-no_account_lock: Add a reference to
+ usermod(8) in passwd(1). Closes: #412234
+ * debian/login.pam: Enforce a fail delay to avoid login brute-force.
+ Closes: #443322
+ * debian/login.pam: Indicate why the pam_securetty module is used as a
+ requisite module and mentions the possible drawbacks. Closes: #482352
+ * debian/login.defs: Do not mention the libpam-umask package (the module is
+ now provided by libpam-modules). Closes: #492410
+ * debian/patches/200_Czech_binary_translation: Updated Czech translation.
+ Thanks to Miroslav Kure. Closes: #482823
+ * debian/securetty.linux: Add the PA-RISC mux ports (ttyB0, ttyB1).
+ Closes: #488515
+
+ -- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net> Sat, 26 Jul 2008 10:12:46 +0200
+
+shadow (1:4.1.1-2) unstable; urgency=low
+
+ * The "Brie de Meaux" and "Brie de Melun" double cheese release.
+ * Backported patches from upstream
+ - debian/patches/300_SHA_crypt_method:
+ This fixes bugs in the SHA encryption method that force the salt to have
+ 8 bytes (instead of a random length between 8 and 16 bytes), and force
+ the number of SHA rounds to be equal to the lowest limit (at least 1000
+ SHA rounds).
+ - debian/patches/301_manpages_missing_options:
+ This add the missing documentation of options in useradd, groupadd, and
+ newusers.
+ * Tag patches already applied upstream
+ - debian/patches/487_passwd_chauthtok_failed_message
+ - debian/patches/406_vipw_resume_properly
+ - debian/patches/008_su_get_PAM_username
+ - debian/patches/491_configure.in_friendly_selinux_detection
+ - debian/patches/434_login_stop_checking_args_after--
+ - debian/patches/414_remove-unwise-advices
+ * Added description of new variables in /etc/login.defs:
+ - SYS_UID_MIN, SYS_UID_MAX, SYS_GID_MIN, SYS_GID_MAX
+ - ENCRYPT_METHOD
+ - SHA_CRYPT_MIN_ROUNDS, SHA_CRYPT_MAX_ROUNDS
+ * New Debian Policy:
+ - debian/control: Bump Standards-Version to 3.8.0 (no changes needed).
+ - debian/README.source: Document how to patch the upstream source, how to
+ use quilt, how to package a new upstream and how to use the testsuite.
+ * debian/patches/505_useradd_recommend_adduser: Fix typo: userdel is used to
+ remove an user, not to add one. Closes: #475795
+
+ -- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net> Fri, 13 Jun 2008 01:27:16 +0200
+
shadow (1:4.1.1-1) unstable; urgency=low
* New upstream release. This closes the following bugs:
Modified: debian/trunk/debian/control
===================================================================
--- debian/trunk/debian/control 2008-08-31 17:41:03 UTC (rev 2337)
+++ debian/trunk/debian/control 2008-08-31 19:16:54 UTC (rev 2338)
@@ -2,7 +2,7 @@
Section: admin
Priority: required
Maintainer: Shadow package maintainers <pkg-shadow-devel at lists.alioth.debian.org>
-Standards-Version: 3.7.3.0
+Standards-Version: 3.8.0
Uploaders: Christian Perrier <bubulle at debian.org>, Martin Quinson <mquinson at debian.org>, Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net>
Build-Depends: autoconf, automake1.9, libtool, gettext, libpam0g-dev, debhelper (>= 5.0.0), quilt, dpkg-dev (>= 1.13.5), xsltproc, docbook-xsl, docbook-xml, libxml2-utils, cdbs, libselinux1-dev [!hurd-i386 !kfreebsd-i386 !kfreebsd-amd64], gnome-doc-utils (>= 0.4.3-1)
Vcs-Svn: svn://svn.debian.org/svn/pkg-shadow/debian/trunk
Modified: debian/trunk/debian/login.defs
===================================================================
--- debian/trunk/debian/login.defs 2008-08-31 17:41:03 UTC (rev 2337)
+++ debian/trunk/debian/login.defs 2008-08-31 19:16:54 UTC (rev 2338)
@@ -140,8 +140,8 @@
# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
# user and alike.
#
-# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
-# as the solution which catches all these cases on PAM-enabled systems.
+# Therefore the use of pam_umask is recommended as the solution which
+# catches all these cases on PAM-enabled systems.
#
# This avoids the confusion created by having the umask set
# in two different places -- in login.defs and shell rc files (i.e.
@@ -176,12 +176,18 @@
#
UID_MIN 1000
UID_MAX 60000
+# System accounts
+#SYS_UID_MIN 100
+#SYS_UID_MAX 999
#
# Min/max values for automatic gid selection in groupadd
#
GID_MIN 100
GID_MAX 60000
+# System accounts
+#SYS_GID_MIN 100
+#SYS_GID_MAX 999
#
# Max number of login retries if password is bad. This will most likely be
@@ -266,8 +272,38 @@
#
# This variable is used by chpasswd, gpasswd and newusers.
#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
#MD5_CRYPT_ENAB no
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
################# OBSOLETED BY PAM ##############
# #
# These options are now handled by PAM. Please #
Modified: debian/trunk/debian/login.pam
===================================================================
--- debian/trunk/debian/login.pam 2008-08-31 17:41:03 UTC (rev 2337)
+++ debian/trunk/debian/login.pam 2008-08-31 19:16:54 UTC (rev 2338)
@@ -2,12 +2,24 @@
# The PAM configuration file for the Shadow `login' service
#
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth optional pam_faildelay.so delay=3000000
+
# Outputs an issue file prior to each login prompt (Replaces the
# ISSUE_FILE option from login.defs). Uncomment for use
# auth required pam_issue.so issue=/etc/issue
# Disallows root logins except on tty's listed in /etc/securetty
# (Replaces the `CONSOLE' setting from login.defs)
+# Note that it is included as a "requisite" module. No password prompts will
+# be displayed if this module fails to avoid having the root password
+# transmitted on unsecure ttys.
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root).
auth requisite pam_securetty.so
# Disallows other than root logins when /etc/nologin exists
@@ -69,7 +81,7 @@
# SELinux needs to intervene at login time to ensure that the process
# starts in the proper default security context.
# Uncomment the following line to enable SELinux
-# session required pam_selinux.so multiple
+# session required pam_selinux.so select_context
# Standard Un*x account and session
@include common-account
Modified: debian/trunk/debian/patches/008_su_get_PAM_username
===================================================================
--- debian/trunk/debian/patches/008_su_get_PAM_username 2008-08-31 17:41:03 UTC (rev 2337)
+++ debian/trunk/debian/patches/008_su_get_PAM_username 2008-08-31 19:16:54 UTC (rev 2338)
@@ -1,10 +1,23 @@
-Goal: ???
+Goal: Retrieve the PAM username in case a module changed the PAM_USER
+ item.
-Notes:
- * It still needs more investigation.
- I don't know what this patch is used for. IMO, the user name is
- already known before calling pam_get_item(pamh, PAM_USER, ...)
+According to Linux-PAM_ADG:
+ * Note, modules can change the values of PAM_USER and PAM_RUSER during
+ any of the pam_*() library calls. For this reason, the application
+ should take care to use the pam_get_item() every time it wishes to
+ establish who the authenticated user is (or will currently be).
+PAM_USER description:
+
+ The username of the entity under whose identity service will be given. That
+ is, following authentication, PAM_USER identifies the local entity that
+ gets to use the service. Note, this value can be mapped from something
+ (eg., "anonymous") to something else (eg. "guest119") by any module in the
+ PAM stack. As such an application should consult the value of PAM_USER
+ after each call to a PAM function.
+
+See also: https://www.redhat.com/archives/pam-list/2008-May/msg00009.html
+
Index: shadow-4.1.0/src/su.c
===================================================================
--- shadow-4.1.0.orig/src/su.c
Copied: debian/trunk/debian/patches/200_Czech_binary_translation (from rev 2271, debian/branches/lenny/debian/patches/200_Czech_binary_translation)
===================================================================
--- debian/trunk/debian/patches/200_Czech_binary_translation (rev 0)
+++ debian/trunk/debian/patches/200_Czech_binary_translation 2008-08-31 19:16:54 UTC (rev 2338)
@@ -0,0 +1,822 @@
+Goal: Update the Czech translation of the shadow programs
+
+Fixes: #482823
+
+Status wrt upstream: Still not applied.
+
+Index: shadow-4.1.1/po/cs.po
+===================================================================
+--- shadow-4.1.1.orig/po/cs.po 2008-07-26 10:17:10.268439506 +0200
++++ shadow-4.1.1/po/cs.po 2008-07-26 10:17:33.285941161 +0200
+@@ -1,13 +1,13 @@
+ # Czech translation of shadow-utils.
