[Pkg-shadow-commits] r3366 - in debian/trunk/debian: . patches
Nicolas FRANÇOIS
nekral-guest at alioth.debian.org
Fri Jun 24 21:44:27 UTC 2011
Author: nekral-guest
Date: 2011-06-24 21:44:27 +0000 (Fri, 24 Jun 2011)
New Revision: 3366
Removed:
debian/trunk/debian/patches/008_su_get_PAM_username
debian/trunk/debian/patches/300_CVE-2011-0721
Modified:
debian/trunk/debian/changelog
debian/trunk/debian/control
debian/trunk/debian/patches/008_login_log_failure_in_FTMP
debian/trunk/debian/patches/401_cppw_src.dpatch
debian/trunk/debian/patches/429_login_FAILLOG_ENAB
debian/trunk/debian/patches/463_login_delay_obeys_to_PAM
debian/trunk/debian/patches/501_commonio_group_shadow
debian/trunk/debian/patches/505_useradd_recommend_adduser
debian/trunk/debian/patches/506_relaxed_usernames
debian/trunk/debian/patches/508_nologin_in_usr_sbin
debian/trunk/debian/patches/523_su_arguments_are_concatenated
debian/trunk/debian/patches/523_su_arguments_are_no_more_concatenated_by_default
debian/trunk/debian/patches/542_useradd-O_option
debian/trunk/debian/patches/series
debian/trunk/debian/securetty.linux
Log:
- name the next release (which should be a 4.1.5)
- reindent according to previous entry, and use the same bug closing
style
- document bugs closed by the latest upstream
- refresh patch according to latest upstream
- remove patch not needed with latest upstream
- sort translations alphabetically
- debian/control: mark passwd as 'Multi-Arch: foreign'. Closes: #614321
- debian/securetty.linux: Add IBM pSeries console ports. Closes: #597661
- debian/securetty.linux: Add serial Console for MIPS Swarm.
(http://lists.debian.org/debian-release/2011/02/msg00320.html)
Modified: debian/trunk/debian/changelog
===================================================================
--- debian/trunk/debian/changelog 2011-06-18 05:33:43 UTC (rev 3365)
+++ debian/trunk/debian/changelog 2011-06-24 21:44:27 UTC (rev 3366)
@@ -1,26 +1,55 @@
-shadow (1:4.1.4.2+svnXXXX-1) unstable; urgency=low
+shadow (1:4.1.5-1) unstable; urgency=low
- * New upstream version
- * Upstream fixes:
- - Fix several typos in manpages. Thanks to Simon Brandmair
- (Closes: #628776)
- * Upstream translation updates from Debian BTS:
- - Japanese (Closes: #620978)
- - Kazakh (Closes: #620930)
- - Danish (Closes: #621330)
- - Swedish (Closes: #621126)
- - Russian (Closes: #622106)
- - Brazilian Portuguese (Closes: #622834)
- - German (Closes: #622908)
- - French (Closes: #623608)
- - Portuguese (Closes: #623722)
- - Catalan (Closes: #627526)
- - Spanish (Closes: #630618)
- * Upstream manpages translation updates from Debian BTS:
- - French (Closes: #630250)
- - German (Closes: #628777)
+ * The "Charolais" release.
+ * New upstream release:
+ - userdel: Check the existence of the user's mail spool before trying to
+ remove it. If it does not exist, a warning is issued, but no failure.
+ Closes: #617295
+ - userdel: Do not remove a group with the same name as the user
+ (usergroup) if this group isn't the user's primary group.
+ Closes: #584868
+ - su: Fix possible tty hijacking by drop the controlling terminal when
+ executing a command. Closes: #628843
+ - su: Close the PAM session as root (fix issues with pam_mount and
+ pam_systemd). Closes: #580434
+ - Fix several typos in manpages. Thanks to Simon Brandmair.
