[Pkg-shadow-commits] r2522 - in debian/trunk/debian: . patches
nekral-guest at alioth.debian.org
nekral-guest at alioth.debian.org
Sat Mar 14 17:46:26 UTC 2009
Author: nekral-guest
Date: 2009-03-14 17:46:26 +0000 (Sat, 14 Mar 2009)
New Revision: 2522
Removed:
debian/trunk/debian/patches/504_undef_USE_PAM.dpatch
debian/trunk/debian/patches/504_undef_USE_PAM.nolibpam
debian/trunk/debian/patches/507_32char_grnames.dpatch
debian/trunk/debian/patches/579_chowntty_debug
debian/trunk/debian/patches/592_manpages_typos
Modified:
debian/trunk/debian/changelog
debian/trunk/debian/patches/008_login_log_failure_in_FTMP
debian/trunk/debian/patches/429_login_FAILLOG_ENAB
debian/trunk/debian/patches/463_login_delay_obeys_to_PAM
debian/trunk/debian/patches/series
debian/trunk/debian/rules
Log:
Cleanup for current upstream SVN version.
Modified: debian/trunk/debian/changelog
===================================================================
--- debian/trunk/debian/changelog 2009-03-14 16:18:06 UTC (rev 2521)
+++ debian/trunk/debian/changelog 2009-03-14 17:46:26 UTC (rev 2522)
@@ -1,7 +1,8 @@
-shadow (1:4.1.3-1) experimental; urgency=low
+shadow (1:4.1.3-1) unstable; urgency=low
* The "" release.
* New upstream release:
+ - Fix possible login DOS. Closes: #505071
- Remove patches applied upstream (4.1.2):
+ debian/patches/434_login_stop_checking_args_after--
+ debian/patches/491_configure.in_friendly_selinux_detection
@@ -14,17 +15,15 @@
+ debian/patches/200_Czech_binary_translation
+ debian/patches/302_remove_non_translated_polish_manpages
+ debian/patches/494_passwd_lock-no_account_lock
+ + debian/patches/200_Czech_binary_translation
+ + debian/patches/494_passwd_lock-no_account_lock
- Updated patches:
+ debian/patches/431_su_uid_0_not_root
+ debian/patches/463_login_delay_obeys_to_PAM
- + debian/patches/579_chowntty_debug
- + debian/patches/200_Czech_binary_translation
- + debian/patches/494_passwd_lock-no_account_lock
+ debian/patches/008_su_get_PAM_username
+ debian/patches/302_vim_selinux_support
+ debian/patches/008_login_log_failure_in_FTMP
+ debian/patches/429_login_FAILLOG_ENAB
- + debian/patches/507_32char_grnames.dpatch
+ debian/patches/428_grpck_add_prune_option
+ debian/patches/401_cppw_src.dpatch
+ debian/patches/506_relaxed_usernames
@@ -35,9 +34,9 @@
defined, the mailbox is not in MAIL_SPOOL_DIR.
* debian/patches/506_relaxed_usernames: Use an extra paragraph for the note
on username with a '/'.
- * debian/patches/504_undef_USE_PAM.dpatch:
- - USE_PAM needs to be undef after inclusion of "defines.h".
- - Added note about current upstream status
+ * debian/patches/504_undef_USE_PAM.nolibpam,
+ debian/patches/504_undef_USE_PAM.dpatch, debian/rules: Patches removed.
+ Replaced by the --disable-account-tools-setuid configure option.
* debian/control: changed the "Replaces" on manpages-zh to a versioned
one on 1.5.1-1
* debian/control: drop all Replaces on manpages-* when the version is
@@ -49,8 +48,13 @@
Added patches, only intended to be used in the testsuite.
* debian/securetty.linux: Added ttyPZ0, ttyPZ1, ttyPZ2, ttyPZ3 for PowerMac
machines. Closes: #511739
+ * debian/patches/579_chowntty_debug: Removed. With the fix for 505071 and
+ 505271, this additional debug information is no more needed.
+ * debian/patches/507_32char_grnames.dpatch: Patch removed. Replaced by the
+ --with-group-name-max-length=32 configure option.
