pool/shadow
SHA256
2
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 912915 from home:jubalh:branches:Base:System

Browse Source 
- Update to 4.9:
  * Updated translations
  * Major salt updates
  * Various coverity and cleanup fixes
  * Consistently use 0 to disable PASS_MIN_DAYS in man
  * Implement NSS support for subids and a libsubid
  * setfcap: retain setfcap when mapping uid 0
  * login.defs: include HMAC_CRYPTO_ALGO key
  * selinux fixes
  * Fix path prefix path handling
  * Manpage updates
  * Treat an empty passwd field as invalid(Haelwenn Monnier)
  * newxidmap: allow running under alternative gid
  * usermod: check that shell is executable
  * Add yescript support
  * useradd memleak fixes
  * useradd: use built-in settings by default
  * getdefs: add foreign
  * buffer overflow fixes
  * Adding run-parts style for pre and post useradd/del
- Refresh:
  * shadow-login_defs-unused-by-pam.patch
  * userdel-script.patch
  * useradd-script.patch
  * chkname-regex.patch
  * useradd-default.patch: bbf4b79 stopped shipping default file.
    change group in code now.
  * shadow-login_defs-suse.patch
  * useradd-userkeleton.patch
- Remove because upstreamed:

OBS-URL: https://build.opensuse.org/request/show/912915
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=106
This commit is contained in:
Michael Vetter 2021-08-18 14:25:29 +00:00 committed by Git OBS Bridge
parent e27cf8c34f
commit 3317029e04
20 changed files with 382 additions and 150 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
chkname-regex.patch
View File

@ -2,23 +2,25 @@ Index: etc/login.defs
===================================================================
--- etc/login.defs.orig
+++ etc/login.defs
@@ -299,3 +299,11 @@ USERGROUPS_ENAB yes
# missing.
@@ -329,6 +329,13 @@ USERGROUPS_ENAB yes
#
#FORCE_SHADOW yes
+
+#
+# User/group names must match the following regex expression.
+# The default is [A-Za-z_][A-Za-z0-9_.-]*[A-Za-z0-9_.$-]\?,
+# but be aware that the result could depend on the locale settings.
+#
+#CHARACTER_CLASS [A-Za-z_][A-Za-z0-9_.-]*[A-Za-z0-9_.$-]\?
+CHARACTER_CLASS [ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_][ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.-]*[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.$-]\?
+
#
# Allow newuidmap and newgidmap when running under an alternative
# primary group.
Index: lib/getdef.c
===================================================================
--- lib/getdef.c.orig
+++ lib/getdef.c
@@ -80,6 +80,7 @@ struct itemdef {
@@ -91,6 +91,7 @@ struct itemdef {
#define NUMDEFS (sizeof(def_table)/sizeof(def_table[0]))
static struct itemdef def_table[] = {

123
libsubid-build-fix.patch Normal file
View File

@ -0,0 +1,123 @@
Fix build fails for libsubid (libtool: error: cannot find name of link library for '../libsubid/libsubid.la').
Consisting of following upstream commits:
* f4a84efb468b8be21be124700ce35159c444e9d6
* 537b8cd90be7b47b45c45cfd27765ef85eb0ebf1
* fa986b1d73605ecca54a4f19249227aeab827bf6
Index: shadow-4.9/configure.ac
===================================================================
--- shadow-4.9.orig/configure.ac
+++ shadow-4.9/configure.ac
@@ -321,6 +321,8 @@ if test "$with_sha_crypt" = "yes"; then
AC_DEFINE(USE_SHA_CRYPT, 1, [Define to allow the SHA256 and SHA512 password encryption algorithms])
fi
+AM_CONDITIONAL(ENABLE_SHARED, test "x$enable_shared" = "xyes")
+
AM_CONDITIONAL(USE_BCRYPT, test "x$with_bcrypt" = "xyes")
if test "$with_bcrypt" = "yes"; then
AC_DEFINE(USE_BCRYPT, 1, [Define to allow the bcrypt password encryption algorithm])
Index: shadow-4.9/lib/Makefile.am
===================================================================
--- shadow-4.9.orig/lib/Makefile.am
+++ shadow-4.9/lib/Makefile.am
@@ -10,6 +10,8 @@ if HAVE_VENDORDIR
libshadow_la_CPPFLAGS += -DVENDORDIR=\"$(VENDORDIR)\"
endif
+libshadow_la_CPPFLAGS += -I$(top_srcdir)
+
libshadow_la_SOURCES = \
commonio.c \
commonio.h \
Index: shadow-4.9/libmisc/Makefile.am
===================================================================
--- shadow-4.9.orig/libmisc/Makefile.am
+++ shadow-4.9/libmisc/Makefile.am
@@ -1,7 +1,7 @@
EXTRA_DIST = .indent.pro xgetXXbyYY.c
-AM_CPPFLAGS = -I$(top_srcdir)/lib $(ECONF_CPPFLAGS)
+AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_srcdir) $(ECONF_CPPFLAGS)
noinst_LTLIBRARIES = libmisc.la
Index: shadow-4.9/libsubid/Makefile.am
===================================================================
--- shadow-4.9.orig/libsubid/Makefile.am
+++ shadow-4.9/libsubid/Makefile.am
@@ -1,6 +1,8 @@
lib_LTLIBRARIES = libsubid.la
+if ENABLE_SHARED
libsubid_la_LDFLAGS = -Wl,-soname,libsubid.so.@LIBSUBID_ABI@ \
-shared -version-info @LIBSUBID_ABI_MAJOR@
+endif
libsubid_la_SOURCES = api.c
pkginclude_HEADERS = subid.h
@@ -16,11 +18,12 @@ MISCLIBS = \
$(LIBCRYPT) \
$(LIBACL) \
$(LIBATTR) \
- $(LIBTCB)
+ $(LIBTCB) \
+ $(LIBPAM)
libsubid_la_LIBADD = \
- $(top_srcdir)/lib/libshadow.la \
- $(top_srcdir)/libmisc/libmisc.la \
+ $(top_builddir)/lib/libshadow.la \
+ $(top_builddir)/libmisc/libmisc.la \
$(MISCLIBS) -ldl
AM_CPPFLAGS = \
Index: shadow-4.9/src/Makefile.am
===================================================================
--- shadow-4.9.orig/src/Makefile.am
+++ shadow-4.9/src/Makefile.am
@@ -10,6 +10,7 @@ sgidperms = 2755
AM_CPPFLAGS = \
-I${top_srcdir}/lib \
-I$(top_srcdir)/libmisc \
+ -I$(top_srcdir) \
-DLOCALEDIR=\"$(datadir)/locale\"
# XXX why are login and su in /bin anyway (other than for
@@ -183,6 +184,7 @@ list_subid_ranges_LDADD = \
list_subid_ranges_CPPFLAGS = \
-I$(top_srcdir)/lib \
-I$(top_srcdir)/libmisc \
+ -I$(top_srcdir) \
-I$(top_srcdir)/libsubid
get_subid_owners_LDADD = \
@@ -194,11 +196,13 @@ get_subid_owners_LDADD = \
get_subid_owners_CPPFLAGS = \
-I$(top_srcdir)/lib \
-I$(top_srcdir)/libmisc \
+ -I$(top_srcdir) \
-I$(top_srcdir)/libsubid
new_subid_range_CPPFLAGS = \
-I$(top_srcdir)/lib \
-I$(top_srcdir)/libmisc \
+ -I$(top_srcdir) \
-I$(top_srcdir)/libsubid
new_subid_range_LDADD = \
@@ -210,6 +214,7 @@ new_subid_range_LDADD = \
free_subid_range_CPPFLAGS = \
-I$(top_srcdir)/lib \
-I$(top_srcdir)/libmisc \
+ -I$(top_srcdir) \
-I$(top_srcdir)/libsubid
free_subid_range_LDADD = \
@@ -220,6 +225,7 @@ free_subid_range_LDADD = \
check_subid_range_CPPFLAGS = \
-I$(top_srcdir)/lib \
+ -I$(top_srcdir) \
-I$(top_srcdir)/libmisc
check_subid_range_LDADD = \