+ Closes: #628776
+ - Updated patches
+ + debian/patches/523_su_arguments_are_no_more_concatenated_by_default
+ + debian/patches/505_useradd_recommend_adduser
+ + debian/patches/463_login_delay_obeys_to_PAM
+ + debian/patches/008_login_log_failure_in_FTMP
+ + debian/patches/501_commonio_group_shadow
+ + debian/patches/429_login_FAILLOG_ENAB
+ + debian/patches/508_nologin_in_usr_sbin
+ + debian/patches/506_relaxed_usernames
+ + debian/patches/523_su_arguments_are_concatenated
+ + debian/patches/542_useradd-O_option
+ + debian/patches/401_cppw_src.dpatch
+ - debian/patches/008_su_get_PAM_username: Removed, feature supported
+ upstream.
+ - debian/patches/300_CVE-2011-0721: Removed, applied upstream.
+ - Upstream translation updates from Debian BTS:
+ + Brazilian Portuguese. Closes: #622834
+ + Catalan. Closes: #627526
+ + Danish. Closes: #621330
+ + German. Closes: #622908
+ + French. Closes: #623608
+ + Japanese. Closes: #620978
+ + Kazakh. Closes: #620930
+ + Portuguese. Closes: #623722
+ + Russian. Closes: #622106
+ + Spanish (Closes: #630618)
+ + Swedish. Closes: #621126
+ - Upstream manpages translation updates from Debian BTS:
+ + French. Closes: #630250
+ + German. Closes: #628777
+ * debian/control: mark passwd as 'Multi-Arch: foreign'. Closes: #614321
+ * debian/securetty.linux: Add IBM pSeries console ports. Closes: #597661
+ * debian/securetty.linux: Add serial Console for MIPS Swarm.
+ (http://lists.debian.org/debian-release/2011/02/msg00320.html)
- -- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net> Sat, 04 Jun 2011 09:39:38 +0200
+ -- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net> Fri, 24 Jun 2011 23:43:56 +0200
shadow (1:4.1.4.2+svn3283-3) unstable; urgency=high
Modified: debian/trunk/debian/control
===================================================================
--- debian/trunk/debian/control 2011-06-18 05:33:43 UTC (rev 3365)
+++ debian/trunk/debian/control 2011-06-24 21:44:27 UTC (rev 3366)
@@ -13,6 +13,7 @@
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, libpam-modules, debianutils (>= 2.15.2)
Replaces: manpages-tr (<<1.0.5), manpages-zh (<<1.5.1-1)
+Multi-Arch: foreign
Description: change and administer password and group data
This package includes passwd, chsh, chfn, and many other programs to
maintain password and group data.
Modified: debian/trunk/debian/patches/008_login_log_failure_in_FTMP
===================================================================
--- debian/trunk/debian/patches/008_login_log_failure_in_FTMP 2011-06-18 05:33:43 UTC (rev 3365)
+++ debian/trunk/debian/patches/008_login_log_failure_in_FTMP 2011-06-24 21:44:27 UTC (rev 3366)
@@ -6,7 +6,7 @@
--- a/src/login.c
+++ b/src/login.c
-@@ -832,6 +832,24 @@
+@@ -831,6 +831,24 @@
(void) puts ("");
(void) puts (_("Login incorrect"));
Deleted: debian/trunk/debian/patches/008_su_get_PAM_username
===================================================================
--- debian/trunk/debian/patches/008_su_get_PAM_username 2011-06-18 05:33:43 UTC (rev 3365)
+++ debian/trunk/debian/patches/008_su_get_PAM_username 2011-06-24 21:44:27 UTC (rev 3366)
@@ -1,46 +0,0 @@
-Goal: Retrieve the PAM username in case a module changed the PAM_USER
- item.
-
-According to Linux-PAM_ADG:
- * Note, modules can change the values of PAM_USER and PAM_RUSER during
- any of the pam_*() library calls. For this reason, the application
- should take care to use the pam_get_item() every time it wishes to
- establish who the authenticated user is (or will currently be).
-
-PAM_USER description:
-
- The username of the entity under whose identity service will be given. That
- is, following authentication, PAM_USER identifies the local entity that
- gets to use the service. Note, this value can be mapped from something
- (eg., "anonymous") to something else (eg. "guest119") by any module in the
- PAM stack. As such an application should consult the value of PAM_USER
- after each call to a PAM function.