+ * debian/patches/592_manpages_typos: No more needed.
- -- Christian Perrier <bubulle at debian.org> Mon, 07 Apr 2008 23:00:26 +0200
+ -- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net> Sat, 14 Mar 2009 18:44:29 +0100
shadow (1:4.1.1-4) unstable; urgency=low
Modified: debian/trunk/debian/patches/008_login_log_failure_in_FTMP
===================================================================
--- debian/trunk/debian/patches/008_login_log_failure_in_FTMP 2009-03-14 16:18:06 UTC (rev 2521)
+++ debian/trunk/debian/patches/008_login_log_failure_in_FTMP 2009-03-14 17:46:26 UTC (rev 2522)
@@ -11,7 +11,7 @@
@@ -722,6 +722,29 @@
#endif /* WITH_AUDIT */
- fprintf (stderr, "\nLogin incorrect\n");
+ fprintf (stderr, "\nLogin incorrect\n");
+ if (getdef_str("FTMP_FILE") != NULL) {
+#if HAVE_UTMPX_H
+ failent = utxent;
@@ -36,8 +36,8 @@
+ failtmp(&failent);
+ }
- /* Let's give it another go around */
- pam_set_item(pamh,PAM_USER,NULL);
+ /*
+ * Let's give it another go around.
Index: shadow-4.1.0/lib/getdef.c
===================================================================
--- shadow-4.1.0.orig/lib/getdef.c
Modified: debian/trunk/debian/patches/429_login_FAILLOG_ENAB
===================================================================
--- debian/trunk/debian/patches/429_login_FAILLOG_ENAB 2009-03-14 16:18:06 UTC (rev 2521)
+++ debian/trunk/debian/patches/429_login_FAILLOG_ENAB 2009-03-14 17:46:26 UTC (rev 2522)
@@ -24,18 +24,18 @@
static void check_nologin (void);
#endif
@@ -673,6 +673,8 @@
- SYSLOG ((LOG_NOTICE,
- "TOO MANY LOGIN TRIES (%d)%s FOR `%s'",
- failcount, fromhost, failent_user));
-+ if (pwd && getdef_bool("FAILLOG_ENAB"))
-+ failure (pwent.pw_uid, tty, &faillog);
- fprintf(stderr,
- _("Maximum number of tries exceeded (%d)\n"),
- failcount);
+ SYSLOG ((LOG_NOTICE,
+ "TOO MANY LOGIN TRIES (%d)%s FOR `%s'",
+ failcount, fromhost, failent_user));
++ if (pwd && getdef_bool("FAILLOG_ENAB"))
++ failure (pwent.pw_uid, tty, &faillog);
+ fprintf(stderr,
+ _("Maximum number of tries exceeded (%d)\n"),
+ failcount);
@@ -690,6 +692,13 @@
- pam_strerror (pamh, retcode)));
- failed = 1;
- }
+ pam_strerror (pamh, retcode)));
+ failed = true;
+ }
+ if (pwd && getdef_bool("FAILLOG_ENAB") &&
+ ! failcheck (pwent.pw_uid, &faillog, failed)) {
+ SYSLOG((LOG_CRIT,
@@ -44,14 +44,14 @@
+ failed = 1;
+ }
- if (!failed)
- break;
-@@ -722,6 +731,8 @@
+ if (!failed) {
+ break;
+@@ -766,6 +731,8 @@
#endif /* WITH_AUDIT */
- fprintf (stderr, "\nLogin incorrect\n");
-+ if (pwd && getdef_bool("FAILLOG_ENAB"))
-+ failure (pwent.pw_uid, tty, &faillog);
+ fprintf (stderr, "\nLogin incorrect\n");
++ if (pwd && getdef_bool("FAILLOG_ENAB"))
++ failure (pwent.pw_uid, tty, &faillog);
if (getdef_str("FTMP_FILE") != NULL) {
#if HAVE_UTMPX_H
failent = utxent;
Modified: debian/trunk/debian/patches/463_login_delay_obeys_to_PAM
===================================================================
--- debian/trunk/debian/patches/463_login_delay_obeys_to_PAM 2009-03-14 16:18:06 UTC (rev 2521)