11
shadow-4.1.5.1-logmsg.patch
View File

@ -1,11 +0,0 @@
--- src/useradd.c
+++ src/useradd.c
@@ -320,7 +320,7 @@ static void fail_exit (int code)
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
- SYSLOG ((LOG_INFO, "failed adding user '%s', data deleted", user_name));
+ SYSLOG ((LOG_INFO, "failed adding user '%s', exit code: %d", user_name, code));
exit (code);
}

14
shadow-4.1.5.1-userdel-helpfix.patch
View File

@ -1,14 +0,0 @@
--- src/userdel.c
+++ src/userdel.c
@@ -143,8 +143,9 @@ static void usage (int status)
"\n"
"Options:\n"),
Prog);
- (void) fputs (_(" -f, --force force removal of files,\n"
- " even if not owned by user\n"),
+ (void) fputs (_(" -f, --force force some actions that would fail otherwise\n"
+ " e.g. removal of user still logged in\n"
+ " or files, even if not owned by the user\n"),
usageout);
(void) fputs (_(" -h, --help display this help message and exit\n"), usageout);
(void) fputs (_(" -r, --remove remove home directory and mail spool\n"), usageout);

3
shadow-4.8.1.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a3ad4630bdc41372f02a647278a8c3514844295d36eefe68ece6c3a641c1ae62
size 1611196

11
shadow-4.8.1.tar.xz.asc
View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEE8dCNt3gYW/eEAC3/6f7qBqheP50FAl4qDlEACgkQ6f7qBqhe
P51Lfwf/b2gxtqo9WRUTOhau4kCy+zDbg3S/K7ZD/20I2t205FNCOyV+cR4Q/PRA
+hBLFsA/WAVqZm0/3re09VDV0eaBpI7hgNF0JFODawIixKdLVff9mbfbLdgzy2Dl
IvbNrUVDJV1wSlEJLIeUpUT4ClFaiExM/XaCvHSUUbRsJ5cutH2wt0neNC8mJHMu
srXoCp8lb4fT+BDgRKoGA6RMvnJSkExBbhrRqaARWWCGnS++5oJiD7UwPAOu9Imb
LtouVitkrjrpQncnQN+zCaKwyTGw/xlQyl0z86DXWbvhnTwUeeWZbyfRAglIsSkk
DRpWh2m7ejcvf1pGt66UBuMNr0yb1w==
=8I3q
-----END PGP SIGNATURE-----

3
shadow-4.9.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:feec1f2ce9c1b62798afd35a7d1b04cefdfa3a0a30ff3e75d6965ba8978c9144
size 1627008

11
shadow-4.9.tar.xz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEE8dCNt3gYW/eEAC3/6f7qBqheP50FAmD5+dkACgkQ6f7qBqhe
P53Qywf/ShkcKvecTDRIrKUNJUTIlP8iywZ1NXypfdDKG/J63awMAGrKMZwOkLUS
AnImsvyoW3+XDIhdkeJd1Kv+8JDEt3oJ0ifHjfpXl4FzOervb1ZKtRPUcoJzzpnJ
Szt/7f3Sd0VfbItgf5F6jgMi7iDA/ZIqJTXeI0kEfVVL7DT681jVRjpnoURlrEq1
6SmIyAul50VmZjLXq1xJ35uktr7VclnaRu17acax95e+oekP4sdNMaV5E5DSeq2N
db7kKCu80+lPvtQpj22vOO2w15ActH6f5Ec3P7OG8jL125q3yZNebVoh8FKxmFsh
PssfXu0TL50qH/p7qNEeihDLpwoI7g==
=6MLu
-----END PGP SIGNATURE-----