-
-See also: https://www.redhat.com/archives/pam-list/2008-May/msg00009.html
-
---- a/src/su.c
-+++ b/src/su.c
-@@ -325,6 +325,8 @@
- char **envp = environ;
- char *shellstr = NULL;
- char *command = NULL;
-+ char *tmp_name;
-+ char **ptr_tmp_name = &tmp_name;
-
- #ifdef USE_PAM
- char **envcp;
-@@ -728,6 +730,14 @@
- su_failure (tty);
- }
- }
-+ ret = pam_get_item(pamh, PAM_USER, (const void **) ptr_tmp_name);
-+ if (ret != PAM_SUCCESS) {
-+ SYSLOG((LOG_ERR, "pam_get_item: internal PAM error\n"));
-+ fprintf(stderr, "%s: Internal PAM error retrieving username\n", Prog);
-+ (void) pam_end(pamh, ret);
-+ su_failure(tty);
-+ }
-+ strncpy(name, tmp_name, sizeof(name) - 1);
- #else /* !USE_PAM */
- /*
- * Set up a signal handler in case the user types QUIT.
Deleted: debian/trunk/debian/patches/300_CVE-2011-0721
===================================================================
--- debian/trunk/debian/patches/300_CVE-2011-0721 2011-06-18 05:33:43 UTC (rev 3365)
+++ debian/trunk/debian/patches/300_CVE-2011-0721 2011-06-24 21:44:27 UTC (rev 3366)
@@ -1,57 +0,0 @@
-Goal: Input sanitization for chfn and chsh
-
-Fixes: CVE-2011-0721
-
-Status wrt upstream: Already applied upstream (4.1.4.3)
-
---- a/src/chfn.c
-+++ b/src/chfn.c
-@@ -551,14 +551,14 @@
- static void check_fields (void)
- {
- int err;
-- err = valid_field (fullnm, ":,=");
-+ err = valid_field (fullnm, ":,=\n");
- if (err > 0) {
- fprintf (stderr, _("%s: name with non-ASCII characters: '%s'\n"), Prog, fullnm);
- } else if (err < 0) {
- fprintf (stderr, _("%s: invalid name: '%s'\n"), Prog, fullnm);
- fail_exit (E_NOPERM);
- }
-- err = valid_field (roomno, ":,=");
-+ err = valid_field (roomno, ":,=\n");
- if (err > 0) {
- fprintf (stderr, _("%s: room number with non-ASCII characters: '%s'\n"), Prog, roomno);
- } else if (err < 0) {
-@@ -566,17 +566,17 @@
- Prog, roomno);
- fail_exit (E_NOPERM);
- }
-- if (valid_field (workph, ":,=") != 0) {
-+ if (valid_field (workph, ":,=\n") != 0) {
- fprintf (stderr, _("%s: invalid work phone: '%s'\n"),
- Prog, workph);
- fail_exit (E_NOPERM);
- }
-- if (valid_field (homeph, ":,=") != 0) {
-+ if (valid_field (homeph, ":,=\n") != 0) {
- fprintf (stderr, _("%s: invalid home phone: '%s'\n"),
- Prog, homeph);
- fail_exit (E_NOPERM);
- }
-- err = valid_field (slop, ":");
-+ err = valid_field (slop, ":\n");
- if (err > 0) {
- fprintf (stderr, _("%s: '%s' contains non-ASCII characters\n"), Prog, slop);
- } else if (err < 0) {
---- a/src/chsh.
-+++ b/src/chsh.c
-@@ -528,7 +528,7 @@
- * users are restricted to using the shells in /etc/shells.
- * The shell must be executable by the user.