+++ debian/trunk/debian/patches/463_login_delay_obeys_to_PAM 2009-03-14 17:46:26 UTC (rev 2522)
@@ -12,13 +12,13 @@
--- shadow-4.1.0.orig/src/login.c
+++ shadow-4.1.0/src/login.c
@@ -331,7 +331,6 @@
+ #if defined(HAVE_STRFTIME) && !defined(USE_PAM)
char ptime[80];
#endif
- int reason = PW_LOGIN;
- int delay;
int retries;
- int failed;
- int flag;
+ bool failed;
+ bool subroot = false;
@@ -354,6 +353,7 @@
char *pam_user;
char **ptr_pam_user = &pam_user;
@@ -28,43 +28,44 @@
#endif
/*
@@ -578,7 +578,6 @@
- alarm (timeout);
+ }
- environ = newenvp; /* make new environment active */
-- delay = getdef_num ("FAIL_DELAY", 1);
- retries = getdef_num ("LOGIN_RETRIES", RETRIES);
+ environ = newenvp; /* make new environment active */
+- delay = getdef_num ("FAIL_DELAY", 1);
+ retries = getdef_num ("LOGIN_RETRIES", RETRIES);
#ifdef USE_PAM
@@ -594,17 +593,12 @@
- /*
- * hostname & tty are either set to NULL or their correct values,
-- * depending on how much we know. We also set PAM's fail delay to
-- * ours.
-+ * depending on how much we know.
- */
- retcode = pam_set_item (pamh, PAM_RHOST, hostname);
- PAM_FAIL_CHECK;
- retcode = pam_set_item (pamh, PAM_TTY, tty);
- PAM_FAIL_CHECK;
+ /*
+ * hostname & tty are either set to NULL or their correct values,
+- * depending on how much we know. We also set PAM's fail delay to
+- * ours.
++ * depending on how much we know.
+ */
+ retcode = pam_set_item (pamh, PAM_RHOST, hostname);
+ PAM_FAIL_CHECK;
+ retcode = pam_set_item (pamh, PAM_TTY, tty);
+ PAM_FAIL_CHECK;
-#ifdef HAS_PAM_FAIL_DELAY
-- retcode = pam_fail_delay (pamh, 1000000 * delay);
-- PAM_FAIL_CHECK;
+- retcode = pam_fail_delay (pamh, 1000000 * delay);
+- PAM_FAIL_CHECK;
-#endif
- /* if fflg, then the user has already been authenticated */
- if (!fflg || (getuid () != 0)) {
- int failcount = 0;
-@@ -645,11 +639,6 @@
- failed = 0;
+ /* if fflg, then the user has already been authenticated */
+ if (!fflg || (getuid () != 0)) {
+ int failcount = 0;
+@@ -645,12 +639,6 @@
+ failed = false;
- failcount++;
+ failcount++;
-#ifdef HAS_PAM_FAIL_DELAY
-- if (delay > 0) {
-- retcode = pam_fail_delay(pamh, 1000000*delay);
-- }
+- if (delay > 0) {
+- retcode = pam_fail_delay(pamh, 1000000*delay);
+- PAM_FAIL_CHECK;
+- }
-#endif
- retcode = pam_authenticate (pamh, 0);
+ retcode = pam_authenticate (pamh, 0);
@@ -956,14 +948,17 @@
pw_auth ("!", username, reason, (char *) 0);
Deleted: debian/trunk/debian/patches/504_undef_USE_PAM.dpatch
===================================================================
--- debian/trunk/debian/patches/504_undef_USE_PAM.dpatch 2009-03-14 16:18:06 UTC (rev 2521)
+++ debian/trunk/debian/patches/504_undef_USE_PAM.dpatch 2009-03-14 17:46:26 UTC (rev 2522)
@@ -1,206 +0,0 @@
-Goal: Do not use PAM for chage, chpasswd, groupadd, groupdel, groupmod
- newusers, useradd, userdel, usermod, chgpasswd (keep them low-level)
-Fixes: #283961, #162181, #162199, #162228, #369806.