14
shadow-fix-sigabrt.patch Normal file
View File

@ -0,0 +1,14 @@
Upstream commit 4624e9fca1b02b64e25e8b2280a0186182ab73ba
To fix SIGABRT: https://github.com/shadow-maint/shadow/issues/394
Index: shadow-4.9/src/useradd.c
===================================================================
--- shadow-4.9.orig/src/useradd.c
+++ shadow-4.9/src/useradd.c
@@ -420,7 +420,6 @@ static void get_defaults (void)
} else {
def_group = grp->gr_gid;
def_gname = xstrdup (grp->gr_name);
- gr_free(grp);
}
}

17
shadow-libeconf-include.patch Normal file
View File

@ -0,0 +1,17 @@
Include libeconf to newuidmap and newgidmap
Upstream commit: c6847011e8b656adacd9a0d2a78418cad0de34cb
Index: shadow-4.9/src/Makefile.am
===================================================================
--- shadow-4.9.orig/src/Makefile.am
+++ shadow-4.9/src/Makefile.am
@@ -96,8 +96,8 @@ LIBCRYPT_NOPAM = $(LIBCRYPT)
endif
chage_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
-newuidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) -ldl
-newgidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) -ldl
+newuidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) $(LIBECONF) -ldl
+newgidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) $(LIBECONF) -ldl
chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF)
chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF)

26
shadow-login_defs-suse.patch
View File

@ -14,7 +14,7 @@ Index: etc/login.defs
#
# Delay in seconds before being allowed another attempt after a login failure
@@ -62,8 +65,8 @@ CONSOLE /etc/securetty
@@ -52,8 +55,8 @@ CONSOLE /etc/securetty
# If defined, ":" delimited list of "message of the day" files to
# be displayed upon login.
#
@ -25,7 +25,7 @@ Index: etc/login.defs
#
# If set to "yes", login stops display content specified by MOTD_FILE after
@@ -83,8 +85,8 @@ MOTD_FILE /etc/motd
@@ -73,8 +76,8 @@ MOTD_FILE /etc/motd
# user's name or shell are found in the file. If not a full pathname, then
# hushed mode will be enabled if the file exists in the user's home directory.
#
@ -36,7 +36,7 @@ Index: etc/login.defs
# If this variable is set to "yes", hostname will be suppressed in the
# login: prompt.
@@ -103,9 +105,9 @@ HUSHLOGIN_FILE .hushlogin
@@ -93,9 +96,9 @@ HUSHLOGIN_FILE .hushlogin
# ENV_SUPATH is an ENV_ROOTPATH override for su and runuser
# (and falback for login).
#
@ -49,7 +49,7 @@ Index: etc/login.defs
# If this variable is set to "yes" (default is "no"), su will always set
# path. every su call will overwrite the PATH variable.
@@ -115,7 +117,7 @@ ENV_ROOTPATH /sbin:/bin:/usr/sbin:/usr/b
@@ -105,7 +108,7 @@ ENV_ROOTPATH /sbin:/bin:/usr/sbin:/usr/b
# The recommended value is "yes". The default "no" behavior could have
# a security implication in applications that use commands without path.
#
@ -58,7 +58,7 @@ Index: etc/login.defs
#
# Terminal permissions
@@ -129,7 +131,7 @@ ALWAYS_SET_PATH no
@@ -119,7 +122,7 @@ ALWAYS_SET_PATH no
# set TTYPERM to either 622 or 600.
#
TTYGROUP tty
@ -67,7 +67,7 @@ Index: etc/login.defs
# Default initial "umask" value used by login(1) on non-PAM enabled systems.
# Default "umask" value for pam_umask(8) on PAM enabled systems.
@@ -167,8 +169,8 @@ PASS_WARN_AGE 7
@@ -157,8 +160,8 @@ PASS_WARN_AGE 7
UID_MIN 1000
UID_MAX 60000
# System accounts
@ -78,7 +78,7 @@ Index: etc/login.defs
# Extra per user uids
SUB_UID_MIN 100000
SUB_UID_MAX 600100000
@@ -185,8 +187,8 @@ SUB_UID_COUNT 65536
@@ -175,8 +178,8 @@ SUB_UID_COUNT 65536
GID_MIN 1000
GID_MAX 60000
# System accounts
@ -89,7 +89,7 @@ Index: etc/login.defs
# Extra per user group ids
SUB_GID_MIN 100000
SUB_GID_MAX 600100000
@@ -195,7 +197,7 @@ SUB_GID_COUNT 65536
@@ -185,7 +188,7 @@ SUB_GID_COUNT 65536
#
# Max number of login(1) retries if password is bad
#
@ -98,7 +98,7 @@ Index: etc/login.defs
#
# Max time in seconds for login(1)
@@ -211,18 +213,9 @@ LOGIN_TIMEOUT 60
@@ -201,18 +204,9 @@ LOGIN_TIMEOUT 60
CHFN_RESTRICT rwh
#
@ -119,7 +119,7 @@ Index: etc/login.defs
#
# If set to MD5, MD5-based algorithm will be used for encrypting password
@@ -235,7 +228,7 @@ CHFN_RESTRICT rwh
@@ -227,7 +221,7 @@ CHFN_RESTRICT rwh
# Note: If you use PAM, it is recommended to use a value consistent with
# the PAM modules configuration.
#
@ -128,7 +128,7 @@ Index: etc/login.defs
#
# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
@@ -311,7 +304,7 @@ USERDEL_POSTCMD /usr/sbin/userde
@@ -325,7 +319,7 @@ USERDEL_POSTCMD /usr/sbin/userde
#
# This also enables userdel(8) to remove user groups if no members exist.
#
@ -137,7 +137,7 @@ Index: etc/login.defs
#
# If set to a non-zero number, the shadow utilities will make sure that
@@ -330,13 +323,13 @@ USERGROUPS_ENAB yes
@@ -344,13 +338,13 @@ USERGROUPS_ENAB yes
# This option is overridden with the -M or -m flags on the useradd(8)
# command-line.
#
@ -151,5 +151,5 @@ Index: etc/login.defs
-#FORCE_SHADOW yes
+FORCE_SHADOW no
#
# User/group names must match the following regex expression.
# The default is [A-Za-z_][A-Za-z0-9_.-]*[A-Za-z0-9_.$-]\?,

