forked from pool/shadow
Accepting request 765745 from Base:System
- Set 0755 for chpasswd, groupadd, groupdel, groupmod, newusers, useradd, userdel, usermod explicitly. - bsc#1160729: Make valid shell check only a warning * Add shadow-4.8-shell-check.patch - Update to 4.8: * Initial optional bcrypt support. * Make build/install of 'su' optional. * Fix for vipw not resuming correctly when suspended * Sync password field descriptions in manpages * Check for valid shell argument in useradd * Allow translation of new strings through POTFILES.in * Migrate to itstool for translations * Migrate to new SELinux api * Support --enable-vendordir * pwck: Only check homedir if set and not a system user * Support nonstandard usernames * sget{pw,gr}ent: check for data at EOL * Add YYY-MM-DD support in chage * Fix failing chmod calls for suidubins * Fix --sbindir and --bindir for binary installations * Fix LASTLOG_UID_MAX in login.defs * Fix configure error with dash - Remove because upstreamed: * libeconf.patch * shadow-usermod-variable.patch - Rebase: * shadow-login_defs-unused-by-pam.patch * chkname-regex.patch OBS-URL: https://build.opensuse.org/request/show/765745 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shadow?expand=0&rev=36
This commit is contained in:
commit
9f37ba3939
@ -2,7 +2,7 @@ Index: etc/login.defs
|
||||
===================================================================
|
||||
--- etc/login.defs.orig
|
||||
+++ etc/login.defs
|
||||
@@ -274,3 +274,11 @@ USERGROUPS_ENAB yes
|
||||
@@ -299,3 +299,11 @@ USERGROUPS_ENAB yes
|
||||
# missing.
|
||||
#
|
||||
#FORCE_SHADOW yes
|
||||
@ -18,7 +18,7 @@ Index: lib/getdef.c
|
||||
===================================================================
|
||||
--- lib/getdef.c.orig
|
||||
+++ lib/getdef.c
|
||||
@@ -77,6 +77,7 @@ struct itemdef {
|
||||
@@ -80,6 +80,7 @@ struct itemdef {
|
||||
|
||||
#define NUMDEFS (sizeof(def_table)/sizeof(def_table[0]))
|
||||
static struct itemdef def_table[] = {
|
||||
@ -30,7 +30,7 @@ Index: libmisc/chkname.c
|
||||
===================================================================
|
||||
--- libmisc/chkname.c.orig
|
||||
+++ libmisc/chkname.c
|
||||
@@ -43,30 +43,57 @@
|
||||
@@ -43,8 +43,11 @@
|
||||
#ident "$Id$"
|
||||
|
||||
#include <ctype.h>
|
||||
@ -40,13 +40,15 @@ Index: libmisc/chkname.c
|
||||
+#include "getdef.h"
|
||||
+#include <stdio.h>
|
||||
|
||||
static bool is_valid_name (const char *name)
|
||||
{
|
||||
int allow_bad_names = false;
|
||||
|
||||
@@ -54,24 +57,46 @@ static bool is_valid_name (const char *n
|
||||
return true;
|
||||
}
|
||||
|
||||
- /*
|
||||
- * User/group names must match [a-z_][a-z0-9_-]*[$]
|
||||
- */
|
||||
- if (('\0' == *name) ||
|
||||
- !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) {
|
||||
+ const char *class;
|
||||
+ regex_t reg;
|
||||
+ int result;
|
||||
@ -79,7 +81,9 @@ Index: libmisc/chkname.c
|
||||
+ fprintf (stderr, _("Can't compile regular expression: %s\n"),
|
||||
+ buffer);
|
||||
+ } */
|
||||
+
|
||||
|
||||
- if (('\0' == *name) ||
|
||||
- !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) {
|
||||
+ regfree(®);
|
||||
return false;
|
||||
}
|
||||
@ -98,7 +102,4 @@ Index: libmisc/chkname.c
|
||||
+ return false;
|
||||
}
|
||||
|
||||
+ regfree(®);
|
||||
return true;
|
||||
}
|
||||
|
||||
|
362
libeconf.patch
362
libeconf.patch
@ -1,362 +0,0 @@
|
||||
From b52ce71c276d6dafceac6b942b534af77b647f48 Mon Sep 17 00:00:00 2001
|
||||
From: Thorsten Kukuk <kukuk@suse.com>
|
||||
Date: Fri, 20 Sep 2019 10:27:31 +0200
|
||||
Subject: [PATCH] Add support for a vendor directory and libeconf
|
||||
|
||||
With this, it is possible for Linux distributors to store their
|
||||
supplied default configuration files somewhere below /usr, while
|
||||
/etc only contains the changes made by the user. The new option
|
||||
--enable-vendordir defines where the shadow suite should additional
|
||||
look for login.defs if this file is not in /etc.