+ # Jiří Pavlovský <pavlovsk at ff.cuni.cz>, 1999-2000
+-# Miroslav Kuře <kurem at debian.cz>, 2004-2006
++# Miroslav Kuře <kurem at debian.cz>, 2004-2008
+ #
+ msgid ""
+ msgstr ""
+ "Project-Id-Version: shadow 4.0.18\n"
+ "Report-Msgid-Bugs-To: pkg-shadow-devel at lists.alioth.debian.org\n"
+-"POT-Creation-Date: 2008-04-03 00:42+0200\n"
+-"PO-Revision-Date: 2007-11-24 18:00+0100\n"
++"POT-Creation-Date: 2008-03-18 00:08+0100\n"
++"PO-Revision-Date: 2008-05-25 12:30+0200\n"
+ "Last-Translator: Miroslav Kure <kurem at debian.cz>\n"
+ "Language-Team: Czech <debian-l10n-czech at lists.debian.org>\n"
+ "MIME-Version: 1.0\n"
+@@ -20,10 +20,12 @@
+ msgid ""
+ "Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"
+ msgstr ""
++"Zjištěno několik záznamů pojmenovaných „%s“ v souboru %s. Napravte to prosím "
++"pomocí pwck nebo grpck.\n"
+
+ #, c-format
+ msgid "crypt method not supported by libcrypt? (%s)\n"
+-msgstr ""
++msgstr "typ šifry není knihovnou libcrypt podporován? (%s)\n"
+
+ msgid "Could not allocate space for config info.\n"
+ msgstr "Nemohu alokovat dostatek místa pro konfigurační údaje.\n"
+@@ -31,7 +33,7 @@
+ #, c-format
+ msgid "configuration error - unknown item '%s' (notify administrator)\n"
+ msgstr ""
+-"konfigurační chyba - neznámý předmět '%s' (informujte správce systému)\n"
++"konfigurační chyba - neznámá položka „%s“ (informujte správce systému)\n"
+
+ #, c-format
+ msgid "Warning: unknown group %s\n"
+@@ -93,16 +95,14 @@
+ "%d selhání od posledního přihlášení.\n"
+ "Poslední: %s na %s.\n"
+
+-#, fuzzy
+ msgid "Can't get unique UID (no more available UIDs)\n"
+-msgstr "%s: nelze získat jedinečné UID\n"
++msgstr "Nelze získat jedinečné UID (další UID již nejsou dostupná)\n"
+
+-#, fuzzy
+ msgid "Can't get unique GID (no more available GIDs)\n"
+-msgstr "%s: nelze získat jedinečné GID\n"
++msgstr "Nelze získat jedinečné GID (další GID již nejsou dostupná)\n"
+
+ msgid "Too many logins.\n"
+-msgstr "Příliš mnoho souběžných přihlášení.\n"
++msgstr "Příliš mnoho přihlášení.\n"
+
+ msgid "You have new mail."
+ msgstr "Máte novou poštu."
+@@ -146,6 +146,9 @@
+ msgid "passwd: %s\n"
+ msgstr "passwd: %s\n"
+
++msgid "passwd: password unchanged\n"
++msgstr "passwd: heslo nebylo změněno\n"
++
+ msgid "passwd: password updated successfully\n"
+ msgstr "passwd: heslo bylo úspěšně změněno\n"
+
+@@ -158,10 +161,12 @@
+ "Invalid ENCRYPT_METHOD value: '%s'.\n"
+ "Defaulting to DES.\n"
+ msgstr ""
++"Neplatná hodnota ENCRYPT_METHOD: „%s“.\n"
++"Používám DES.\n"
+
+ #, c-format
+ msgid "Unable to cd to '%s'\n"
+-msgstr "Nelze přejít do \"%s\"\n"
++msgstr "Nelze přejít do „%s“\n"
+
+ msgid "No directory, logging in with HOME=/"
+ msgstr "Žádný adresář, nastavuji HOME na /"
+@@ -172,14 +177,14 @@
+
+ #, c-format
+ msgid "Invalid root directory '%s'\n"
+-msgstr "Chybný kořenový adresář \"%s\"\n"
++msgstr "Chybný kořenový adresář „%s“\n"
+
+ #, c-format
+ msgid "Can't change root directory to '%s'\n"
+-msgstr "Nelze změnit kořenový adresář na \"%s\"\n"
++msgstr "Nelze změnit kořenový adresář na „%s“\n"
+
+ msgid "No utmp entry. You must exec \"login\" from the lowest level \"sh\""
+-msgstr "utmp záznam neexistuje. Musíte spustit \"login\" z nejnižšího \"sh\""
++msgstr "utmp záznam neexistuje. Musíte spustit „login“ z nejnižšího „sh“"
+
+ msgid "Unable to determine your tty name."
+ msgstr "Nelze zjistit vaše uživatelské jméno."
+@@ -283,7 +288,7 @@
+
+ #, c-format
+ msgid "%s: do not include \"l\" with other flags\n"
+-msgstr "%s: nepoužívejte \"l\" s ostatními příznaky\n"
++msgstr "%s: nepoužívejte „l“ s ostatními příznaky\n"
+
+ #, c-format
+ msgid "%s: Permission denied.\n"
+@@ -413,24 +418,36 @@
+ msgstr "Soubor s hesly nelze odemknout.\n"
+
+ #, c-format
++msgid "%s: name with non-ASCII characters: '%s'\n"
++msgstr "%s: jméno obsahuje jiné znaky než ASCII: „%s“\n"
++
++#, c-format
+ msgid "%s: invalid name: '%s'\n"
+-msgstr "%s: chybné jméno: \"%s\"\n"
++msgstr "%s: chybné jméno: „%s“\n"
++
++#, c-format
++msgid "%s: room number with non-ASCII characters: '%s'\n"
++msgstr "%s: číslo místnosti obsahuje jiné znaky než ASCII: „%s“\n"
+
+ #, c-format
+ msgid "%s: invalid room number: '%s'\n"
+-msgstr "%s: chybné číslo místnosti: \"%s\"\n"
++msgstr "%s: chybné číslo místnosti: „%s“\n"
+
+ #, c-format
+ msgid "%s: invalid work phone: '%s'\n"
+-msgstr "%s: chybné telefonní číslo do zaměstnání: \"%s\"\n"
++msgstr "%s: chybné telefonní číslo do zaměstnání: „%s“\n"
+
+ #, c-format
+ msgid "%s: invalid home phone: '%s'\n"
+-msgstr "%s: chybné telefonní číslo domů: \"%s\"\n"
++msgstr "%s: chybné telefonní číslo domů: „%s“\n"
++
++#, c-format
++msgid "%s: '%s' contains non-ASCII characters\n"
++msgstr "%s: „%s“ obsahuje jiné znaky než ASCII\n"
+
+ #, c-format
+ msgid "%s: '%s' contains illegal characters\n"
+-msgstr "%s: \"%s\" obsahuje chybné znaky\n"
++msgstr "%s: „%s“ obsahuje chybné znaky\n"
+
+ #, c-format
+ msgid "%s: Cannot determine your user name.\n"
+@@ -438,11 +455,11 @@
+
+ #, c-format
+ msgid "%s: cannot change user '%s' on NIS client.\n"
+-msgstr "%s: uživatele \"%s\" nelze na NIS klientu změnit.\n"
++msgstr "%s: uživatele „%s“ nelze na NIS klientu změnit.\n"
+
+ #, c-format
+ msgid "%s: '%s' is the NIS master for this client.\n"
+-msgstr "%s: \"%s\" je hlavním NIS serverem pro tohoto klienta.\n"
++msgstr "%s: „%s“ je hlavním NIS serverem pro tohoto klienta.\n"
+
+ #, c-format
+ msgid "Changing the user information for %s\n"
+@@ -452,7 +469,7 @@
+ msgid "%s: fields too long\n"
+ msgstr "%s: položka je příliš dlouhá\n"
+
+-#, fuzzy, c-format
++#, c-format
+ msgid ""
+ "Usage: %s [options]\n"
+ "\n"
+@@ -464,35 +481,36 @@
+ " the MD5 algorithm\n"
+ "%s\n"
+ msgstr ""
+-"Použití: chpasswd [volby]\n"
++"Použití: %s [volby]\n"
+ "\n"
+ "Volby:\n"
++" -c, --crypt-method typ šifry (jeden z %s)\n"
+ " -e, --encrypted zadaná hesla jsou zašifrovaná\n"
+ " -h, --help zobrazí tuto nápovědu a skončí\n"
+-" -m, --md5 pokud zadaná hesla nejsou zašifrovaná,\n"
+-" použije místo DES algoritmus MD5\n"
+-"\n"
++" -m, --md5 zašifruje nešifrované heslo\n"
++" algoritmem MD5\n"
++"%s\n"
+
+ msgid ""
+ " -s, --sha-rounds number of SHA rounds for the SHA*\n"
+ " crypt algorithms\n"
+-msgstr ""