13
shadow-login_defs-unused-by-pam.patch
View File

@ -149,7 +149,7 @@ Index: etc/login.defs
# Default initial "umask" value used by login(1) on non-PAM enabled systems.
# Default "umask" value for pam_umask(8) on PAM enabled systems.
@@ -206,28 +120,13 @@ UMASK 022
@@ -211,28 +125,13 @@ UMASK 022
#
# PASS_MAX_DAYS Maximum number of days a password may be used.
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
@ -178,7 +178,7 @@ Index: etc/login.defs
# Min/max values for automatic uid selection in useradd(8)
#
UID_MIN 1000
@@ -264,28 +163,6 @@ LOGIN_RETRIES 5
@@ -269,28 +168,6 @@ LOGIN_RETRIES 5
LOGIN_TIMEOUT 60
#
@ -207,7 +207,7 @@ Index: etc/login.defs
# Which fields may be changed by regular users using chfn(1) - use
# any combination of letters "frwh" (full name, room number, work
# phone, home phone). If not defined, no changes are allowed.
@@ -294,13 +171,6 @@ CHFN_AUTH yes
@@ -299,13 +176,6 @@ CHFN_AUTH yes
CHFN_RESTRICT rwh
#
@ -221,8 +221,8 @@ Index: etc/login.defs
# Only works if compiled with MD5_CRYPT defined:
# If set to "yes", new passwords will be encrypted using the MD5-based
# algorithm compatible with the one used by recent releases of FreeBSD.
@@ -361,29 +231,12 @@ CHFN_RESTRICT rwh
#BCRYPT_MAX_ROUNDS 13
@@ -382,17 +252,6 @@ CHFN_RESTRICT rwh
#YESCRYPT_COST_FACTOR 5
#
-# List of groups to add to the user's supplementary group set
@ -239,7 +239,8 @@ Index: etc/login.defs
# Should login be allowed if we can't cd to the home directory?
# Default is no.
#
DEFAULT_HOME yes
@@ -407,12 +266,6 @@ DEFAULT_HOME yes
NONEXISTENT /nonexistent
#
-# If this file exists and is readable, login environment will be

21
shadow-passwd-handle-null.patch Normal file
View File

@ -0,0 +1,21 @@
Upstream commit: adb83f779618674e5e96e27e3d48559d62e2c410
To fix: https://github.com/shadow-maint/shadow/pull/398
Index: shadow-4.9/src/passwd.c
===================================================================
--- shadow-4.9.orig/src/passwd.c
+++ shadow-4.9/src/passwd.c
@@ -490,9 +490,12 @@ static void print_status (const struct p
((long long)sp->sp_max * SCALE) / DAY,
((long long)sp->sp_warn * SCALE) / DAY,
((long long)sp->sp_inact * SCALE) / DAY);
- } else {
+ } else if (NULL != pw->pw_passwd) {
(void) printf ("%s %s\n",
- pw->pw_name, pw_status (pw->pw_passwd));
+ pw->pw_name, pw_status (pw->pw_passwd));
+ } else {
+ (void) fprintf(stderr, _("%s: malformed password data obtained for user %s\n"),
+ Prog, pw->pw_name);
}
}

8
shadow-util-linux.patch
View File

@ -113,7 +113,7 @@ Index: lib/getdef.c
===================================================================
--- lib/getdef.c.orig
+++ lib/getdef.c
@@ -66,6 +66,7 @@ struct itemdef {
@@ -67,6 +67,7 @@ struct itemdef {
{"LOGIN_STRING", NULL}, \
{"MAIL_CHECK_ENAB", NULL}, \
{"MOTD_FILE", NULL}, \
@ -121,7 +121,7 @@ Index: lib/getdef.c
{"NOLOGINS_FILE", NULL}, \
{"OBSCURE_CHECKS_ENAB", NULL}, \
{"PASS_ALWAYS_WARN", NULL}, \
@@ -80,6 +81,7 @@ struct itemdef {
@@ -91,6 +92,7 @@ struct itemdef {
#define NUMDEFS (sizeof(def_table)/sizeof(def_table[0]))
static struct itemdef def_table[] = {
@ -129,7 +129,7 @@ Index: lib/getdef.c
{"CHARACTER_CLASS", NULL},
{"CHFN_RESTRICT", NULL},
{"CONSOLE_GROUPS", NULL},
@@ -88,6 +90,7 @@ static struct itemdef def_table[] = {
@@ -99,6 +101,7 @@ static struct itemdef def_table[] = {
{"DEFAULT_HOME", NULL},
{"ENCRYPT_METHOD", NULL},
{"ENV_PATH", NULL},
@ -137,7 +137,7 @@ Index: lib/getdef.c
{"ENV_SUPATH", NULL},
{"ERASECHAR", NULL},
{"FAIL_DELAY", NULL},
@@ -99,6 +102,7 @@ static struct itemdef def_table[] = {
@@ -110,6 +113,7 @@ static struct itemdef def_table[] = {
{"KILLCHAR", NULL},
{"LASTLOG_UID_MAX", NULL},
{"LOGIN_RETRIES", NULL},