|
||||
libeconf is a key/value configuration file reading library, which
|
||||
handles the split of configuration files in different locations
|
||||
and merges them transparently for the application.
|
||||
---
|
||||
configure.ac | 13 +++++++-
|
||||
lib/Makefile.am | 4 +++
|
||||
lib/getdef.c | 76 +++++++++++++++++++++++++++++++++++++++++++
|
||||
libmisc/Makefile.am | 2 +-
|
||||
libmisc/prefix_flag.c | 18 ++++++----
|
||||
src/Makefile.am | 55 ++++++++++++++++---------------
|
||||
6 files changed, 132 insertions(+), 36 deletions(-)
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index 1907afbd..6a273766 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -247,7 +247,7 @@ AC_ARG_ENABLE(subordinate-ids,
|
||||
[enable_subids="maybe"]
|
||||
)
|
||||
|
||||
-AC_ARG_WITH(audit,
|
||||
+AC_ARG_WITH(audit,
|
||||
[AC_HELP_STRING([--with-audit], [use auditing support @<:@default=yes if found@:>@])],
|
||||
[with_audit=$withval], [with_audit=maybe])
|
||||
AC_ARG_WITH(libpam,
|
||||
@@ -321,6 +321,17 @@ AC_SEARCH_LIBS(inet_ntoa, inet)
|
||||
AC_SEARCH_LIBS(socket, socket)
|
||||
AC_SEARCH_LIBS(gethostbyname, nsl)
|
||||
|
||||
+AC_CHECK_LIB([econf],[econf_readDirs],[LIBECONF="-leconf"],[LIBECONF=""])
|
||||
+if test -n "$LIBECONF"; then
|
||||
+ ECONF_CPPFLAGS="-DUSE_ECONF=1"
|
||||
+ AC_ARG_ENABLE([vendordir],
|
||||
+ AS_HELP_STRING([--enable-vendordir=DIR], [Directory for distribution provided configuration files]),,[])
|
||||
+fi
|
||||
+AC_SUBST(ECONF_CPPFLAGS)
|
||||
+AC_SUBST(LIBECONF)
|
||||
+AC_SUBST([VENDORDIR], [$enable_vendordir])
|
||||
+AM_CONDITIONAL([HAVE_VENDORDIR], [test "x$enable_vendordir" != x])
|
||||
+
|
||||
if test "$enable_shadowgrp" = "yes"; then
|
||||
AC_DEFINE(SHADOWGRP, 1, [Define to support the shadow group file.])