++msgstr " -s, --sha-rounds počet SHA iterací algoritmu SHA*\n"
+
+ #, c-format
+ msgid "%s: invalid numeric argument '%s'\n"
+-msgstr "%s: chybný numerický argument \"%s\"\n"
++msgstr "%s: chybný numerický argument „%s“\n"
+
+-#, fuzzy, c-format
++#, c-format
+ msgid "%s: %s flag is ONLY allowed with the %s flag\n"
+-msgstr "%s: přepínač -a je povolen POUZE s přepínačem -G\n"
++msgstr "%s: přepínač %s je povolen POUZE s přepínačem %s\n"
+
+ #, c-format
+ msgid "%s: the -c, -e, and -m flags are exclusive\n"
+-msgstr ""
++msgstr "%s: přepínače -c, -e a -m se navzájem vylučují\n"
+
+ #, c-format
+ msgid "%s: unsupported crypt method: %s\n"
+-msgstr ""
++msgstr "%s: nepodporovaný typ šifry: %s\n"
+
+ #, c-format
+ msgid "%s: can't lock group file\n"
+@@ -510,13 +528,13 @@
+ msgid "%s: can't open shadow file\n"
+ msgstr "%s: soubor se stínovými hesly nelze otevřít\n"
+
+-#, fuzzy, c-format
++#, c-format
+ msgid "%s: error updating gshadow file\n"
+-msgstr "%s: chyba při aktualizaci souboru se stínovými hesly\n"
++msgstr "%s: chyba při aktualizaci souboru se stínovými skupinami\n"
+
+-#, fuzzy, c-format
++#, c-format
+ msgid "%s: error updating group file\n"
+-msgstr "%s: položku souboru se skupinami nelze aktualizovat\n"
++msgstr "%s: chyba při aktualizaci souboru se skupinami\n"
+
+ #, c-format
+ msgid "%s: line %d: line too long\n"
+@@ -530,9 +548,9 @@
+ msgid "%s: line %d: unknown group %s\n"
+ msgstr "%s: řádek %d: neznámá skupina %s\n"
+
+-#, fuzzy, c-format
++#, c-format
+ msgid "%s: line %d: cannot update group entry\n"
+-msgstr "%s: řádek %d: položku nelze aktualizovat\n"
++msgstr "%s: řádek %d: položku nelze aktualizovat skupinu\n"
+
+ #, c-format
+ msgid "%s: error detected, changes ignored\n"
+@@ -640,7 +658,7 @@
+
+ #, c-format
+ msgid " [%lds left]"
+-msgstr " [%lds zbylo]"
++msgstr " [%lds zbývá]"
+
+ #, c-format
+ msgid " [%lds lock]"
+@@ -710,13 +728,13 @@
+ msgid "unknown group: %s\n"
+ msgstr "neznámá skupina %s\n"
+
+-#, fuzzy, c-format
++#, c-format
+ msgid "%s: can't close file\n"
+-msgstr "%s: nelze otevřít soubor\n"
++msgstr "%s: nelze zavřít soubor\n"
+
+-#, fuzzy, c-format
++#, c-format
+ msgid "%s: can't close shadow file\n"
+-msgstr "%s: soubor se stínovými hesly nelze otevřít\n"
++msgstr "%s: soubor se stínovými hesly nelze zavřít\n"
+
+ #, c-format
+ msgid "Changing the password for group %s\n"
+@@ -754,7 +772,6 @@
+ msgid "%s: Not a tty\n"
+ msgstr "%s: Nejedná se o tty\n"
+
+-#, fuzzy
+ msgid ""
+ "Usage: groupadd [options] GROUP\n"
+ "\n"
+@@ -780,11 +797,13 @@
+ " -K, --key KLÍČ=HODNOTA přebije výchozí nastavení /etc/login.defs\n"
+ " -o, --non-unique povolí vytvoření skupiny s duplicitním\n"
+ " (nejedinečným) GID\n"
++" -p, --password HESLO pro novou skupinu použije šifrované heslo\n"
++" -r, --system vytvoří systémový účet\n"
+ "\n"
+
+ #, c-format
+ msgid "%s: error adding new group entry\n"
+-msgstr "%s: chyba při přidávání položky souboru se skupinami\n"
++msgstr "%s: chyba při přidávání nové skupiny\n"
+
+ #, c-format
+ msgid "%s: %s is not a valid group name\n"
+@@ -826,9 +845,9 @@
+ msgid "%s: GID %u is not unique\n"
+ msgstr "%s: GID %u není jedinečné\n"
+
+-#, fuzzy, c-format
++#, c-format
+ msgid "%s: can't create group\n"
+-msgstr "%s: %s nelze vytvořit\n"
++msgstr "%s: nelze vytvořit skupinu\n"
+
+ msgid "Usage: groupdel group\n"
+ msgstr "Použití: groupdel skupina\n"
+@@ -887,7 +906,6 @@
+ msgid "Cannot close group file\n"
+ msgstr "Soubor se skupinami nelze zavřít\n"
+
+-#, fuzzy
+ msgid ""
+ "Usage: groupmod [options] GROUP\n"
+ "\n"
+@@ -908,6 +926,7 @@
+ " -n, --new-name NOVÁ_SKUPINA vnutí SKUPINĚ jméno NOVÁ_SKUPINA\n"
+ " -o, --non-unique povolí skupině použít duplicitní\n"
+ " (nejedinečné) GID\n"
++" -p, --password HESLO pro SKUPINU použije šifrované heslo\n"
+ "\n"
+
+ #, c-format
+@@ -922,7 +941,7 @@
+ msgid "%s: %s is not a unique name\n"
+ msgstr "%s: jméno %s není jedinečné\n"
+
+-#, fuzzy, c-format
++#, c-format
+ msgid "%s: cannot rewrite passwd file\n"
+ msgstr "%s: soubor s hesly nelze přepsat\n"
+
+@@ -939,10 +958,12 @@
+ "%s: cannot change the primary group of user '%s' from %u to %u, since it is "
+ "not in the passwd file.\n"
+ msgstr ""
++"%s: nelze změnit primární skupinu uživatele „%s“ z %u na %u, protože se "
++"nenachází v souboru passwd.\n"
+
+-#, fuzzy, c-format
++#, c-format
+ msgid "%s: cannot change the primary group of user '%s' from %u to %u.\n"
+-msgstr "%s: uživatele \"%s\" nelze na NIS klientu změnit.\n"
++msgstr "%s: nelze změnit primární skupinu uživatele „%s“ z %u na %u.\n"
+
+ #, c-format
+ msgid "Usage: %s [-r] [-s] [group [gshadow]]\n"
+@@ -974,14 +995,14 @@
+
+ #, c-format
+ msgid "delete line '%s'? "
+-msgstr "smazat řádek \"%s\"?"
++msgstr "smazat řádek „%s“?"
+
+ msgid "duplicate group entry"
+ msgstr "tato položka se v souboru se skupinami vyskytuje vícekrát"
+
+ #, c-format
+ msgid "invalid group name '%s'\n"
+-msgstr "jméno skupiny \"%s\" je chybné\n"
++msgstr "jméno skupiny „%s“ je chybné\n"
+
+ #, c-format
+ msgid "group %s: no user %s\n"
+@@ -989,7 +1010,7 @@
+
+ #, c-format
+ msgid "delete member '%s'? "
+-msgstr "smazat člena \"%s\"? "
++msgstr "smazat člena „%s“? "
+
+ #, c-format
+ msgid "no matching group file entry in %s\n"
+@@ -997,7 +1018,7 @@
+
+ #, c-format
+ msgid "add group '%s' in %s ?"
+-msgstr "přidat skupinu \"%s\" do %s ?"
++msgstr "přidat skupinu „%s“ do %s ?"
+
+ #, c-format
+ msgid "%s: can't update shadow entry for %s\n"
+@@ -1019,7 +1040,7 @@
+
+ #, c-format
+ msgid "delete administrative member '%s'? "
+-msgstr "smazat administrátora \"%s\"? "
++msgstr "smazat administrátora „%s“? "
+
+ #, c-format
+ msgid "shadow group %s: no user %s\n"
+@@ -1095,9 +1116,9 @@
+ msgid "**Never logged in**"
+ msgstr "**Nikdy nebyl přihlášen**"
+
+-#, fuzzy, c-format
++#, c-format
+ msgid "Unknown user or range: %s\n"
+-msgstr "Neznámý uživatel: %s\n"
++msgstr "Neznámý uživatel nebo rozsah: %s\n"
+
+ #, c-format
+ msgid "lastlog: unexpected argument: %s\n"
+@@ -1176,7 +1197,7 @@
+
+ #, c-format
+ msgid "TIOCSCTTY failed on %s"
+-msgstr ""
++msgstr "TIOCSCTTY selhalo na %s"
+
+ msgid "Warning: login re-enabled after temporary lockout."
+ msgstr "Varování: po dočasném zákazu je přihlašování opět povoleno."