47
shadow.changes
View File

@ -1,3 +1,50 @@
-------------------------------------------------------------------
Tue Aug 17 15:08:09 UTC 2021 - Michael Vetter <mvetter@suse.com>
- Update to 4.9:
* Updated translations
* Major salt updates
* Various coverity and cleanup fixes
* Consistently use 0 to disable PASS_MIN_DAYS in man
* Implement NSS support for subids and a libsubid
* setfcap: retain setfcap when mapping uid 0
* login.defs: include HMAC_CRYPTO_ALGO key
* selinux fixes
* Fix path prefix path handling
* Manpage updates
* Treat an empty passwd field as invalid(Haelwenn Monnier)
* newxidmap: allow running under alternative gid
* usermod: check that shell is executable
* Add yescript support
* useradd memleak fixes
* useradd: use built-in settings by default
* getdefs: add foreign
* buffer overflow fixes
* Adding run-parts style for pre and post useradd/del
- Refresh:
* shadow-login_defs-unused-by-pam.patch
* userdel-script.patch
* useradd-script.patch
* chkname-regex.patch
* useradd-default.patch: bbf4b79 stopped shipping default file.
change group in code now.
* shadow-login_defs-suse.patch
* useradd-userkeleton.patch
- Remove because upstreamed:
* shadow-4.1.5.1-userdel-helpfix.patch
* shadow-4.1.5.1-logmsg.patch
- Add libsubid-build-fix.patch:
See https://github.com/shadow-maint/shadow/issues/387
- Add shadow-libeconf-include.patch:
See c6847011e8b656adacd9a0d2a78418cad0de34cb
- Add shadow-fix-sigabrt.patch:
See https://github.com/shadow-maint/shadow/issues/394
- Add shadow-passwd-handle-null.patch:
See https://github.com/shadow-maint/shadow/pull/398
- Remove %{_sysconfdir}/default/useradd: file not shipped anymore
- Remove --disable-shared: Dont need it anymore
See https://github.com/shadow-maint/shadow/issues/336
-------------------------------------------------------------------
Thu Jul 1 11:51:39 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>