- */
-- if (valid_field (loginsh, ":,=") != 0) {
-+ if (valid_field (loginsh, ":,=\n") != 0) {
- fprintf (stderr, _("%s: Invalid entry: %s\n"), Prog, loginsh);
- fail_exit (1);
- }
Modified: debian/trunk/debian/patches/401_cppw_src.dpatch
===================================================================
--- debian/trunk/debian/patches/401_cppw_src.dpatch 2011-06-18 05:33:43 UTC (rev 3365)
+++ debian/trunk/debian/patches/401_cppw_src.dpatch 2011-06-24 21:44:27 UTC (rev 3366)
@@ -209,7 +209,7 @@
+}
--- a/src/Makefile.am
+++ b/src/Makefile.am
-@@ -25,6 +25,7 @@
+@@ -26,6 +26,7 @@
sbin_PROGRAMS = nologin
ubin_PROGRAMS = faillog lastlog chage chfn chsh expiry gpasswd newgrp passwd
usbin_PROGRAMS = \
@@ -217,7 +217,7 @@
chgpasswd \
chpasswd \
groupadd \
-@@ -75,6 +76,7 @@
+@@ -82,6 +83,7 @@
chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT)
chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT)
@@ -227,7 +227,7 @@
groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
-@@ -79,6 +79,7 @@
+@@ -81,6 +81,7 @@
src/chgpasswd.c
src/chpasswd.c
src/chsh.c
Modified: debian/trunk/debian/patches/429_login_FAILLOG_ENAB
===================================================================
--- debian/trunk/debian/patches/429_login_FAILLOG_ENAB 2011-06-18 05:33:43 UTC (rev 3365)
+++ debian/trunk/debian/patches/429_login_FAILLOG_ENAB 2011-06-24 21:44:27 UTC (rev 3366)
@@ -20,7 +20,7 @@
static void bad_time_notify (void);
static void check_nologin (bool login_to_root);
#else
-@@ -792,6 +792,9 @@
+@@ -791,6 +791,9 @@
SYSLOG ((LOG_NOTICE,
"TOO MANY LOGIN TRIES (%u)%s FOR '%s'",
failcount, fromhost, failent_user));
@@ -30,7 +30,7 @@
fprintf(stderr,
_("Maximum number of tries exceeded (%u)\n"),
failcount);
-@@ -809,6 +812,14 @@
+@@ -808,6 +811,14 @@
pam_strerror (pamh, retcode)));
failed = true;
}
@@ -45,7 +45,7 @@
if (!failed) {
break;
-@@ -832,6 +843,10 @@
+@@ -831,6 +842,10 @@
(void) puts ("");
(void) puts (_("Login incorrect"));
Modified: debian/trunk/debian/patches/463_login_delay_obeys_to_PAM
===================================================================
--- debian/trunk/debian/patches/463_login_delay_obeys_to_PAM 2011-06-18 05:33:43 UTC (rev 3365)
+++ debian/trunk/debian/patches/463_login_delay_obeys_to_PAM 2011-06-24 21:44:27 UTC (rev 3366)
@@ -15,9 +15,9 @@
#endif
- unsigned int delay;
unsigned int retries;
- bool failed;
bool subroot = false;
-@@ -546,6 +545,7 @@
+ #ifndef USE_PAM
+@@ -545,6 +544,7 @@
pid_t child;
char *pam_user = NULL;
#else
@@ -25,7 +25,7 @@
struct spwd *spwd = NULL;
#endif
/*
-@@ -706,7 +706,6 @@
+@@ -705,7 +705,6 @@
}
environ = newenvp; /* make new environment active */
@@ -33,7 +33,7 @@
retries = getdef_unum ("LOGIN_RETRIES", RETRIES);
#ifdef USE_PAM
-@@ -722,8 +721,7 @@
+@@ -721,8 +720,7 @@
/*
* hostname & tty are either set to NULL or their correct values,
@@ -43,7 +43,7 @@
*
* PAM_RHOST and PAM_TTY are used for authentication, only use
* information coming from login or from the caller (e.g. no utmp)
-@@ -732,10 +730,6 @@
+@@ -731,10 +729,6 @@
PAM_FAIL_CHECK;
retcode = pam_set_item (pamh, PAM_TTY, tty);
PAM_FAIL_CHECK;
@@ -54,8 +54,8 @@
/* if fflg, then the user has already been authenticated */
if (!fflg) {
unsigned int failcount = 0;