+@@ -1206,13 +1227,12 @@
+ msgid "Usage: sg group [[-c] command]\n"
+ msgstr "Použití: sg skupina [[-c] příkaz]\n"
+
+-#, fuzzy
+ msgid "Invalid password.\n"
+-msgstr "Staré heslo: "
++msgstr "Neplatné heslo.\n"
+
+-#, fuzzy, c-format
++#, c-format
+ msgid "%s: failure forking: %s\n"
+-msgstr "%s: chyba rozdvojení: %s"
++msgstr "%s: chyba rozdvojení: %s\n"
+
+ #, c-format
+ msgid "unknown UID: %u\n"
+@@ -1233,52 +1253,59 @@
+ " -r, --system create system accounts\n"
+ "%s\n"
+ msgstr ""
++"Použití: %s [volby] [vstup]\n"
++"\n"
++" -c, --crypt-method typ šifry (jeden z %s)\n"
++" -r, --system vytvoří systémové účty\n"
++"%s\n"
+
+-#, fuzzy, c-format
++#, c-format
+ msgid "%s: group ID `%s' is not valid\n"
+-msgstr "%s: skupina %s neexistuje\n"
++msgstr "%s: skupinové ID „%s“ není platné\n"
+
+-#, fuzzy, c-format
++#, c-format
+ msgid "%s: invalid group name `%s'\n"
+-msgstr "jméno skupiny \"%s\" je chybné\n"
++msgstr "%s: neplatné jméno skupiny „%s“\n"
+
+-#, fuzzy, c-format
++#, c-format
+ msgid "%s: group %s is a shadow group, but does not exist in /etc/group\n"
+-msgstr "%s: skupina %s neexistuje\n"
++msgstr "%s: skupina %s je stínovou skupinou, ale neexistuje v /etc/group\n"
+
+ #, c-format
+ msgid ""
+ "%s: group %s created, failure during the creation of the corresponding "
+ "gshadow group\n"
+ msgstr ""
++"%s: skupina %s byla vytvořena, ale nastala chyba při vytváření odpovídající "
++"stínové skupiny\n"
+
+-#, fuzzy, c-format
++#, c-format
+ msgid "%s: user ID `%s' is not valid\n"
+-msgstr "%s: uživatel %s neexistuje\n"
++msgstr "%s: uživatelské ID „%s“ není platné\n"
+
+-#, fuzzy, c-format
++#, c-format
+ msgid "%s: user `%s' does not exist\n"
+-msgstr "%s: uživatel %s neexistuje\n"
++msgstr "%s: uživatel „%s“ neexistuje\n"
+
+-#, fuzzy, c-format
++#, c-format
+ msgid "%s: invalid user name `%s'\n"
+-msgstr "%s: chybné uživatelské jméno \"%s\"\n"
++msgstr "%s: neplatné uživatelské jméno „%s“\n"
+
+ #, c-format
+ msgid "%s: can't lock /etc/passwd.\n"
+ msgstr "%s: soubor /etc/passwd nelze zamknout.\n"
+
+-#, fuzzy, c-format
++#, c-format
+ msgid "%s: can't lock /etc/shadow.\n"
+-msgstr "%s: soubor /etc/passwd nelze zamknout.\n"
++msgstr "%s: soubor /etc/shadow nelze zamknout.\n"
+
+-#, fuzzy, c-format
++#, c-format
+ msgid "%s: can't lock /etc/group.\n"
+-msgstr "%s: soubor /etc/passwd nelze zamknout.\n"
++msgstr "%s: soubor /etc/group nelze zamknout.\n"
+
+-#, fuzzy, c-format
++#, c-format
+ msgid "%s: can't lock /etc/gshadow.\n"
+-msgstr "%s: soubor /etc/passwd nelze zamknout.\n"
++msgstr "%s: soubor /etc/gshadow nelze zamknout.\n"
+
+ #, c-format
+ msgid "%s: can't open files\n"
+@@ -1292,17 +1319,18 @@
+ msgid "%s: line %d: invalid line\n"
+ msgstr "%s: řádek %d: chybný řádek\n"
+
+-#, fuzzy, c-format
++#, c-format
+ msgid "%s: cannot update the entry of user %s (not in the passwd database)\n"
+-msgstr "%s: položku pro uživatele %s nelze aktualizovat\n"
++msgstr ""
++"%s: položku pro uživatele %s nelze aktualizovat (není v passwd databázi)\n"
+
+-#, fuzzy, c-format
++#, c-format
+ msgid "%s: line %d: can't create user\n"
+-msgstr "%s: řádek %d: nelze vytvořit GID\n"
++msgstr "%s: řádek %d: nelze vytvořit uživatele\n"
+
+-#, fuzzy, c-format
++#, c-format
+ msgid "%s: line %d: can't create group\n"
+-msgstr "%s: řádek %d: nelze vytvořit GID\n"
++msgstr "%s: řádek %d: nelze vytvořit skupinu\n"
+
+ #, c-format
+ msgid "%s: line %d: cannot find user %s\n"
+@@ -1374,12 +1402,12 @@
+ msgid "Old password: "
+ msgstr "Staré heslo: "
+
+-#, fuzzy, c-format
++#, c-format
+ msgid ""
+ "Enter the new password (minimum of %d characters)\n"
+ "Please use a combination of upper and lower case letters and numbers.\n"
+ msgstr ""
+-"Zadejte nové heslo (počet znaků v intervalu %d až %d).\n"
++"Zadejte nové heslo (minimální délka %d znaků).\n"
+ "Použijte kombinaci velkých a malých písmen s číslicemi.\n"
+
+ #, c-format
+@@ -1410,9 +1438,9 @@
+ msgid "The password for %s cannot be changed.\n"
+ msgstr "Heslo uživatele %s nelze změnit.\n"
+
+-#, fuzzy, c-format
++#, c-format
+ msgid "The password for %s cannot be changed yet.\n"
+-msgstr "Heslo uživatele %s nelze změnit.\n"
++msgstr "Heslo uživatele %s nelze zatím změnit.\n"
+
+ #, c-format
+ msgid "%s: out of memory\n"
+@@ -1423,6 +1451,9 @@
+ "%s: unlocking the user would result in a passwordless account.\n"
+ "You should set a password with usermod -p to unlock this user account.\n"
+ msgstr ""
++"%s odemknutí uživatele by znamenalo mít účet bez hesla.\n"
++"Pro odemknutí tohoto uživatelského účtu byste měli nastavit heslo pomocí "
++"usermod -p.\n"
+
+ #, c-format
+ msgid "%s: repository %s not supported\n"
+@@ -1430,7 +1461,7 @@
+
+ #, c-format
+ msgid "%s: %s is not authorized to change the password of %s\n"
+-msgstr ""
++msgstr "%s: %s není oprávněn změnit heslo %s\n"
+
+ #, c-format
+ msgid "%s: You may not view or modify password information for %s.\n"
+@@ -1483,7 +1514,7 @@
+
+ #, c-format
+ msgid "add user '%s' in %s? "
+-msgstr "přidat uživatele \"%s\" do %s? "
++msgstr "přidat uživatele „%s“ do %s? "
+
+ #, c-format
+ msgid "%s: can't update passwd entry for %s\n"
+@@ -1600,7 +1631,7 @@
+ msgstr "Soubor s hesly neexistuje"
+
+ msgid "TIOCSCTTY failed"
+-msgstr ""
++msgstr "TIOCSCTTY selhalo"
+
+ msgid "No password entry for 'root'"
+ msgstr "V databázi není položka pro uživatele 'root'"
+@@ -1639,13 +1670,12 @@
+
+ #, c-format
+ msgid "%s: group '%s' is a NIS group.\n"
+-msgstr "%s: skupina \"%s\" je NIS skupinou.\n"
++msgstr "%s: skupina „%s“ je NIS skupinou.\n"
+
+ #, c-format
+ msgid "%s: too many groups specified (max %d).\n"
+ msgstr "%s: zadáno příliš mnoho skupin (max %d).\n"
+
+-#, fuzzy
+ msgid ""
+ "Usage: useradd [options] LOGIN\n"
+ "\n"
+@@ -1701,39 +1731,46 @@
+ " -h, --help zobrazí tuto nápovědu a skončí\n"
+ " -k, --skel VZOR_ADR zadá alternativní vzorový adresář\n"
+ " -K, --key KLÍČ=HODNOTA přebije výchozí nastavení /etc/login.defs\n"
++" -l, nepřidá uživatele do databází lastlog\n"
++" a faillog\n"
+ " -m, --create-home vytvoří domovský adresář pro nový\n"
+ " uživatelský účet\n"
++" -N, --no-user-group nevytvoří skupinu se stejným jménem jako\n"
++" uživatel\n"
+ " -o, --non-unique povolí vytvoření uživatele s duplicitním\n"
