Sync from SUSE:SLFO:Main shadow revision dfaf303f581657b77b4eb8661c040663

2025-04-24 00:27:29 +02:00
4 changed files with 43 additions and 6 deletions
--- a/shadow-login_defs-check.sh
+++ b/shadow-login_defs-check.sh
@@ -33,14 +33,18 @@ if ! test -f openSUSE:Factory/util-linux/BUILD/*/configure.ac ; then
 		osc co openSUSE:Factory util-linux
 	fi
 	cd openSUSE:Factory/util-linux
+# BEGIN HACK
+# quilt does not understand our util-linux.spec.
+	sed -i s/@BUILD_FLAVOR@// util-linux.spec
+# END HACK
 	quilt setup -d BUILD util-linux.spec
-	cd BUILD/*
+	cd $(ls -1d BUILD/* | sed /SPECPARTS/d)
 	quilt push -a
 	cd ../../../..
 fi

 echo "Extracting variables from util-linux..."
-cd openSUSE:Factory/util-linux/BUILD/*
+cd $(ls -1d openSUSE:Factory/util-linux/BUILD/* | sed /SPECPARTS/d)
 (
 	grep -rh getlogindefs . |
 		sed -n 's/^.*getlogindefs[a-z_]*("\([A-Z0-9_]*\)".*$/\1/p'
@@ -68,13 +72,13 @@ if ! test -f openSUSE:Factory/pam/BUILD/*/configure.ac ; then
 	fi
 	cd openSUSE:Factory/pam
 	quilt setup -d BUILD pam.spec
-	cd BUILD/*
+	cd $(ls -1d BUILD/* | sed /SPECPARTS/d)
 	quilt push -a
 	cd ../../../..
 fi

 echo "Extracting variables from pam..."
-cd openSUSE:Factory/pam/BUILD/*
+cd $(ls -1d openSUSE:Factory/pam/BUILD/* | sed /SPECPARTS/d)
 grep -rh LOGIN_DEFS . |
 	sed -n 's/CRYPTO_KEY/\"HMAC_CRYPTO_ALGO\"/g;s/^.*search_key *([A-Za-z_]*, *[A-Z_]*LOGIN_DEFS, *"\([A-Z0-9_]*\)").*$/\1/p' |
 	LC_ALL=C sort -u >../../../../shadow-login_defs-check-pam.lst
--- a/shadow-util-linux.patch
+++ b/shadow-util-linux.patch
@@ -122,7 +122,7 @@ Index: etc/login.defs
 # Max time in seconds for login(1)
 #
 LOGIN_TIMEOUT		60
-@@ -315,14 +335,6 @@ CHARACTER_CLASS         [ABCDEFGHIJKLMNO
+@@ -285,14 +305,6 @@ USERGROUPS_ENAB yes
 #GRANT_AUX_GROUP_SUBIDS yes
 
 #
@@ -137,3 +137,26 @@ Index: etc/login.defs
 # Select the HMAC cryptography algorithm.
 # Used in pam_timestamp module to calculate the keyed-hash message
 # authentication code.
+@@ -301,3 +313,10 @@ PREVENT_NO_AUTH superuser
+ # that are available in your system.
+ #
+ #HMAC_CRYPTO_ALGO SHA512
+
+# Forces login to protect the specified environment variables if -p is not
+# used. The string value is a comma-separated list of variable names. For
+# example: "LANG,LC_MESSAGES,LC_COLLATE".  The safelist is ignored for the
+# environment variables HOME, SHELL and USER.
+#LOGIN_ENV_SAFELIST
+
+Index: lib/getdef.c
+===================================================================
+--- lib/getdef.c.orig
+++ lib/getdef.c
+@@ -76,6 +76,7 @@ struct itemdef {
+ #define FOREIGNDEFS				\
+ 	{"ALWAYS_SET_PATH", NULL},		\
+ 	{"ENV_ROOTPATH", NULL},			\
+	{"LOGIN_ENV_SAFELIST", NULL},		\
+ 	{"LOGIN_KEEP_USERNAME", NULL},		\
+ 	{"LOGIN_PLAIN_PROMPT", NULL},		\
+ 	{"MOTD_FIRSTONLY", NULL},		\
--- a/shadow.changes
+++ b/shadow.changes
@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Wed Apr  9 00:05:49 UTC 2025 - Stanislav Brabec <sbrabec@suse.com>
+
+- shadow-util-linux.patch: util-linux-2.41 introduced new variable:
+  LOGIN_ENV_SAFELIST. Recognize it and update dependencies. The
+  patch includes gh/shadow-maint/shadow/pull#1248.
+- shadow-login_defs-check-login_defs.lst: Make the util-linux.spec
+  multibuild file compatible with quilt. Make it working with new
+  quilt.
+
 -------------------------------------------------------------------
 Mon Jan 20 10:20:31 UTC 2025 - Michael Vetter <mvetter@suse.com>

--- a/shadow.spec
+++ b/shadow.spec
@@ -84,7 +84,7 @@ Summary:        The login.defs configuration file
 # Call shadow-login_defs-check.sh before!
 Group:          System/Base
 Provides:       login_defs-support-for-pam = 1.5.2
-Provides:       login_defs-support-for-util-linux = 2.37
+Provides:       login_defs-support-for-util-linux = 2.41
 BuildArch:      noarch

 %description -n login_defs