-
-Status wrt upstream: A configure option was added. To be tested with 4.1.3.
-
-Index: shadow-4.1.2/src/chage.c
-===================================================================
---- shadow-4.1.2.orig/src/chage.c 2008-06-13 23:23:11.000000000 +0200
-+++ shadow-4.1.2/src/chage.c 2008-06-16 02:29:28.463262026 +0200
-@@ -31,6 +31,7 @@
- */
-
- #include <config.h>
-+#undef USE_PAM
-
- #ident "$Id: chage.c 2162 2008-06-13 21:23:09Z nekral-guest $"
-
-@@ -53,6 +54,7 @@
- #include "exitcodes.h"
- #include "prototypes.h"
- #include "defines.h"
-+#undef USE_PAM
- #include "pwio.h"
- #include "shadowio.h"
- /*
-Index: shadow-4.1.2/src/chpasswd.c
-===================================================================
---- shadow-4.1.2.orig/src/chpasswd.c 2008-06-13 20:11:10.000000000 +0200
-+++ shadow-4.1.2/src/chpasswd.c 2008-06-16 02:30:16.079421379 +0200
-@@ -31,6 +31,7 @@
- */
-
- #include <config.h>
-+#undef USE_PAM
-
- #ident "$Id: chpasswd.c 2130 2008-06-13 18:11:09Z nekral-guest $"
-
-@@ -43,6 +44,7 @@
- #include "pam_defs.h"
- #endif /* USE_PAM */
- #include "defines.h"
-+#undef USE_PAM
- #include "exitcodes.h"
- #include "nscd.h"
- #include "prototypes.h"
-Index: shadow-4.1.2/src/groupadd.c
-===================================================================
---- shadow-4.1.2.orig/src/groupadd.c 2008-06-13 23:19:12.000000000 +0200
-+++ shadow-4.1.2/src/groupadd.c 2008-06-16 02:30:41.299262034 +0200
-@@ -31,6 +31,7 @@
- */
-
- #include <config.h>
-+#undef USE_PAM
-
- #ident "$Id: groupadd.c 2161 2008-06-13 21:19:07Z nekral-guest $"
-
-@@ -47,6 +48,7 @@
- #endif /* USE_PAM */
- #include "chkname.h"
- #include "defines.h"
-+#undef USE_PAM
- #include "getdef.h"
- #include "groupio.h"
- #include "nscd.h"
-Index: shadow-4.1.2/src/groupdel.c
-===================================================================
---- shadow-4.1.2.orig/src/groupdel.c 2008-06-13 22:59:07.000000000 +0200
-+++ shadow-4.1.2/src/groupdel.c 2008-06-16 02:30:49.651262093 +0200
-@@ -31,6 +31,7 @@
- */
-
- #include <config.h>
-+#undef USE_PAM
-
- #ident "$Id: groupdel.c 2154 2008-06-13 20:59:04Z nekral-guest $"
-
-@@ -44,6 +45,7 @@
- #include <stdio.h>
- #include <sys/types.h>
- #include "defines.h"
-+#undef USE_PAM
- #include "groupio.h"
- #include "nscd.h"
- #include "prototypes.h"
-Index: shadow-4.1.2/src/groupmod.c
-===================================================================
---- shadow-4.1.2.orig/src/groupmod.c 2008-06-13 23:08:07.000000000 +0200
-+++ shadow-4.1.2/src/groupmod.c 2008-06-16 02:30:58.227367347 +0200
-@@ -31,6 +31,7 @@
- */
-
- #include <config.h>
-+#undef USE_PAM
-
- #ident "$Id: groupmod.c 2158 2008-06-13 21:08:06Z nekral-guest $"
-
-@@ -46,6 +47,7 @@
- #endif /* USE_PAM */
- #include "chkname.h"
- #include "defines.h"
-+#undef USE_PAM
- #include "groupio.h"
- #include "pwio.h"
- #include "nscd.h"
-Index: shadow-4.1.2/src/newusers.c
-===================================================================
---- shadow-4.1.2.orig/src/newusers.c 2008-06-13 22:56:45.000000000 +0200