98
shadow.spec
View File

@ -21,15 +21,14 @@
%else
%define no_config 1
%endif
Name: shadow
Version: 4.8.1
Version: 4.9
Release: 0
Summary: Utilities to Manage User and Group Accounts
License: BSD-3-Clause AND GPL-2.0-or-later
Group: System/Base
URL: https://github.com/shadow-maint/shadow
Source: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz
Source: https://github.com/shadow-maint/shadow/releases/download/v%{version}/shadow-%{version}.tar.xz
Source1: pamd.tar.bz2
Source2: README.changes-pwdutils
Source3: useradd.local
@ -37,7 +36,7 @@ Source4: userdel-pre.local
Source5: userdel-post.local
Source6: shadow.service
Source7: shadow.timer
Source42: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz.asc
Source42: https://github.com/shadow-maint/shadow/releases/download/v%{version}/shadow-%{version}.tar.xz.asc
Source43: %{name}.keyring
# SOURCE-FEATURE-SUSE shadow-login_defs-check.sh sbrabec@suse.com -- Supplementary script that verifies coverage of variables in shadow-login_defs-unused-by-pam.patch and other patches.
Source44: shadow-login_defs-check.sh
@ -53,40 +52,44 @@ Patch3: chkname-regex.patch
Patch4: useradd-default.patch
# PATCH-FEATURE-SUSE shadow-util-linux.patch sbrabec@suse.com -- Add support for util-linux specific variables, delete shadow login, su runuser specific.
Patch5: shadow-util-linux.patch
# PATCH-FEATURE-FEDORA shadow-4.1.5.1-userdel-helpfix.patch christian.brauner@mailbox.org -- Give a hint about what happens when you force the removal of a user.
Patch6: shadow-4.1.5.1-userdel-helpfix.patch
# PATCH-FIX-FEDORA shadow-4.1.5.1-logmsg.patch kukuk@suse.com -- Fix error message.
Patch7: shadow-4.1.5.1-logmsg.patch
# PATCH-FEATURE-SUSE shadow-login_defs-comments.patch kukuk@suse.com -- Adjust login.defs comments.
Patch13: shadow-login_defs-comments.patch
Patch6: shadow-login_defs-comments.patch
# PATCH-FEATURE-SUSE shadow-login_defs-suse.patch kukuk@suse.com -- Customize login.defs.
Patch14: shadow-login_defs-suse.patch
Patch7: shadow-login_defs-suse.patch
# PATCH-FEATURE-SUSE Copy also skeleton files from /usr/etc/skel (boo#1173321)
Patch15: useradd-userkeleton.patch
Patch8: useradd-userkeleton.patch
# PATCH-FIX-SUSE disable_new_audit_function.patch adam.majer@suse.de -- Disable newer libaudit functionality for older distributions.
Patch20: disable_new_audit_function.patch
Patch9: disable_new_audit_function.patch
# PATCH-FIX-UPSTREAM libsubid-build-fix.patch mvetter@suse.de -- Fix build with libsubid (f4a84e, 537b8c, fa986b)
Patch10: libsubid-build-fix.patch
# PATCH-FIX-UPSTREAM shadow-libeconf-include.patch mvetter@suse.de -- Include libeconf to new*idmap (c68470)
Patch11: shadow-libeconf-include.patch
# PATCH-FIX-UPSTREAM shadow-fix-sigabrt.patch mvetter@suse.de -- Fix SIGABRT https://github.com/shadow-maint/shadow/issues/394
Patch12: shadow-fix-sigabrt.patch
# PATCH-FIX-UPSTREAM shadow-passwd-handle-null.patch mvetter@suse.de -- Fix passwd NULL handling https://github.com/shadow-maint/shadow/pull/398
Patch13: shadow-passwd-handle-null.patch
BuildRequires: audit-devel > 2.3
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libacl-devel
BuildRequires: libattr-devel
# It should be %%if %%{defined no_config}, but OBS cannot handle it:
%if 0%{?suse_version} >= 1550
BuildRequires: libeconf-devel
%endif
BuildRequires: libselinux-devel
BuildRequires: libsemanage-devel
BuildRequires: libtool
BuildRequires: pam-devel
BuildRequires: xz
Requires: login_defs >= %{version}
Requires(pre): group(root)
Requires(pre): group(shadow)
Requires(pre): permissions
Requires(pre): user(root)
Provides: pwdutils = 3.2.20
Obsoletes: pwdutils <= 3.2.19
Requires: login_defs >= %{version}
Provides: useradd_or_adduser_dep
# It should be %%if %%{defined no_config}, but OBS cannot handle it:
%if 0%{?suse_version} >= 1550
BuildRequires: libeconf-devel
%endif
%description
This package includes the necessary programs for converting plain
@ -94,21 +97,35 @@ password files to the shadow password format and to manage user and
group accounts.
%package -n login_defs
Summary: login.defs configuration file
Group: System/Base
BuildArch: noarch
Summary: The login.defs configuration file
# Virtual provides for supported variables in login.defs.
# It prevents references to unknown variables.
# Upgrade them only if shadow-util-linux.patch or
# encryption_method_nis.patch has to be ported!
# Call shadow-login_defs-check.sh before!
Group: System/Base
Provides: login_defs-support-for-pam = 1.3.1
Provides: login_defs-support-for-util-linux = 2.36
BuildArch: noarch
%description -n login_defs
This package contains the default login.defs configuration file
as used by util-linux, pam and shadow.
%package -n libsubid3
Summary: A library to manage subordinate uid and gid ranges
Group: System/Base
%description -n libsubid3
Utility library that provides a way to manage subid ranges.
%package -n libsubid-devel
Summary: Development files for libsubid3
Group: System/Base
%description -n libsubid-devel
Development files for libsubid3.
%prep
%setup -q -a 1
%patch0
@ -119,12 +136,14 @@ as used by util-linux, pam and shadow.
%patch5
%patch6
%patch7
%patch13
%patch14
%patch15
%patch8
%if 0%{?suse_version} < 1330
%patch20 -p1
%patch9 -p1
%endif
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
mv -v doc/HOWTO.utf8 doc/HOWTO
@ -145,14 +164,16 @@ autoreconf -fvi
--with-nscd \
--with-selinux \
--without-libcrack \
--disable-shared \
--with-group-name-max-length=32 \
--enable-vendordir=%{_distconfdir}
make %{?_smp_mflags} V=1
%make_build
# --disable-shared \ currently doesn't build with this. See https://github.com/shadow-maint/shadow/issues/336
%install
cp %{SOURCE2} .
%make_install gnulocaledir=%{buildroot}/%{_datadir}/locale MKINSTALLDIRS=`pwd`/mkinstalldirs
# Separate call to install man pages. See https://github.com/shadow-maint/shadow/issues/389
%make_install -C man install-man
# install useradd.local, userdel.local, ...
install -m 0755 %{SOURCE3} %{buildroot}/%{_sbindir}/
@ -221,6 +242,8 @@ rm %{buildroot}/%{_mandir}/*/man5/passwd.5*
rm -rf %{buildroot}%{_mandir}/{??,??_??}
rm %{buildroot}/%{_libdir}/libsubid.la
# Move /etc to /usr/etc
if [ ! -d %{buildroot}%{_distconfdir} ]; then
mkdir -p %{buildroot}%{_distconfdir}
@ -233,11 +256,11 @@ fi
%pre
%service_add_pre shadow.service shadow.timer
for i in pam.d/chage pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do
test -f /etc/${i}.rpmsave && mv -v /etc/${i}.rpmsave /etc/${i}.rpmsave.old ||:
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||:
done
%pre -n login_defs
test -f /etc/login.defs.rpmsave && mv -v /etc/login.defs.rpmsave /etc/login.defs.rpmsave.old ||:
test -f %{_sysconfdir}/login.defs.rpmsave && mv -v %{_sysconfdir}/login.defs.rpmsave %{_sysconfdir}/login.defs.rpmsave.old ||:
%post
%set_permissions %{_bindir}/chage
@ -273,7 +296,7 @@ test -f /etc/login.defs.rpmsave && mv -v /etc/login.defs.rpmsave /etc/login.defs
%if %{defined no_config}
# Migration to /usr/etc
for i in pam.d/chage pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do
test -f /etc/${i}.rpmsave && mv -v /etc/${i}.rpmsave /etc/${i} ||:
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||:
done
%endif
@ -281,12 +304,14 @@ done
# rpmsave file can be created by
# - change of owning package (SLE15 SP2->SP3, Leap 15.2->15.3)
# - Migration to /usr/etc (after SLE15 and Leap 15)
test -f /etc/login.defs.rpmsave && mv -v /etc/login.defs.rpmsave /etc/login.defs ||:
test -f %{_sysconfdir}/login.defs.rpmsave && mv -v %{_sysconfdir}/login.defs.rpmsave %{_sysconfdir}/login.defs ||:
%post -n libsubid3 -p /sbin/ldconfig
%postun -n libsubid3 -p /sbin/ldconfig
%files -f shadow.lang
%license COPYING
%doc NEWS doc/HOWTO README README.changes-pwdutils
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/default/useradd
%verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/subuid
%verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/subgid
%if %{defined no_config}
@ -308,7 +333,6 @@ test -f /etc/login.defs.rpmsave && mv -v /etc/login.defs.rpmsave /etc/login.defs
%config %{_sysconfdir}/pam.d/chfn
%config %{_sysconfdir}/pam.d/chsh
%config %{_sysconfdir}/pam.d/passwd
%config %{_sysconfdir}/pam.d/useradd
%config %{_sysconfdir}/pam.d/chpasswd
%config %{_sysconfdir}/pam.d/groupadd
%config %{_sysconfdir}/pam.d/groupdel
@ -380,11 +404,19 @@ test -f /etc/login.defs.rpmsave && mv -v /etc/login.defs.rpmsave /etc/login.defs
%files -n login_defs
%if %{defined no_config}
%dir /etc/login.defs.d
%dir %{_sysconfdir}/login.defs.d
%attr(0644,root,root) %{_distconfdir}/login.defs
%else
%attr(0644,root,root) %config %{_sysconfdir}/login.defs
%endif
%{_mandir}/man5/login.defs.5%{?ext_man}
%files -n libsubid3
%{_libdir}/libsubid.so.*
%files -n libsubid-devel
%dir %{_includedir}/shadow
%{_includedir}/shadow/subid.h
%{_libdir}/libsubid.so
%changelog