|
||||
fi
|
||||
diff --git a/lib/Makefile.am b/lib/Makefile.am
|
||||
index fd634542..a40c08a1 100644
|
||||
--- a/lib/Makefile.am
|
||||
+++ b/lib/Makefile.am
|
||||
@@ -6,6 +6,10 @@ DEFS =
|
||||
noinst_LTLIBRARIES = libshadow.la
|
||||
|
||||
libshadow_la_LDFLAGS = -version-info 0:0:0
|
||||
+libshadow_la_CPPFLAGS = $(ECONF_CPPFLAGS)
|
||||
+if HAVE_VENDORDIR
|
||||
+libshadow_la_CPPFLAGS += -DVENDORDIR=\"$(VENDORDIR)\"
|
||||
+endif
|
||||
|
||||
libshadow_la_SOURCES = \
|
||||
commonio.c \
|
||||
diff --git a/lib/getdef.c b/lib/getdef.c
|
||||
index ece33a78..939aea29 100644
|
||||
--- a/lib/getdef.c
|
||||
+++ b/lib/getdef.c
|
||||
@@ -40,6 +40,9 @@
|
||||
#include <stdlib.h>
|
||||
#include <ctype.h>
|
||||
#include <errno.h>
|
||||
+#ifdef USE_ECONF
|
||||
+#include <libeconf.h>
|
||||
+#endif
|
||||
#include "getdef.h"
|
||||
/*
|
||||
* A configuration item definition.
|
||||
@@ -152,11 +155,20 @@ static struct itemdef knowndef_table[] = {
|
||||
{NULL, NULL}
|
||||
};
|
||||
|
||||
+#ifdef USE_ECONF
|
||||
+#ifdef VENDORDIR
|
||||
+static const char* vendordir = VENDORDIR;
|
||||
+#else
|
||||
+static const char* vendordir = NULL;
|
||||
+#endif
|
||||
+static const char* sysconfdir = "/etc";
|
||||
+#else
|
||||
#ifndef LOGINDEFS
|
||||
#define LOGINDEFS "/etc/login.defs"
|
||||
#endif
|
||||
|
||||
static const char* def_fname = LOGINDEFS; /* login config defs file */
|
||||
+#endif
|
||||
static bool def_loaded = false; /* are defs already loaded? */
|
||||
|
||||
/* local function prototypes */
|
||||
@@ -433,7 +445,27 @@ static /*@observer@*/ /*@null@*/struct itemdef *def_find (const char *name)
|
||||
|
||||
void setdef_config_file (const char* file)
|
||||
{
|
||||
+#ifdef USE_ECONF
|
||||
+ size_t len;
|
||||
+ char* cp;
|
||||
+
|
||||
+ len = strlen(file) + strlen(sysconfdir) + 2;
|
||||
+ cp = malloc(len);
|
||||
+ if (cp == NULL)
|
||||
+ exit (13);
|
||||
+ snprintf(cp, len, "%s/%s", file, sysconfdir);
|
||||
+ sysconfdir = cp;
|
||||
+#ifdef VENDORDIR
|
||||
+ len = strlen(file) + strlen(vendordir) + 2;
|
||||
+ cp = malloc(len);
|
||||
+ if (cp == NULL)
|
||||
+ exit (13);
|
||||
+ snprintf(cp, len, "%s/%s", file, vendordir);
|
||||
+ vendordir = cp;
|
||||
+#endif
|
||||
+#else
|
||||
def_fname = file;
|
||||
+#endif
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -444,9 +476,16 @@ void setdef_config_file (const char* file)
|
||||
|
||||
static void def_load (void)
|
||||
{
|
||||
+#ifdef USE_ECONF
|
||||
+ econf_file *defs_file = NULL;
|
||||
+ econf_err error;
|
||||
+ char **keys;
|
||||
+ size_t key_number;
|
||||
+#else
|
||||
int i;
|
||||
FILE *fp;
|
||||
char buf[1024], *name, *value, *s;
|
||||
+#endif
|
||||
|
||||
/*
|
||||
* Set the initialized flag.