-+++ shadow-4.1.2/src/newusers.c 2008-06-16 02:31:41.669480684 +0200
-@@ -39,6 +39,7 @@
- */
-
- #include <config.h>
-+#undef USE_PAM
-
- #ident "$Id: newusers.c 2152 2008-06-13 20:56:44Z nekral-guest $"
-
-@@ -55,6 +56,7 @@
- #endif /* USE_PAM */
- #include "prototypes.h"
- #include "defines.h"
-+#undef USE_PAM
- #include "getdef.h"
- #include "groupio.h"
- #include "nscd.h"
-Index: shadow-4.1.2/src/useradd.c
-===================================================================
---- shadow-4.1.2.orig/src/useradd.c 2008-06-16 01:33:59.000000000 +0200
-+++ shadow-4.1.2/src/useradd.c 2008-06-16 02:31:09.347908114 +0200
-@@ -31,6 +31,7 @@
- */
-
- #include <config.h>
-+#undef USE_PAM
-
- #ident "$Id: useradd.c 2189 2008-06-15 22:25:51Z nekral-guest $"
-
-@@ -51,6 +52,7 @@
- #include <time.h>
- #include "chkname.h"
- #include "defines.h"
-+#undef USE_PAM
- #include "faillog.h"
- #include "getdef.h"
- #include "groupio.h"
-Index: shadow-4.1.2/src/userdel.c
-===================================================================
---- shadow-4.1.2.orig/src/userdel.c 2008-06-13 22:23:28.000000000 +0200
-+++ shadow-4.1.2/src/userdel.c 2008-06-16 02:31:15.268028621 +0200
-@@ -31,6 +31,7 @@
- */
-
- #include <config.h>
-+#undef USE_PAM
-
- #ident "$Id: userdel.c 2147 2008-06-13 20:23:26Z nekral-guest $"
-
-@@ -47,6 +48,7 @@
- #include "pam_defs.h"
- #endif /* USE_PAM */
- #include "defines.h"
-+#undef USE_PAM
- #include "getdef.h"
- #include "groupio.h"
- #include "nscd.h"
-Index: shadow-4.1.2/src/usermod.c
-===================================================================
---- shadow-4.1.2.orig/src/usermod.c 2008-06-16 01:52:28.000000000 +0200
-+++ shadow-4.1.2/src/usermod.c 2008-06-16 02:31:21.364381584 +0200
-@@ -31,6 +31,7 @@
- */
-
- #include <config.h>
-+#undef USE_PAM
-
- #ident "$Id: usermod.c 2151 2008-06-13 20:40:04Z nekral-guest $"
-
-@@ -50,6 +51,7 @@
- #include <time.h>
- #include "chkname.h"
- #include "defines.h"
-+#undef USE_PAM
- #include "faillog.h"
- #include "getdef.h"
- #include "groupio.h"
-Index: shadow-4.1.2/src/chgpasswd.c
-===================================================================
---- shadow-4.1.2.orig/src/chgpasswd.c 2008-06-13 20:11:10.000000000 +0200
-+++ shadow-4.1.2/src/chgpasswd.c 2008-06-16 02:31:48.547282333 +0200
-@@ -31,6 +31,7 @@
- */
-
- #include <config.h>
-+#undef USE_PAM
-
- #ident "$Id: chgpasswd.c 2130 2008-06-13 18:11:09Z nekral-guest $"
-
-@@ -43,6 +44,7 @@
- #include "pam_defs.h"
- #endif /* USE_PAM */
- #include "defines.h"
-+#undef USE_PAM
- #include "nscd.h"
- #include "prototypes.h"
- #include "groupio.h"
Deleted: debian/trunk/debian/patches/504_undef_USE_PAM.nolibpam
===================================================================
--- debian/trunk/debian/patches/504_undef_USE_PAM.nolibpam 2009-03-14 16:18:06 UTC (rev 2521)
+++ debian/trunk/debian/patches/504_undef_USE_PAM.nolibpam 2009-03-14 17:46:26 UTC (rev 2522)
@@ -1,60 +0,0 @@
-Status wrt upstream: A configure option was added. To be tested with
- 4.1.3.