+ " (nejedinečným) UID\n"
+ " -p, --password HESLO použije pro nový účet zadané zašifrované\n"
+ " heslo\n"
++" -r, --system vytvoří systémový účet\n"
+ " -s, --shell SHELL přihlašovací shell nového účtu\n"
+ " -u, --uid UID vynutí použití tohoto UID pro nový účet\n"
++" -U, --user-group vytvoří skupinu se stejným jménem jako\n"
++" uživatel\n"
+ "\n"
+
+-#, fuzzy, c-format
++#, c-format
+ msgid "%s: Out of memory. Cannot update the group database.\n"
+-msgstr "%s nedostatek paměti v update_group\n"
++msgstr "%s: Nedostatek paměti. Nelze aktualizovat databázi skupin.\n"
+
+-#, fuzzy, c-format
++#, c-format
+ msgid "%s: Out of memory. Cannot update the shadow group database.\n"
+-msgstr "%s: nedostatek paměti v update_gshadow\n"
++msgstr "%s: Nedostatek paměti. Nelze aktualizovat databázi stínových skupin.\n"
+
+ #, c-format
+ msgid "%s: invalid base directory '%s'\n"
+-msgstr "%s: chybný základní adresář \"%s\"\n"
++msgstr "%s: chybný základní adresář „%s“\n"
+
+ #, c-format
+ msgid "%s: invalid comment '%s'\n"
+-msgstr "%s: chybný komentář \"%s\"\n"
++msgstr "%s: chybný komentář „%s“\n"
+
+ #, c-format
+ msgid "%s: invalid home directory '%s'\n"
+-msgstr "%s: chybný domácí adresář \"%s\"\n"
++msgstr "%s: chybný domácí adresář „%s“\n"
+
+ #, c-format
+ msgid "%s: invalid date '%s'\n"
+-msgstr "%s: chybné datum \"%s\"\n"
++msgstr "%s: chybné datum „%s“\n"
+
+ #, c-format
+ msgid "%s: shadow passwords required for -e\n"
+@@ -1745,19 +1782,19 @@
+
+ #, c-format
+ msgid "%s: invalid field '%s'\n"
+-msgstr "%s: chybná položka \"%s\"\n"
++msgstr "%s: chybná položka „%s“\n"
+
+ #, c-format
+ msgid "%s: invalid shell '%s'\n"
+-msgstr "%s: chybný shell \"%s\"\n"
++msgstr "%s: chybný shell „%s“\n"
+
+ #, c-format
+ msgid "%s: options %s and %s conflict\n"
+-msgstr ""
++msgstr "%s: volby %s a %s kolidují\n"
+
+ #, c-format
+ msgid "%s: invalid user name '%s'\n"
+-msgstr "%s: chybné uživatelské jméno \"%s\"\n"
++msgstr "%s: chybné uživatelské jméno „%s“\n"
+
+ #, c-format
+ msgid "%s: cannot rewrite password file\n"
+@@ -1809,7 +1846,7 @@
+ msgid ""
+ "Group 'mail' not found. Creating the user mailbox file with 0600 mode.\n"
+ msgstr ""
+-"Skupina \"mail\" nebyla nalezena. Vytvářím uživatelovu poštovní schránku s "
++"Skupina „mail“ nebyla nalezena. Vytvářím uživatelovu poštovní schránku s "
+ "právy 0600.\n"
+
+ msgid "Setting mailbox file permissions"
+@@ -1826,9 +1863,9 @@
+ "%s: skupina %s existuje - chcete-li přidat uživatele do této skupiny, "
+ "použijte -g.\n"
+
+-#, fuzzy, c-format
++#, c-format
+ msgid "%s: can't create user\n"
+-msgstr "%s: %s nelze vytvořit\n"
++msgstr "%s: nelze vytvořit uživatele\n"
+
+ #, c-format
+ msgid "%s: UID %u is not unique\n"
+@@ -1876,9 +1913,9 @@
+ "%s: Nemohu odstranit skupinu %s, která je primární skupinou jiného "
+ "uživatele.\n"
+
+-#, fuzzy, c-format
++#, c-format
+ msgid "%s: error updating shadow group entry\n"
+-msgstr "%s: položku souboru se skupinami nelze aktualizovat\n"
++msgstr "%s: chyba při aktualizaci stínové skupiny\n"
+
+ #, c-format
+ msgid "%s: cannot open group file\n"
+@@ -1924,7 +1961,6 @@
+ msgid "%s: error removing directory %s\n"
+ msgstr "%s: chyba při mazání adresáře %s\n"
+
+-#, fuzzy
+ msgid ""
+ "Usage: usermod [options] LOGIN\n"
+ "\n"
+@@ -1954,8 +1990,6 @@
+ "Použití: usermod [volby] ÚČET\n"
+ "\n"
+ "Volby:\n"
+-" -a, --append přidá uživatele do dalších SKUPIN\n"
+-" (používejte jen s volbou -G)\n"
+ " -c, --comment KOMENTÁŘ nová hodnota pole GECOS\n"
+ " -d, --home-dir DOMOV_ADR nový domovský adresář uživatele\n"
+ " -e, --expiredate EXP_DATUM nastaví vypršení platnosti účtu na "
+@@ -1964,6 +1998,8 @@
+ " -g, --gid SKUPINA nastaví novou primární SKUPINU\n"
+ " -G, --groups SKUPINY nový seznam dodatečných skupin, do kterých\n"
+ " má účet patřit\n"
++" -a, --append přidá uživatele do dalších SKUPIN zadaných\n"
++" volbou -G; neruší členství v ostatních sk.\n"
+ " -h, --help zobrazí tuto nápovědu a skončí\n"
+ " -l, --login NOVÝ_ÚČET nová hodnota přihlašovacího jména\n"
+ " -L, --lock zamkne uživatelský účet\n"
+@@ -1977,9 +2013,9 @@
+ " -U, --unlock odemkne uživatelský účet\n"
+ "\n"
+
+-#, fuzzy, c-format
++#, c-format
+ msgid "%s: error adding new shadow group entry\n"
+-msgstr "%s: chyba při přidávání položky souboru se skupinami\n"
++msgstr "%s: chyba při přidávání nové stínové skupiny\n"
+
+ #, c-format
+ msgid "%s: no flags given\n"
+@@ -1991,7 +2027,7 @@
+
+ #, c-format
+ msgid "%s: the -L, -p, and -U flags are exclusive\n"
+-msgstr ""
++msgstr "%s: přepínače -L, -p a -U se navzájem vylučují\n"
+
+ #, c-format
+ msgid "%s: uid %lu is not unique\n"
+@@ -2045,6 +2081,9 @@
+ "You may need to modify %s for consistency.\n"
+ "Please use the command `%s' to do so.\n"
+ msgstr ""
++"Změnili jste %s.\n"
++"Z důvodu konzistence byste měli změnit i %s.\n"
++"Můžete to provést příkazem „%s“.\n"
+
+ msgid ""
+ "Usage: vipw [options]\n"
+@@ -2089,10 +2128,10 @@
+ #~ msgstr "%s: nelze získat jedinečné GID\n"
+
+ #~ msgid " on '%.100s' from '%.200s'"
+-#~ msgstr " na \"%.100s\" z \"%.200s\""
++#~ msgstr " na „%.100s“ z „%.200s“"
+
+ #~ msgid " on '%.100s'"
+-#~ msgstr " na \"%.100s\""
++#~ msgstr " na „%.100s“"
+
+ #~ msgid "%s: can't lock files, try again later\n"
+ #~ msgstr "%s: soubory nelze zamknout. Zkuste to opět později.\n"
+@@ -2125,9 +2164,8 @@
+ #~ "\t\t\tpoužije místo DES algoritmus MD5\n"
+ #~ "\n"
+
+-#, fuzzy
+ #~ msgid "No password.\n"
+-#~ msgstr "Soubor s hesly neexistuje\n"
++#~ msgstr "Žádné heslo.\n"
+
+ #~ msgid "Usage: %s [input]\n"
+ #~ msgstr "Použití: %s [vstup]\n"
Copied: debian/trunk/debian/patches/300_SHA_crypt_method (from rev 2271, debian/branches/lenny/debian/patches/300_SHA_crypt_method)
===================================================================
--- debian/trunk/debian/patches/300_SHA_crypt_method (rev 0)
+++ debian/trunk/debian/patches/300_SHA_crypt_method 2008-08-31 19:16:54 UTC (rev 2338)
@@ -0,0 +1,36 @@
+Goal: Fix bugs in the SHA encryption method that force the salt to have 8
+ bytes (instead of a random length between 8 and 16 bytes), and force
+ the number of SHA rounds to be equal to the lowest limit (at least
+ 1000 SHA rounds).
+
+Status wrt upstream: Already applied upstream.