22
useradd-default.patch
View File

@ -1,9 +1,13 @@
--- etc/useradd
+++ etc/useradd
@@ -1,5 +1,5 @@
# useradd defaults file
-GROUP=1000
+GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
Index: src/useradd.c
===================================================================
--- src/useradd.c.orig
+++ src/useradd.c
@@ -101,7 +101,7 @@ FILE *shadow_logfd = NULL;
/*
* These defaults are used if there is no defaults file.
*/
-static gid_t def_group = 1000;
+static gid_t def_group = 100;
static const char *def_gname = "other";
static const char *def_home = "/home";
static const char *def_shell = "/bin/bash";

30
useradd-script.patch
View File

@ -4,10 +4,12 @@
src/useradd.c | 41 ++++++++++++++++++++++++++++++++++++++++-
3 files changed, 48 insertions(+), 1 deletion(-)
--- etc/login.defs
+++ etc/login.defs 2020-10-30 12:54:38.117849829 +0000
@@ -242,6 +242,13 @@ CHFN_RESTRICT rwh
DEFAULT_HOME yes
Index: etc/login.defs
===================================================================
--- etc/login.defs.orig
+++ etc/login.defs
@@ -266,6 +266,13 @@ DEFAULT_HOME yes
NONEXISTENT /nonexistent
#
+# If defined, this command is run when adding a user.
@ -20,9 +22,11 @@
# If defined, this command is run when removing a user.
# It should remove any at/cron/print jobs etc. owned by
# the user to be removed (passed as the first argument).
--- lib/getdef.c
+++ lib/getdef.c 2020-10-30 12:54:38.117849829 +0000
@@ -134,6 +134,7 @@ static struct itemdef def_table[] = {
Index: lib/getdef.c
===================================================================
--- lib/getdef.c.orig
+++ lib/getdef.c
@@ -149,6 +149,7 @@ static struct itemdef def_table[] = {
{"UID_MAX", NULL},
{"UID_MIN", NULL},
{"UMASK", NULL},
@ -30,11 +34,13 @@
{"USERDEL_CMD", NULL},
{"USERDEL_PRECMD", NULL},
{"USERDEL_POSTCMD", NULL},
--- src/useradd.c
+++ src/useradd.c 2020-10-30 13:08:17.378336989 +0000
@@ -2238,6 +2238,44 @@ static void create_mail (void)
}
Index: src/useradd.c
===================================================================
--- src/useradd.c.orig
+++ src/useradd.c
@@ -2398,6 +2398,44 @@ static void check_uid_range(int rflg, ui
}
/*
+ * call_script - call a script to do some work
+ *
@ -77,7 +83,7 @@
* main - useradd command
*/
int main (int argc, char **argv)
@@ -2514,6 +2552,7 @@ int main (int argc, char **argv)
@@ -2691,6 +2729,7 @@ int main (int argc, char **argv)
nscd_flush_cache ("group");
sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);