-@@ -776,12 +770,6 @@
- failed = false;
+@@ -775,12 +769,6 @@
+ bool failed = false;
failcount++;
-#ifdef HAS_PAM_FAIL_DELAY
Modified: debian/trunk/debian/patches/501_commonio_group_shadow
===================================================================
--- debian/trunk/debian/patches/501_commonio_group_shadow 2011-06-18 05:33:43 UTC (rev 3365)
+++ debian/trunk/debian/patches/501_commonio_group_shadow 2011-06-24 21:44:27 UTC (rev 3366)
@@ -12,7 +12,7 @@
#include "nscd.h"
#ifdef WITH_SELINUX
#include <selinux/selinux.h>
-@@ -868,13 +869,20 @@
+@@ -925,13 +926,20 @@
goto fail;
}
} else {
Modified: debian/trunk/debian/patches/505_useradd_recommend_adduser
===================================================================
--- debian/trunk/debian/patches/505_useradd_recommend_adduser 2011-06-18 05:33:43 UTC (rev 3365)
+++ debian/trunk/debian/patches/505_useradd_recommend_adduser 2011-06-24 21:44:27 UTC (rev 3366)
@@ -6,7 +6,7 @@
--- a/man/useradd.8.xml
+++ b/man/useradd.8.xml
-@@ -78,6 +78,12 @@
+@@ -81,6 +81,12 @@
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
@@ -21,7 +21,7 @@
the values specified on the command line plus the default values from
--- a/man/userdel.8.xml
+++ b/man/userdel.8.xml
-@@ -59,6 +59,12 @@
+@@ -61,6 +61,12 @@
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
Modified: debian/trunk/debian/patches/506_relaxed_usernames
===================================================================
--- debian/trunk/debian/patches/506_relaxed_usernames 2011-06-18 05:33:43 UTC (rev 3365)
+++ debian/trunk/debian/patches/506_relaxed_usernames 2011-06-24 21:44:27 UTC (rev 3366)
@@ -48,7 +48,7 @@
}
--- a/man/useradd.8.xml
+++ b/man/useradd.8.xml
-@@ -607,12 +607,19 @@
+@@ -615,12 +615,19 @@
</para>
<para>
@@ -71,7 +71,7 @@
</refsect1>
--- a/man/groupadd.8.xml
+++ b/man/groupadd.8.xml
-@@ -223,12 +223,17 @@
+@@ -222,12 +222,17 @@
<refsect1 id='caveats'>
<title>CAVEATS</title>
<para>
Modified: debian/trunk/debian/patches/508_nologin_in_usr_sbin
===================================================================
--- debian/trunk/debian/patches/508_nologin_in_usr_sbin 2011-06-18 05:33:43 UTC (rev 3365)
+++ debian/trunk/debian/patches/508_nologin_in_usr_sbin 2011-06-24 21:44:27 UTC (rev 3366)
@@ -1,6 +1,6 @@
--- a/src/Makefile.am
+++ b/src/Makefile.am
-@@ -22,7 +22,6 @@
+@@ -23,7 +23,6 @@
# $prefix/bin and $prefix/sbin, no install-data hacks...)
bin_PROGRAMS = groups login su
@@ -8,7 +8,7 @@
ubin_PROGRAMS = faillog lastlog chage chfn chsh expiry gpasswd newgrp passwd
usbin_PROGRAMS = \
cppw \
-@@ -37,6 +36,7 @@
+@@ -38,6 +37,7 @@
grpunconv \
logoutd \
newusers \
Modified: debian/trunk/debian/patches/523_su_arguments_are_concatenated
===================================================================
--- debian/trunk/debian/patches/523_su_arguments_are_concatenated 2011-06-18 05:33:43 UTC (rev 3365)
+++ debian/trunk/debian/patches/523_su_arguments_are_concatenated 2011-06-24 21:44:27 UTC (rev 3366)
@@ -10,7 +10,7 @@
--- a/src/su.c
+++ b/src/su.c
-@@ -953,6 +953,35 @@
+@@ -1137,6 +1137,35 @@
argv[0] = "-c";
argv[1] = command;
}
Modified: debian/trunk/debian/patches/523_su_arguments_are_no_more_concatenated_by_default
===================================================================