+
+Index: shadow-4.1.1/libmisc/salt.c
+===================================================================
+--- shadow-4.1.1.orig/libmisc/salt.c 2008-02-03 18:23:31.000000000 +0100
++++ shadow-4.1.1/libmisc/salt.c 2008-05-21 22:24:32.734281067 +0200
+@@ -90,9 +90,10 @@
+ */
+ static unsigned int SHA_salt_size (void)
+ {
+- double rand_rounds = 9 * random ();
+- rand_rounds /= RAND_MAX;
+- return 8 + rand_rounds;
++ double rand_size;
++ seedRNG ();
++ rand_size = (double) 9.0 * random () / RAND_MAX;
++ return 8 + rand_size;
+ }
+
+ /* ! Arguments evaluated twice ! */
+@@ -131,8 +132,8 @@
+ if (min_rounds > max_rounds)
+ max_rounds = min_rounds;
+
+- srand (time (NULL));
+- rand_rounds = (max_rounds-min_rounds+1) * random ();
++ seedRNG ();
++ rand_rounds = (double) (max_rounds-min_rounds+1.0) * random ();
+ rand_rounds /= RAND_MAX;
+ rounds = min_rounds + rand_rounds;
+ } else if (0 == *prefered_rounds)
Copied: debian/trunk/debian/patches/301_manpages_missing_options (from rev 2271, debian/branches/lenny/debian/patches/301_manpages_missing_options)
===================================================================
--- debian/trunk/debian/patches/301_manpages_missing_options (rev 0)
+++ debian/trunk/debian/patches/301_manpages_missing_options 2008-08-31 19:16:54 UTC (rev 2338)
@@ -0,0 +1,233 @@
+Goal: Add missing documentation of options in useradd, groupadd and
+ newusers
+ Implement the -r, --system option of newusers (already documented in
+ --help, implemented in code, but missing getopt handling)
+
+Status wrt upstream: Already applied.
+
+Index: shadow-4.1.1/man/useradd.8.xml
+===================================================================
+--- shadow-4.1.1.orig/man/useradd.8.xml 2008-06-12 23:29:12.210795802 +0200
++++ shadow-4.1.1/man/useradd.8.xml 2008-06-12 23:29:12.258795502 +0200
+@@ -189,23 +189,25 @@
+ </varlistentry>
+ <varlistentry>
+ <term>
+- <option>-m</option>, <option>--create-home</option>
++ <option>-k</option>, <option>--skel</option>
++ <replaceable>SKEL_DIR</replaceable>
+ </term>
+ <listitem>
+ <para>
+- The user's home directory will be created if it does not exist.
+- The files contained in <replaceable>SKEL_DIR</replaceable> will
+- be copied to the home directory if the <option>-k</option>
+- option is used, otherwise the files contained in
+- <filename>/etc/skel</filename> will be used instead. Any
+- directories contained in <replaceable>SKEL_DIR</replaceable> or
+- <filename>/etc/skel</filename> will be created in the user's
+- home directory as well. The <option>-k</option> option is only
+- valid in conjunction with the <option>-m</option> option. The
+- default is to not create the directory and to not copy any
+- files.
+- This option may not function correctly if the username has a / in it.
++ The skeleton directory, which contains files and directories
++ to be copied in the user's home directory, when the home
++ directory is created by <command>useradd</command>.
++ </para>
++ <para>
++ This option is only valid if the <option>-m</option> (or
++ <option>--create-home</option>) option is specified.
+ </para>
++ <para>
++ If this option is not set, the skeleton directory is defined
++ in <filename>/etc/default/useradd</filename> or, by default,
++ <filename>/etc/skel</filename>.
++ </para>
++ <para>This option may not function correctly if the username has a / in it.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+@@ -255,6 +257,22 @@
+ </varlistentry>
+ <varlistentry>
+ <term>
++ <option>-m</option>, <option>--create-home</option>
++ </term>
++ <listitem>
++ <para>
++ Create the user's home directory if it does not exist.
++ The files and directories contained in the skeleton directory
++ (which can be defined with the <option>-k</option> option)
++ will be copied to the home directory.
++ </para>
++ <para>
++ By default, no home directories are created.
++ </para>
++ </listitem>
++ </varlistentry>
++ <varlistentry>
++ <term>
+ <option>-N</option>, <option>--no-user-group</option>
+ </term>
+ <listitem>
+@@ -295,6 +313,25 @@
+ </varlistentry>
+ <varlistentry>
+ <term>
++ <option>-r</option>, <option>--system</option>
++ </term>
++ <listitem>
++ <para>
++ Create a system account.
++ </para>
++ <para>
++ System users will be created with no aging information in
++ <filename>/etc/shadow</filename>, and their numeric
++ identifiers are choosen in the
++ <option>SYS_UID_MIN</option>-<option>SYS_UID_MAX</option>
++ range, defined in <filename>login.defs</filename>, instead of
++ <option>UID_MIN</option>-<option>UID_MAX</option> (and their
++ <option>GID</option> counterparts for the creation of groups).
++ </para>
++ </listitem>
++ </varlistentry>
++ <varlistentry>
++ <term>
+ <option>-s</option>, <option>--shell</option>
+ <replaceable>SHELL</replaceable>
+ </term>
+Index: shadow-4.1.1/man/groupadd.8.xml
+===================================================================
+--- shadow-4.1.1.orig/man/groupadd.8.xml 2008-02-25 22:14:56.000000000 +0100
++++ shadow-4.1.1/man/groupadd.8.xml 2008-06-12 23:29:12.258795502 +0200
+@@ -126,6 +126,22 @@
+ </para>
+ </listitem>
+ </varlistentry>
++ <varlistentry>
++ <term>
++ <option>-r</option>, <option>--system</option>
++ </term>
++ <listitem>
++ <para>
++ Create a system group.
++ </para>
++ <para>
++ The numeric identifiers of new system groups are choosen in
++ the <option>SYS_GID_MIN</option>-<option>SYS_GID_MAX</option>
++ range, defined in <filename>login.defs</filename>, instead of
++ <option>GID_MIN</option>-<option>GID_MAX</option>.
++ </para>
++ </listitem>
++ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+Index: shadow-4.1.1/man/newusers.8.xml
+===================================================================
+--- shadow-4.1.1.orig/man/newusers.8.xml 2008-02-25 22:14:56.000000000 +0100
++++ shadow-4.1.1/man/newusers.8.xml 2008-06-12 23:29:12.258795502 +0200
+@@ -94,6 +94,68 @@
+ </para>
+ </refsect1>
+
++ <refsect1 id='options'>
++ <title>OPTIONS</title>
++ <para>The options which apply to the <command>newusers</command> command are:
++ </para>
++ <variablelist remap='IP'>
++ <varlistentry>
++ <term><option>-c</option>, <option>--crypt-method</option></term>
++ <listitem>
++ <para>Use the specified method to encrypt the passwords.</para>
++ <para>
++ The available methods are DES, MD5, NONE, and SHA256 or SHA512
++ if your libc support these methods.
++ </para>
++ </listitem>
++ </varlistentry>
++ <varlistentry>
++ <term>
++ <option>-r</option>, <option>--system</option>
++ </term>
++ <listitem>
++ <para>
++ Create a system account.
++ </para>
++ <para>
++ System users will be created with no aging information in
++ <filename>/etc/shadow</filename>, and their numeric
++ identifiers are choosen in the
++ <option>SYS_UID_MIN</option>-<option>SYS_UID_MAX</option>
++ range, defined in <filename>login.defs</filename>, instead of
++ <option>UID_MIN</option>-<option>UID_MAX</option> (and their
++ <option>GID</option> counterparts for the creation of groups).
++ </para>
++ </listitem>
++ </varlistentry>
++ <varlistentry condition="sha_crypt">
++ <term><option>-s</option>, <option>--sha-rounds</option></term>
++ <listitem>
++ <para>
++ Use the specified number of rounds to encrypt the passwords.
++ </para>
++ <para>
++ The value 0 means that the system will choose the default
++ number of rounds for the crypt method (5000).
++ </para>
++ <para>
++ A minimal value of 1000 and a maximal value of 999,999,999
++ will be enforced.
++ </para>
++ <para>
++ You can only use this option with the SHA256 or SHA512
++ crypt method.
++ </para>
++ <para>
++ By default, the number of rounds is defined by the
++ SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
++ <filename>/etc/login.defs</filename>.