32
useradd-userkeleton.patch
View File

@ -5,21 +5,11 @@ Copy also skeleton files from /usr/etc/skel (boo#1173321)
src/useradd.c | 37 +++++++++++++++++++++++++++++++++++++
2 files changed, 38 insertions(+)
Index: etc/useradd
===================================================================
--- etc/useradd.orig
+++ etc/useradd
@@ -5,4 +5,5 @@ INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
+USRSKEL=/usr/etc/skel
CREATE_MAIL_SPOOL=yes
Index: src/useradd.c
===================================================================
--- src/useradd.c.orig
+++ src/useradd.c
@@ -78,6 +78,9 @@
@@ -82,6 +82,9 @@
#ifndef SKEL_DIR
#define SKEL_DIR "/etc/skel"
#endif
@ -29,15 +19,15 @@ Index: src/useradd.c
#ifndef USER_DEFAULTS_FILE
#define USER_DEFAULTS_FILE "/etc/default/useradd"
#define NEW_USER_FILE "/etc/default/nuaddXXXXXX"
@@ -101,6 +104,7 @@ static const char *def_gname = "other";
@@ -106,6 +109,7 @@ static const char *def_gname = "other";
static const char *def_home = "/home";
static const char *def_shell = "";
static const char *def_shell = "/bin/bash";
static const char *def_template = SKEL_DIR;
+static const char *def_usrtemplate = USRSKELDIR;
static const char *def_create_mail_spool = "no";
static const char *def_create_mail_spool = "yes";
static long def_inactive = -1;
@@ -202,6 +206,7 @@ static bool home_added = false;
@@ -208,6 +212,7 @@ static bool home_added = false;
#define DINACT "INACTIVE="
#define DEXPIRE "EXPIRE="
#define DSKEL "SKEL="
@ -45,7 +35,7 @@ Index: src/useradd.c
#define DCREATE_MAIL_SPOOL "CREATE_MAIL_SPOOL="
/* local function prototypes */
@@ -469,6 +474,29 @@ static void get_defaults (void)
@@ -481,6 +486,29 @@ static void get_defaults (void)
}
/*
@ -75,7 +65,7 @@ Index: src/useradd.c
* Create by default user mail spool or not ?
*/
else if (MATCH (buf, DCREATE_MAIL_SPOOL)) {
@@ -500,6 +528,7 @@ static void show_defaults (void)
@@ -512,6 +540,7 @@ static void show_defaults (void)
printf ("EXPIRE=%s\n", def_expire);
printf ("SHELL=%s\n", def_shell);
printf ("SKEL=%s\n", def_template);
@ -83,7 +73,7 @@ Index: src/useradd.c
printf ("CREATE_MAIL_SPOOL=%s\n", def_create_mail_spool);
}
@@ -526,6 +555,7 @@ static int set_defaults (void)
@@ -538,6 +567,7 @@ static int set_defaults (void)
bool out_expire = false;
bool out_shell = false;
bool out_skel = false;
@ -91,7 +81,7 @@ Index: src/useradd.c
bool out_create_mail_spool = false;
size_t len;
int ret = -1;
@@ -620,6 +650,9 @@ static int set_defaults (void)
@@ -632,6 +662,9 @@ static int set_defaults (void)
} else if (!out_skel && MATCH (buf, DSKEL)) {
fprintf (ofp, DSKEL "%s\n", def_template);
out_skel = true;
@ -101,7 +91,7 @@ Index: src/useradd.c
} else if (!out_create_mail_spool
&& MATCH (buf, DCREATE_MAIL_SPOOL)) {
fprintf (ofp,
@@ -649,6 +682,8 @@ static int set_defaults (void)
@@ -661,6 +694,8 @@ static int set_defaults (void)
fprintf (ofp, DSHELL "%s\n", def_shell);
if (!out_skel)
fprintf (ofp, DSKEL "%s\n", def_template);
@ -110,7 +100,7 @@ Index: src/useradd.c
if (!out_create_mail_spool)
fprintf (ofp, DCREATE_MAIL_SPOOL "%s\n", def_create_mail_spool);
@@ -2507,6 +2542,8 @@ int main (int argc, char **argv)
@@ -2679,6 +2714,8 @@ int main (int argc, char **argv)
if (home_added) {
copy_tree (def_template, prefix_user_home, false, false,
(uid_t)-1, user_id, (gid_t)-1, user_gid);

16
userdel-script.patch
View File

@ -2,7 +2,7 @@ Index: lib/getdef.c
===================================================================
--- lib/getdef.c.orig
+++ lib/getdef.c
@@ -127,6 +127,8 @@ static struct itemdef def_table[] = {
@@ -150,6 +150,8 @@ static struct itemdef def_table[] = {
{"UID_MIN", NULL},
{"UMASK", NULL},
{"USERDEL_CMD", NULL},
@ -15,7 +15,7 @@ Index: etc/login.defs
===================================================================
--- etc/login.defs.orig
+++ etc/login.defs
@@ -216,9 +216,25 @@ DEFAULT_HOME yes
@@ -270,9 +270,25 @@ NONEXISTENT /nonexistent
# It should remove any at/cron/print jobs etc. owned by
# the user to be removed (passed as the first argument).
#
@ -45,7 +45,7 @@ Index: src/userdel.c
===================================================================
--- src/userdel.c.orig
+++ src/userdel.c
@@ -126,7 +126,7 @@ static void close_files (void);
@@ -131,7 +131,7 @@ static void close_files (void);
static void fail_exit (int);
static void open_files (void);
static void update_user (void);
@ -54,7 +54,7 @@ Index: src/userdel.c
#ifdef EXTRA_CHECK_HOME_DIR
static bool path_prefix (const char *, const char *);
@@ -768,13 +768,13 @@ static void update_user (void)
@@ -774,13 +774,13 @@ static void update_user (void)
* cron, at, or print jobs.
*/
@ -70,7 +70,7 @@ Index: src/userdel.c
if (NULL == cmd) {
return;
}
@@ -1214,9 +1214,10 @@ int main (int argc, char **argv)
@@ -1225,9 +1225,10 @@ int main (int argc, char **argv)
}
/*
@ -83,7 +83,7 @@ Index: src/userdel.c
open_files ();
update_user ();
update_groups ();
@@ -1337,7 +1338,7 @@ int main (int argc, char **argv)
@@ -1348,7 +1349,7 @@ int main (int argc, char **argv)
* the entry from /etc/passwd.
*/
if(prefix[0] == '\0')
@ -91,8 +91,8 @@ Index: src/userdel.c
+ call_script ("USERDEL_CMD", user_name);
close_files ();
#ifdef WITH_TCB
@@ -1348,6 +1349,9 @@ int main (int argc, char **argv)
if (run_parts ("/etc/shadow-maint/userdel-post.d", user_name, "userdel")) {
@@ -1363,6 +1364,9 @@ int main (int argc, char **argv)
nscd_flush_cache ("group");
sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);