|
||||
@@ -454,6 +493,42 @@ static void def_load (void)
|
||||
*/
|
||||
def_loaded = true;
|
||||
|
||||
+#ifdef USE_ECONF
|
||||
+
|
||||
+ error = econf_readDirs (&defs_file, vendordir, sysconfdir, "login", "defs", " \t", "#");
|
||||
+ if (error) {
|
||||
+ if (error == ECONF_NOFILE)
|
||||
+ return;
|
||||
+
|
||||
+ SYSLOG ((LOG_CRIT, "cannot open login definitions [%s]",
|
||||
+ econf_errString(error)));
|
||||
+ exit (EXIT_FAILURE);
|
||||
+ }
|
||||
+
|
||||
+ if ((error = econf_getKeys(defs_file, NULL, &key_number, &keys))) {
|
||||
+ SYSLOG ((LOG_CRIT, "cannot read login definitions [%s]",
|
||||
+ econf_errString(error)));
|
||||
+ exit (EXIT_FAILURE);
|
||||
+ }
|
||||
+
|
||||
+ for (size_t i = 0; i < key_number; i++) {
|
||||
+ char *value;
|
||||
+
|
||||
+ econf_getStringValue(defs_file, NULL, keys[i], &value);
|
||||
+
|
||||
+ /*
|
||||
+ * Store the value in def_table.
|
||||
+ *
|
||||
+ * Ignore failures to load the login.defs file.
|
||||
+ * The error was already reported to the user and to
|
||||
+ * syslog. The tools will just use their default values.
|
||||
+ */
|
||||
+ (void)putdef_str (keys[i], value);
|
||||
+ }
|
||||
+
|
||||
+ econf_free (keys);
|
||||
+ econf_free (defs_file);
|
||||
+#else
|
||||
/*
|
||||
* Open the configuration definitions file.
|
||||
*/
|
||||
@@ -517,6 +592,7 @@ static void def_load (void)
|
||||
}
|
||||
|
||||
(void) fclose (fp);
|
||||
+#endif
|
||||
}
|
||||
|
||||
|
||||
diff --git a/libmisc/Makefile.am b/libmisc/Makefile.am
|
||||
index 9aed980f..7f43161f 100644
|
||||
--- a/libmisc/Makefile.am
|
||||
+++ b/libmisc/Makefile.am
|
||||
@@ -1,7 +1,7 @@
|
||||
|
||||
EXTRA_DIST = .indent.pro xgetXXbyYY.c
|
||||
|
||||
-AM_CPPFLAGS = -I$(top_srcdir)/lib
|
||||
+AM_CPPFLAGS = -I$(top_srcdir)/lib $(ECONF_CPPFLAGS)
|
||||
|
||||
noinst_LIBRARIES = libmisc.a
|
||||
|
||||
diff --git a/libmisc/prefix_flag.c b/libmisc/prefix_flag.c
|
||||
index cd1eec47..4fe6d195 100644
|
||||
--- a/libmisc/prefix_flag.c
|
||||
+++ b/libmisc/prefix_flag.c
|
||||
@@ -96,7 +96,7 @@ extern const char* process_prefix_flag (const char* short_opt, int argc, char **
|
||||
}
|
||||
}
|
||||
|
||||
-
|
||||
+
|
||||
|
||||
if (prefix != NULL) {
|
||||
if ( prefix[0] == '\0' || !strcmp(prefix, "/"))
|
||||
@@ -113,7 +113,7 @@ extern const char* process_prefix_flag (const char* short_opt, int argc, char **
|
||||
group_db_file = xmalloc(len);
|
||||
snprintf(group_db_file, len, "%s/%s", prefix, GROUP_FILE);
|
||||
gr_setdbname(group_db_file);
|
||||
-
|
||||
+
|
||||
#ifdef SHADOWGRP
|
||||
len = strlen(prefix) + strlen(SGROUP_FILE) + 2;
|
||||
sgroup_db_file = xmalloc(len);
|
||||
@@ -128,7 +128,7 @@ extern const char* process_prefix_flag (const char* short_opt, int argc, char **
|
||||
spw_db_file = xmalloc(len);
|
||||
snprintf(spw_db_file, len, "%s/%s", prefix, SHADOW_FILE);
|
||||
spw_setdbname(spw_db_file);
|
||||
-
|
||||
+
|
||||
#ifdef ENABLE_SUBIDS
|
||||
len = strlen(prefix) + strlen("/etc/subuid") + 2;
|
||||
suid_db_file = xmalloc(len);