++ </para>
++ </listitem>
++ </varlistentry>
++ </variablelist>
++ </refsect1>
++
+ <refsect1 id='caveats'>
+ <title>CAVEATS</title>
+ <para>
+Index: shadow-4.1.1/src/newusers.c
+===================================================================
+--- shadow-4.1.1.orig/src/newusers.c 2008-06-12 23:34:34.859795564 +0200
++++ shadow-4.1.1/src/newusers.c 2008-06-12 23:38:33.290795654 +0200
+@@ -443,6 +443,7 @@
+ static struct option long_options[] = {
+ {"crypt-method", required_argument, NULL, 'c'},
+ {"help", no_argument, NULL, 'h'},
++ {"system", no_argument, NULL, 'r'},
+ #ifdef USE_SHA_CRYPT
+ {"sha-rounds", required_argument, NULL, 's'},
+ #endif
+@@ -451,9 +452,9 @@
+
+ while ((c = getopt_long (argc, argv,
+ #ifdef USE_SHA_CRYPT
+- "c:hs:",
++ "c:hrs:",
+ #else
+- "c:h",
++ "c:hr",
+ #endif
+ long_options, &option_index)) != -1) {
+ switch (c) {
+@@ -464,6 +465,9 @@
+ case 'h':
+ usage ();
+ break;
++ case 'r':
++ rflg = 1;
++ break;
+ #ifdef USE_SHA_CRYPT
+ case 's':
+ sflg = 1;
Copied: debian/trunk/debian/patches/302_remove_non_translated_polish_manpages (from rev 2271, debian/branches/lenny/debian/patches/302_remove_non_translated_polish_manpages)
===================================================================
--- debian/trunk/debian/patches/302_remove_non_translated_polish_manpages (rev 0)
+++ debian/trunk/debian/patches/302_remove_non_translated_polish_manpages 2008-08-31 19:16:54 UTC (rev 2338)
@@ -0,0 +1,26 @@
+Goal: Do not distribute the login.1 and su.1 Polish translations
+
+Fixes: #491460
+
+Status wrt upstream: Already applied
+
+Index: shadow-4.1.1/man/pl/Makefile.am
+===================================================================
+--- shadow-4.1.1.orig/man/pl/Makefile.am
++++ shadow-4.1.1/man/pl/Makefile.am
+@@ -20,7 +20,6 @@
+ grpconv.8 \
+ grpunconv.8 \
+ lastlog.8 \
+- login.1 \
+ login.defs.5 \
+ logoutd.8 \
+ newgrp.1 \
+@@ -32,7 +31,6 @@
+ pwunconv.8 \
+ sg.1 \
+ shadow.5 \
+- su.1 \
+ suauth.5 \
+ useradd.8 \
+ userdel.8 \
Copied: debian/trunk/debian/patches/302_vim_selinux_support (from rev 2271, debian/branches/lenny/debian/patches/302_vim_selinux_support)
===================================================================
--- debian/trunk/debian/patches/302_vim_selinux_support (rev 0)
+++ debian/trunk/debian/patches/302_vim_selinux_support 2008-08-31 19:16:54 UTC (rev 2338)
@@ -0,0 +1,59 @@
+Add SE Linux support to vipw/vigr
+
+Fixes: #491907
+
+Status wrt upsream: Still not applied.
+
+Index: shadow-4.1.1/src/vipw.c
+===================================================================
+--- shadow-4.1.1.orig/src/vipw.c 2008-07-26 01:00:51.095214653 +0200
++++ shadow-4.1.1/src/vipw.c 2008-07-26 01:12:49.295214798 +0200
+@@ -42,6 +42,10 @@
+ #include "sgroupio.h"
+ #include "shadowio.h"
+
++#ifdef WITH_SELINUX
++#include <selinux/selinux.h>
++#endif
++
+ #define MSG_WARN_EDIT_OTHER_FILE _( \
+ "You have modified %s.\n"\
+ "You may need to modify %s for consistency.\n"\
+@@ -167,6 +171,22 @@
+
+ if (access (file, F_OK))
+ vipwexit (file, 1, 1);
++#ifdef WITH_SELINUX
++ /* if SE Linux is enabled then set the context of all new files
++ to be the context of the file we are editing */
++ if (is_selinux_enabled ()) {
++ security_context_t passwd_context=NULL;
++ int ret = 0;
++ if (getfilecon (file, &passwd_context) < 0) {
++ vipwexit (_("Couldn't get file context"), errno, 1);
++ }
++ ret = setfscreatecon (passwd_context);
++ freecon (passwd_context);
++ if (0 != ret) {
++ vipwexit (_("setfscreatecon () failed"), errno, 1);
++ }
++ }
++#endif
+ if (!file_lock ())
+ vipwexit (_("Couldn't lock file"), errno, 5);
+ filelocked = 1;
+@@ -236,6 +256,14 @@
+ progname, file, strerror (errno), fileedit);
+ vipwexit (0, 0, 1);
+ }
++#ifdef WITH_SELINUX
++ /* unset the fscreatecon */
++ if (is_selinux_enabled ()) {
++ if (setfscreatecon (NULL)) {
++ vipwexit (_("setfscreatecon() failed"), errno, 1);
++ }
++ }
++#endif
+
+ (*file_unlock) ();
+ }
Modified: debian/trunk/debian/patches/406_vipw_resume_properly
===================================================================
--- debian/trunk/debian/patches/406_vipw_resume_properly 2008-08-31 17:41:03 UTC (rev 2337)
+++ debian/trunk/debian/patches/406_vipw_resume_properly 2008-08-31 19:16:54 UTC (rev 2338)
@@ -4,7 +4,7 @@
Author: dean gaudet <dean at arctic.org>
-Status wrt upstream: should be forwarded
+Status wrt upstream: Fixed upstream
Index: shadow-4.1.0/src/vipw.c
===================================================================
Modified: debian/trunk/debian/patches/414_remove-unwise-advices
===================================================================
--- debian/trunk/debian/patches/414_remove-unwise-advices 2008-08-31 17:41:03 UTC (rev 2337)
+++ debian/trunk/debian/patches/414_remove-unwise-advices 2008-08-31 19:16:54 UTC (rev 2338)
@@ -1,7 +1,7 @@
Goal: Remove quite unwise password choice advices in passwd manpage
Fixes: #386818
-Status wrt upstream: Forwarded without patch but ignored up to now
+Status wrt upstream: Applied upstream
Note:
@@ -9,14 +9,16 @@
===================================================================
--- shadow-4.1.0.orig/man/passwd.1.xml
+++ shadow-4.1.0/man/passwd.1.xml
-@@ -114,35 +114,9 @@
+@@ -113,36 +113,10 @@
+ </para>
<para>
- Your password must be easily remembered so that you will not be forced
+- Your password must be easily remembered so that you will not be forced
- to write it on a piece of paper. This can be accomplished by
- appending two small words together and separating each with a
- special character or digit. For example, Pass%word.
-+ to write it on a piece of paper.
++ You can find advices on how to choose a strong password on
++ http://en.wikipedia.org/wiki/Password_strength
</para>
- <para>
Modified: debian/trunk/debian/patches/434_login_stop_checking_args_after--
===================================================================
--- debian/trunk/debian/patches/434_login_stop_checking_args_after-- 2008-08-31 17:41:03 UTC (rev 2337)
+++ debian/trunk/debian/patches/434_login_stop_checking_args_after-- 2008-08-31 19:16:54 UTC (rev 2338)
@@ -1,9 +1,7 @@
Goal: terminate argument validation in login when it hits a '--'.
Fixes: #66368
-Status wrt upstream: It could certainly be submitted to upstream.
- Upstream comment: "Better will be rewrite login
- for use getopt_long()."
+Status wrt upstream: Applied upstream.
Index: shadow-4.1.0/src/login.c
===================================================================
Modified: debian/trunk/debian/patches/487_passwd_chauthtok_failed_message
===================================================================
--- debian/trunk/debian/patches/487_passwd_chauthtok_failed_message 2008-08-31 17:41:03 UTC (rev 2337)
+++ debian/trunk/debian/patches/487_passwd_chauthtok_failed_message 2008-08-31 19:16:54 UTC (rev 2338)
@@ -4,7 +4,7 @@
Fixes: #352137
-Status wrt upstream: not forwarded yet
+Status wrt upstream: Applied upstream.
Index: shadow-4.1.0/libmisc/pam_pass.c
===================================================================
Modified: debian/trunk/debian/patches/491_configure.in_friendly_selinux_detection
===================================================================
--- debian/trunk/debian/patches/491_configure.in_friendly_selinux_detection 2008-08-31 17:41:03 UTC (rev 2337)
+++ debian/trunk/debian/patches/491_configure.in_friendly_selinux_detection 2008-08-31 19:16:54 UTC (rev 2338)
@@ -5,7 +5,7 @@
Author: Mike Frysinger <vapier at gentoo.org>
-Status wrt upstream: reported by Mike, not applied yet
+Status wrt upstream: Fixed upstream.
Index: shadow-4.1.0/configure.in
===================================================================
Copied: debian/trunk/debian/patches/494_passwd_lock-no_account_lock (from rev 2271, debian/branches/lenny/debian/patches/494_passwd_lock-no_account_lock)
===================================================================
--- debian/trunk/debian/patches/494_passwd_lock-no_account_lock (rev 0)
+++ debian/trunk/debian/patches/494_passwd_lock-no_account_lock 2008-08-31 19:16:54 UTC (rev 2338)
@@ -0,0 +1,111 @@
+Goal: Restore the behavior of passwd -l / passwd -u to only touch the
+ password field, not the account expiry. Better document the
+ differences between locked password and locked account.
+
+Fixes: #492307 (and indirectly #412234).
+
+Status wrt upstream: Still not applied.