-
-Index: shadow-4.1.0/src/Makefile.am
-===================================================================
---- shadow-4.1.0.orig/src/Makefile.am
-+++ shadow-4.1.0/src/Makefile.am
-@@ -55,17 +55,17 @@
- $(top_builddir)/lib/libshadow.la
- AM_CPPFLAGS = -DLOCALEDIR=\"$(datadir)/locale\"
-
--chage_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX)
-+chage_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX)
--chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT) $(LIBSKEY) $(LIBMD)
-+chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX)
--chgpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT)
-+chgpasswd_LDADD = $(LDADD) $(LIBSELINUX) $(LIBCRYPT)
--chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT) $(LIBSKEY) $(LIBMD)
-+chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX)
--chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT)
-+chpasswd_LDADD = $(LDADD) $(LIBSELINUX) $(LIBCRYPT)
- cppw_LDADD = $(LDADD) $(LIBSELINUX)
- gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT)
--groupadd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX)
--groupdel_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX)
-+groupadd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX)
-+groupdel_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX)
- groupmems_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX)
--groupmod_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX)
-+groupmod_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX)
- grpck_LDADD = $(LDADD) $(LIBSELINUX)
- grpconv_LDADD = $(LDADD) $(LIBSELINUX)
- grpunconv_LDADD = $(LDADD) $(LIBSELINUX)
-@@ -74,7 +74,7 @@
- login_nopam.c
--login_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT) $(LIBSKEY) $(LIBMD)
-+login_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT)
--newgrp_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT)
-+newgrp_LDADD = $(LDADD) $(LIBAUDIT) $(LIBCRYPT)
--newusers_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT)
-+newusers_LDADD = $(LDADD) $(LIBSELINUX) $(LIBCRYPT)
- nologin_LDADD =
--passwd_LDADD = $(LDADD) $(LIBPAM) $(LIBCRACK) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT)
-+passwd_LDADD = $(LDADD) $(LIBPAM) $(LIBCRACK) $(LIBAUDIT) $(LIBSELINUX)
- pwck_LDADD = $(LDADD) $(LIBSELINUX)
-@@ -84,10 +84,10 @@
- su.c \
- suauth.c
--su_LDADD = $(LDADD) $(LIBPAM) $(LIBCRYPT) $(LIBSKEY) $(LIBMD)
-+su_LDADD = $(LDADD) $(LIBPAM)
- sulogin_LDADD = $(LDADD) $(LIBCRYPT)
--useradd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX)
--userdel_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX)
--usermod_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX)
-+useradd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX)
-+userdel_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX)
-+usermod_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX)
- vipw_LDADD = $(LDADD) $(LIBSELINUX)
-
- install-am: all-am
Deleted: debian/trunk/debian/patches/507_32char_grnames.dpatch
===================================================================
--- debian/trunk/debian/patches/507_32char_grnames.dpatch 2009-03-14 16:18:06 UTC (rev 2521)
+++ debian/trunk/debian/patches/507_32char_grnames.dpatch 2009-03-14 17:46:26 UTC (rev 2522)
@@ -1,65 +0,0 @@
-#! /bin/sh -e
-## 407_32char_grnames_240456.dpatch by xrgtn
-##
-## All lines beginning with `## DP:' are a description of the patch.
-##
-## DP: The patch allows 32 character long group names instead of only 16
-## DP: characters.
-## DP:
-## DP: Comments from Karl Ramm (shadow 1:4.0.3-23, 28 Mar 2004 19:46:34 -0500):
-## DP:
-## DP: increase maximum group name size to 32 for no particularly good reason
-## DP: closes: #240456
-
-if [ $# -lt 1 ]; then
- echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
- exit 1
-fi
-
-[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts
-patch_opts="${patch_opts:--f --no-backup-if-mismatch} ${2:+-d $2}"
-
-case "$1" in
- -patch) patch -p1 ${patch_opts} < $0;;
- -unpatch) patch -R -p1 ${patch_opts} < $0;;
- *)
- echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
- exit 1;;
-esac
-
-exit 0
-
- at DPATCH@
-
-Index: shadow-4.1.0/libmisc/chkname.c
-===================================================================
---- shadow-4.1.0.orig/libmisc/chkname.c
-+++ shadow-4.1.0/libmisc/chkname.c
-@@ -70,10 +70,10 @@
- bool is_valid_group_name (const char *name)
- {
- /*
-- * Arbitrary limit for group names - max 16
-- * characters (same as on HP-UX 10).