--- debian/trunk/debian/patches/523_su_arguments_are_no_more_concatenated_by_default 2011-06-18 05:33:43 UTC (rev 3365)
+++ debian/trunk/debian/patches/523_su_arguments_are_no_more_concatenated_by_default 2011-06-24 21:44:27 UTC (rev 3366)
@@ -10,9 +10,9 @@
--- a/src/su.c
+++ b/src/su.c
-@@ -86,6 +86,19 @@
+@@ -104,6 +104,19 @@
/* If nonzero, change some environment vars to indicate the user su'd to. */
- static bool change_environment;
+ static bool change_environment = true;
+/*
+ * If nonzero, keep the old Debian behavior:
@@ -29,17 +29,17 @@
+
#ifdef USE_PAM
static pam_handle_t *pamh = NULL;
- static bool caught = false;
-@@ -344,6 +357,8 @@
- #endif
- #endif /* !USE_PAM */
+ static int caught = 0;
+@@ -937,6 +950,8 @@
+ int ret;
+ #endif /* USE_PAM */
+ old_debian_behavior = (getenv("SU_NO_SHELL_ARGS") != NULL);
+
(void) setlocale (LC_ALL, "");
(void) bindtextdomain (PACKAGE, LOCALEDIR);
(void) textdomain (PACKAGE);
-@@ -957,7 +972,7 @@
+@@ -1141,7 +1156,7 @@
* resulting string is always given to the shell with its
* -c option.
*/
Modified: debian/trunk/debian/patches/542_useradd-O_option
===================================================================
--- debian/trunk/debian/patches/542_useradd-O_option 2011-06-18 05:33:43 UTC (rev 3365)
+++ debian/trunk/debian/patches/542_useradd-O_option 2011-06-24 21:44:27 UTC (rev 3366)
@@ -7,9 +7,9 @@
--- a/man/useradd.8.xml
+++ b/man/useradd.8.xml
-@@ -300,6 +300,11 @@
- <replaceable>UID_MIN</replaceable>=<replaceable>10</replaceable>,<replaceable>UID_MAX</replaceable>=<replaceable>499</replaceable>
- doesn't work yet.
+@@ -318,6 +318,11 @@
+ databases are resetted to avoid reusing the entry from a previously
+ deleted user.
</para>
+ <para>
+ For the compatibility with previous Debian's
@@ -21,7 +21,7 @@
<varlistentry>
--- a/src/useradd.c
+++ b/src/useradd.c
-@@ -996,9 +996,9 @@
+@@ -1000,9 +1000,9 @@
};
while ((c = getopt_long (argc, argv,
#ifdef WITH_SELINUX
@@ -33,7 +33,7 @@
#endif
long_options, NULL)) != -1) {
switch (c) {
-@@ -1120,6 +1120,7 @@
+@@ -1124,6 +1124,7 @@
kflg = true;
break;
case 'K':
Modified: debian/trunk/debian/patches/series
===================================================================
--- debian/trunk/debian/patches/series 2011-06-18 05:33:43 UTC (rev 3365)
+++ debian/trunk/debian/patches/series 2011-06-24 21:44:27 UTC (rev 3366)
@@ -3,7 +3,6 @@
#901_testsuite_gcov
503_shadowconfig.8
-008_su_get_PAM_username
428_grpck_add_prune_option
008_login_log_failure_in_FTMP
429_login_FAILLOG_ENAB
@@ -18,4 +17,3 @@
523_su_arguments_are_no_more_concatenated_by_default
508_nologin_in_usr_sbin
505_useradd_recommend_adduser
-300_CVE-2011-0721
Modified: debian/trunk/debian/securetty.linux
===================================================================
--- debian/trunk/debian/securetty.linux 2011-06-18 05:33:43 UTC (rev 3365)
+++ debian/trunk/debian/securetty.linux 2011-06-24 21:44:27 UTC (rev 3366)
@@ -355,6 +355,10 @@
hvc0
hvc1
#...
+#IBM pSeries console ports
+hvsi0
+hvsi1
+hvsi2
# Equinox SST multi-port serial boards
ttyEQ0
@@ -381,3 +385,6 @@
ttyama2
ttyama3
+# Serial Console for MIPS Swarm
+duart0
+duart1
More information about the Pkg-shadow-commits
mailing list