+
+Index: shadow-4.1.1/man/passwd.1.xml
+===================================================================
+--- shadow-4.1.1.orig/man/passwd.1.xml 2008-07-26 14:19:16.001439567 +0200
++++ shadow-4.1.1/man/passwd.1.xml 2008-07-26 16:08:30.562285434 +0200
+@@ -197,9 +197,21 @@
+ </term>
+ <listitem>
+ <para>
+- Lock the named account. This option disables an account by changing
+- the password to a value which matches no possible encrypted value,
+- and by setting the account expiry field to 1.
++ Lock the password of the named account. This option disables a password by changing
++ it to a value which matches no possible encrypted value
++ (it adds a '!' at the beginning of the password).
++ </para>
++ <para>
++ Note that this does not disable the account. The user may
++ still be able to login using another authentication token (e.g.
++ an SSH key).
++ To disable the account, administrators should use
++ <command>usermod --expiredate 1</command> (this set the account's
++ expire date to Jan 2, 1970).
++ </para>
++ <para>
++ Users with a locked password are not allowed to change their
++ password.
+ </para>
+ </listitem>
+ </varlistentry>
+@@ -258,10 +270,9 @@
+ </term>
+ <listitem>
+ <para>
+- Unlock the named account. This option re-enables an account by
+- changing the password back to its previous value (to value before
+- using <option>-l</option> option), and by resetting the account
+- expiry field.
++ Unlock the password of the named account. This option re-enables a password by
++ changing the password back to its previous value (to the value before
++ using <option>-l</option> option, by removing the leading '!').
+ </para>
+ </listitem>
+ </varlistentry>
+@@ -402,6 +413,9 @@
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum>
++ </citerefentry>,
++ <citerefentry>
++ <refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>.
+ </para>
+ </refsect1>
+Index: shadow-4.1.1/src/passwd.c
+===================================================================
+--- shadow-4.1.1.orig/src/passwd.c 2008-07-26 14:19:02.809439918 +0200
++++ shadow-4.1.1/src/passwd.c 2008-07-26 16:17:14.104439588 +0200
+@@ -76,11 +76,11 @@
+ eflg = 0, /* -e - force password change */
+ iflg = 0, /* -i - set inactive days */
+ kflg = 0, /* -k - change only if expired */
+- lflg = 0, /* -l - lock account */
++ lflg = 0, /* -l - lock the user's password */
+ nflg = 0, /* -n - set minimum days */
+ qflg = 0, /* -q - quiet mode */
+ Sflg = 0, /* -S - show password status */
+- uflg = 0, /* -u - unlock account */
++ uflg = 0, /* -u - unlock the user's password */
+ wflg = 0, /* -w - set warning days */
+ xflg = 0; /* -x - set maximum days */
+
+@@ -155,13 +155,13 @@
+ " -k, --keep-tokens change password only if expired\n"
+ " -i, --inactive INACTIVE set password inactive after expiration\n"
+ " to INACTIVE\n"
+- " -l, --lock lock the named account\n"
++ " -l, --lock lock the password of the named account\n"
+ " -n, --mindays MIN_DAYS set minimum number of days before password\n"
+ " change to MIN_DAYS\n"
+ " -q, --quiet quiet mode\n"
+ " -r, --repository REPOSITORY change password in REPOSITORY repository\n"
+ " -S, --status report password status on the named account\n"
+- " -u, --unlock unlock the named account\n"
++ " -u, --unlock unlock the password of the named account\n"
+ " -w, --warndays WARN_DAYS set expiration warning days to WARN_DAYS\n"
+ " -x, --maxdays MAX_DAYS set maximim number of days before password\n"
+ " change to MAX_DAYS\n"
+@@ -570,15 +570,6 @@
+ nsp->sp_inact = (inact * DAY) / SCALE;
+ if (do_update_age)
+ nsp->sp_lstchg = time ((time_t *) 0) / SCALE;
+- if (lflg) {
+- /* Set the account expiry field to 1.
+- * Some PAM implementation consider zero as a non expired
+- * account.
+- */
+- nsp->sp_expire = 1;
+- }
+- if (uflg)
+- nsp->sp_expire = -1;
+
+ /*
+ * Force change on next login, like SunOS 4.x passwd -e or Solaris
Modified: debian/trunk/debian/patches/506_relaxed_usernames
===================================================================
--- debian/trunk/debian/patches/506_relaxed_usernames 2008-08-31 17:41:03 UTC (rev 2337)
+++ debian/trunk/debian/patches/506_relaxed_usernames 2008-08-31 19:16:54 UTC (rev 2338)
@@ -1,6 +1,8 @@
Goal: Relaxed usernames/groupnames checking patch.
Status wrt upstream: Debian specific. Not to be used upstream
+ The documentation of the username length restriction
+ was added upstream
Details:
Allows any non-empty user/grounames that don't contain ':' and '\n'
@@ -60,7 +62,7 @@
</para>
</listitem>
</varlistentry>
-@@ -372,9 +373,13 @@
+@@ -372,9 +373,18 @@
</para>
<para>
@@ -71,9 +73,37 @@
+ a lower case letter or an underscore, and are only followed by lower
+ case letters, digits, underscores, dashes, and optionally terminated by
+ a dollar sign. In regular expression terms: [a-z_][a-z0-9_-]*[$]?
++ </para>
++ <para>
+ On Debian, the only constraints are that usernames must neither start
+ with a dash ('-') nor contain a colon (':') or a whitespace (space:' ',
+ end of line: '\n', tabulation: '\t', etc.).
++ </para>
++ <para>
++ Usernames may only be up to 32 characters long.
</para>
</refsect1>
+Index: shadow-4.1.1/man/groupadd.8.xml
+===================================================================
+--- shadow-4.1.1.orig/man/groupadd.8.xml 2008-08-15 09:07:37.033120372 -0300
++++ shadow-4.1.1/man/groupadd.8.xml 2008-08-15 09:10:24.961112507 -0300
+@@ -170,9 +170,15 @@
+ <refsect1 id='caveats'>
+ <title>CAVEATS</title>
+ <para>
+- Groupnames must begin with a lower case letter or an underscore,
+- and only lower case letters, underscores, dashes, and dollar signs
+- may follow. In regular expression terms: [a-z_][a-z0-9_-]*[$]
++ It is usually recommended to only use usernames that begin with
++ a lower case letter or an underscore, and are only followed by lower
++ case letters, digits, underscores, dashes, and optionally terminated by
++ a dollar sign. In regular expression terms: [a-z_][a-z0-9_-]*[$]?
++ </para>
++ <para>
++ On Debian, the only constraints are that usernames must neither start
++ with a dash ('-') nor contain a colon (':') or a whitespace (space:' ',
++ end of line: '\n', tabulation: '\t', etc.).
+ </para>
+ <para>
+ Groupnames may only be up to 16 characters long.
Modified: debian/trunk/debian/patches/507_32char_grnames.dpatch
===================================================================
--- debian/trunk/debian/patches/507_32char_grnames.dpatch 2008-08-31 17:41:03 UTC (rev 2337)
+++ debian/trunk/debian/patches/507_32char_grnames.dpatch 2008-08-31 19:16:54 UTC (rev 2338)
@@ -49,3 +49,16 @@
return 0;
return good_name (name);
+Index: shadow-4.1.1/man/groupadd.8.xml
+===================================================================
+--- shadow-4.1.1.orig/man/groupadd.8.xml
++++ shadow-4.1.1/man/groupadd.8.xml
+@@ -175,7 +175,7 @@
+ may follow. In regular expression terms: [a-z_][a-z0-9_-]*[$]
+ </para>
+ <para>
+- Groupnames may only be up to 16 characters long.
++ Groupnames may only be up to 32 characters long.
+ </para>
+ <para>
+ You may not add a NIS or LDAP group. This must be performed on the
Modified: debian/trunk/debian/patches/series
===================================================================
--- debian/trunk/debian/patches/series 2008-08-31 17:41:03 UTC (rev 2337)
+++ debian/trunk/debian/patches/series 2008-08-31 19:16:54 UTC (rev 2338)
@@ -28,3 +28,9 @@
406_vipw_resume_properly
414_remove-unwise-advices
415_login_put-echoctl-back
+300_SHA_crypt_method
+301_manpages_missing_options
+302_vim_selinux_support
+200_Czech_binary_translation
+494_passwd_lock-no_account_lock
+302_remove_non_translated_polish_manpages
Modified: debian/trunk/debian/securetty.linux
===================================================================
--- debian/trunk/debian/securetty.linux 2008-08-31 17:41:03 UTC (rev 2337)
+++ debian/trunk/debian/securetty.linux 2008-08-31 19:16:54 UTC (rev 2338)
@@ -19,6 +19,10 @@
ttyPSC4
ttyPSC5
+# PA-RISC mux ports
+ttyB0
+ttyB1
+
# Standard hypervisor virtual console
hvc0
More information about the Pkg-shadow-commits
mailing list