-+ * Arbitrary limit for group names - max 32
-+ * same as linux UT_NAMESIZE
- */
-- if (strlen (name) > 16) {
-+ if (strlen (name) > 32) {
- return false;
- }
-
- return good_name (name);
-Index: shadow-4.1.1/man/groupadd.8.xml
-===================================================================
---- shadow-4.1.1.orig/man/groupadd.8.xml
-+++ shadow-4.1.1/man/groupadd.8.xml
-@@ -175,7 +175,7 @@
- may follow. In regular expression terms: [a-z_][a-z0-9_-]*[$]
- </para>
- <para>
-- Groupnames may only be up to 16 characters long.
-+ Groupnames may only be up to 32 characters long.
- </para>
- <para>
- You may not add a NIS or LDAP group. This must be performed on the
Deleted: debian/trunk/debian/patches/579_chowntty_debug
===================================================================
--- debian/trunk/debian/patches/579_chowntty_debug 2009-03-14 16:18:06 UTC (rev 2521)
+++ debian/trunk/debian/patches/579_chowntty_debug 2009-03-14 17:46:26 UTC (rev 2522)
@@ -1,62 +0,0 @@
-Goal: Provide more info when chown_tty() phase of login fails (see #332198).
-
-Related: #332198 (helps to debug)
-
-Status wrt upstream: Not forwarded (dunno if there's any point in this).
-
-This patch increases verbosity of is_my_tty() routine which is called
-from chown_tty() which in turn is part of login sequence. Submitter of
-the bug #332198 sometimes gets telnet session refused, but message in
-syslog is not at all helpful:
-> ... login[453]: unable to determine TTY name, got /dev/pts/1
-and in fact it's misleading, because tty name is detected OK, it's
-is_my_tty() which is failing for a reason yet unknown (I suspect
-corruption of utmp file).
-
-Index: shadow-4.1.0/libmisc/chowntty.c
-===================================================================
---- shadow-4.1.0.orig/libmisc/chowntty.c
-+++ shadow-4.1.0/libmisc/chowntty.c
-@@ -40,6 +40,7 @@
- #include "defines.h"
- #include <pwd.h>
- #include "getdef.h"
-+#include <sys/sysmacros.h>
- /*
- * is_my_tty -- determine if "tty" is the same as TTY stdin is using
- */
-@@ -47,13 +48,31 @@
- {
- struct stat by_name, by_fd;
-
-- if ((stat (tty, &by_name) != 0) || (fstat (0, &by_fd) != 0)) {
-+ if (stat (tty, &by_name) != 0) {
-+ /* Can use neither strerror() nor "%m" sequence -- first
-+ * is locale-dependent (while SYSLOG isn't) and for second
-+ * the SYSLOG macro isn't errno-transparent. --xrgtn */
-+ int e = errno;
-+ SYSLOG ((LOG_WARN, "can't stat(`%s'): errno %i\n", tty, e));
- return false;
- }
-
-- if (by_name.st_rdev != by_fd.st_rdev) {
-+ if (fstat (0, &by_fd) != 0) {
-+ int e = errno;
-+ SYSLOG ((LOG_WARN, "can't fstat(stdin): errno %i\n", e));
- return false;
-- } else {
-+ }
-+
-+ if (by_name.st_rdev != by_fd.st_rdev) {
-+ SYSLOG ((LOG_WARN,
-+ "`%s'.st_rdev(%u,%u) != stdin.st_rdev(%u,%u)\n",
-+ tty,
-+ /* XXX: dev_t is 64bit, gnu_dev_mXXor are used
-+ * which are GNU extn */
-+ major(by_name.st_rdev), minor(by_name.st_rdev),
-+ major(by_fd.st_rdev), minor(by_fd.st_rdev)));
-+ return false;
-+ } else {
- return true;
- }
- }
Deleted: debian/trunk/debian/patches/592_manpages_typos
===================================================================
--- debian/trunk/debian/patches/592_manpages_typos 2009-03-14 16:18:06 UTC (rev 2521)
+++ debian/trunk/debian/patches/592_manpages_typos 2009-03-14 17:46:26 UTC (rev 2522)
@@ -1,36 +0,0 @@
-Goal: fix some typos in the XML manpages.
-
-Fixes: #352135, 369806
-
-Status wrt upstream: Debian specific.
-
-It is probably a bug of docbook-xsl 1.68.1-0.1
-
-Index: shadow-4.1.0/man/passwd.1.xml
-===================================================================
---- shadow-4.1.0.orig/man/passwd.1.xml
-+++ shadow-4.1.0/man/passwd.1.xml
-@@ -97,8 +97,8 @@
- <title>Hints for user passwords</title>
- <para>
- The security of a password depends upon the strength of the
-- encryption algorithm and the size of the key space. The
-- <emphasis>UNIX</emphasis> System encryption method is based on the
-+ encryption algorithm and the size of the key space.
-+ The <emphasis>UNIX</emphasis> System encryption method is based on the
- NBS DES algorithm and is very secure. The size of the key space
- depends upon the randomness of the password which is selected.
- </para>
-Index: shadow-4.1.0/man/useradd.8.xml
-===================================================================
---- shadow-4.1.0.orig/man/useradd.8.xml
-+++ shadow-4.1.0/man/useradd.8.xml
-@@ -46,7 +46,7 @@
- <title>DESCRIPTION</title>
- <para>
- When invoked without the <option>-D</option> option, the
-- <command>useradd</command> command creates a new user account using
-+ <command>useradd</command> command creates a new user account using
- the values specified on the command line plus the default values from
- the system. Depending on command line options, the
- <command>useradd</command> command
Modified: debian/trunk/debian/patches/series
===================================================================
--- debian/trunk/debian/patches/series 2009-03-14 16:18:06 UTC (rev 2521)
+++ debian/trunk/debian/patches/series 2009-03-14 17:46:26 UTC (rev 2522)
@@ -10,24 +10,16 @@
008_login_log_failure_in_FTMP
429_login_FAILLOG_ENAB
401_cppw_src.dpatch
-504_undef_USE_PAM.dpatch
-504_undef_USE_PAM.nolibpam
506_relaxed_usernames
-507_32char_grnames.dpatch
542_useradd-O_option
501_commonio_group_shadow
463_login_delay_obeys_to_PAM
523_su_arguments_are_concatenated
523_su_arguments_are_no_more_concatenated_by_default
-579_chowntty_debug
483_su_fakelogin_wrong_arg0
-592_manpages_typos
403_fix_PATH-MAX_hurd
508_nologin_in_usr_sbin
505_useradd_recommend_adduser
415_login_put-echoctl-back
302_vim_selinux_support
-200_Czech_binary_translation
-494_passwd_lock-no_account_lock
-302_remove_non_translated_polish_manpages
402_cppw_selinux
Modified: debian/trunk/debian/rules
===================================================================
--- debian/trunk/debian/rules 2009-03-14 16:18:06 UTC (rev 2521)
+++ debian/trunk/debian/rules 2009-03-14 17:46:26 UTC (rev 2522)
@@ -23,7 +23,7 @@
DEB_AUTO_UPDATE_AUTOMAKE = 1.9
# Adds extra options when calling the configure script:
-DEB_CONFIGURE_EXTRA_FLAGS := --disable-shared --without-libcrack --without-audit --mandir=/usr/share/man --with-libpam --enable-shadowgrp --enable-man
+DEB_CONFIGURE_EXTRA_FLAGS := --disable-shared --without-libcrack --without-audit --mandir=/usr/share/man --with-libpam --enable-shadowgrp --enable-man --disable-account-tools-setuid --with-group-name-max-length=32
ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
DEB_CONFIGURE_EXTRA_FLAGS += --host=$(DEB_HOST_GNU_TYPE)
endif
More information about the Pkg-shadow-commits
mailing list