|
||||
@@ -141,11 +141,15 @@ extern const char* process_prefix_flag (const char* short_opt, int argc, char **
|
||||
sub_gid_setdbname(sgid_db_file);
|
||||
#endif
|
||||
|
||||
+#ifdef USE_ECONF
|
||||
+ setdef_config_file(prefix);
|
||||
+#else
|
||||
len = strlen(prefix) + strlen("/etc/login.defs") + 2;
|
||||
def_conf_file = xmalloc(len);
|
||||
snprintf(def_conf_file, len, "%s/%s", prefix, "/etc/login.defs");
|
||||
setdef_config_file(def_conf_file);
|
||||
- }
|
||||
+#endif
|
||||
+ }
|
||||
|
||||
if (prefix == NULL)
|
||||
return "";
|
||||
@@ -169,7 +173,7 @@ extern struct group *prefix_getgrnam(const char *name)
|
||||
fclose(fg);
|
||||
return grp;
|
||||
}
|
||||
-
|
||||
+
|
||||
return getgrnam(name);
|
||||
}
|
||||
|
||||
@@ -262,7 +266,7 @@ extern void prefix_setpwent()
|
||||
}
|
||||
if (fp_pwent)
|
||||
fclose (fp_pwent);
|
||||
-
|
||||
+
|
||||
fp_pwent = fopen(passwd_db_file, "rt");
|
||||
if(!fp_pwent)
|
||||
return;
|
||||
@@ -293,7 +297,7 @@ extern void prefix_setgrent()
|
||||
}
|
||||
if (fp_grent)
|
||||
fclose (fp_grent);
|
||||
-
|
||||
+
|
||||
fp_grent = fopen(group_db_file, "rt");
|
||||
if(!fp_grent)
|
||||
return;
|
||||
diff --git a/src/Makefile.am b/src/Makefile.am
|
||||
index f7f132ee..451816d7 100644
|
||||
--- a/src/Makefile.am
|
||||
+++ b/src/Makefile.am
|
||||
@@ -88,42 +88,43 @@ else
|
||||
LIBCRYPT_NOPAM = $(LIBCRYPT)
|
||||
endif
|
||||
|
||||
-chage_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
|
||||
+chage_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
|
||||
newuidmap_LDADD = $(LDADD) $(LIBSELINUX) $(LIBCAP)
|
||||
newgidmap_LDADD = $(LDADD) $(LIBSELINUX) $(LIBCAP)
|
||||
-chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
|
||||
-chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT)
|
||||
-chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
|
||||
-chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT)
|
||||
-gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT)
|
||||
-groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
|
||||
-groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
|
||||
-groupmems_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX)
|
||||
-groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
|
||||
-grpck_LDADD = $(LDADD) $(LIBSELINUX)
|
||||
-grpconv_LDADD = $(LDADD) $(LIBSELINUX)
|
||||
-grpunconv_LDADD = $(LDADD) $(LIBSELINUX)
|
||||
-lastlog_LDADD = $(LDADD) $(LIBAUDIT)
|
||||
+chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF)
|
||||
+chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
|
||||
+chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF)
|
||||
+chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
|
||||
+expiry_LDADD = $(LDADD) $(LIBECONF)
|
||||
+gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
|
||||
+groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
|
||||
+groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
|
||||
+groupmems_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBECONF)
|
||||
+groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
|
||||
+grpck_LDADD = $(LDADD) $(LIBSELINUX) $(LIBECONF)
|
||||
+grpconv_LDADD = $(LDADD) $(LIBSELINUX) $(LIBECONF)
|
||||
+grpunconv_LDADD = $(LDADD) $(LIBSELINUX) $(LIBECONF)
|
||||
+lastlog_LDADD = $(LDADD) $(LIBAUDIT) $(LIBECONF)
|
||||
login_SOURCES = \
|
||||
login.c \
|
||||
login_nopam.c
|
||||
-login_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
|
||||
-newgrp_LDADD = $(LDADD) $(LIBAUDIT) $(LIBCRYPT)
|
||||
-newusers_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT)
|
||||
+login_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF)
|
||||
+newgrp_LDADD = $(LDADD) $(LIBAUDIT) $(LIBCRYPT) $(LIBECONF)
|
||||
+newusers_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
|
||||
nologin_LDADD =
|
||||
-passwd_LDADD = $(LDADD) $(LIBPAM) $(LIBCRACK) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM)
|
||||
-pwck_LDADD = $(LDADD) $(LIBSELINUX)
|
||||
-pwconv_LDADD = $(LDADD) $(LIBSELINUX)
|
||||
-pwunconv_LDADD = $(LDADD) $(LIBSELINUX)
|
||||
+passwd_LDADD = $(LDADD) $(LIBPAM) $(LIBCRACK) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBECONF)
|
||||
+pwck_LDADD = $(LDADD) $(LIBSELINUX) $(LIBECONF)
|
||||
+pwconv_LDADD = $(LDADD) $(LIBSELINUX) $(LIBECONF)
|
||||
+pwunconv_LDADD = $(LDADD) $(LIBSELINUX) $(LIBECONF)
|
||||
su_SOURCES = \
|
||||
su.c \
|
||||
suauth.c
|
||||
-su_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
|
||||
-sulogin_LDADD = $(LDADD) $(LIBCRYPT)
|
||||
-useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR)
|
||||
-userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE)
|
||||
-usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR)
|
||||
-vipw_LDADD = $(LDADD) $(LIBSELINUX)
|
||||
+su_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF)
|
||||
+sulogin_LDADD = $(LDADD) $(LIBCRYPT) $(LIBECONF)
|
||||
+useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF)
|
||||
+userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBECONF)
|
||||
+usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF)
|
||||
+vipw_LDADD = $(LDADD) $(LIBSELINUX) $(LIBECONF)
|
||||
|
||||
install-am: all-am
|
||||
$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:e5e196a4a7e3b228c812f3163d368be3e932e6eaa4e616677a148d9ec921e16c
|
||||
size 1624340
|
@ -1,11 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQEzBAABCgAdFiEE8dCNt3gYW/eEAC3/6f7qBqheP50FAl0CfrYACgkQ6f7qBqhe
|
||||
P50xqQgAgmeu46zmQ7A+8nzcna8aaKQ5aftc9QVCQuPg94DvkXNuUjz384os1PBa
|
||||
9DM5ukiDiDWhkmoKDCro9d/JVfKg0v0W2Ee29JvaZRhpUFlk3xWZAM55Na22ywbv
|
||||
JYIF94wLfH0+AZQvjTpJmlJgeCK5K0L2LvAsPoEsHNuAKjpz7tFGJgqBKgK2+xAv
|
||||
csmBhPRShZypXH3tQ/jcMT8itPSRBGt4W55zuNUT2OKc5ioXxc1TJ5jn0YX8AsOQ
|
||||
5ZkBbGHL416QRonhiKfWsntB3RnmJQMcL8R72MpemKjVw+q+QYnnKIE/Fta7J0+N
|
||||
EkUBRYdbbiAsUNW3syN/Q2o+DF00aw==
|
||||
=dbPQ
|
||||
-----END PGP SIGNATURE-----
|
12
shadow-4.8-selinux-include.patch
Normal file
12
shadow-4.8-selinux-include.patch
Normal file
@ -0,0 +1,12 @@
|
||||
Index: shadow-4.8/lib/selinux.c
|
||||
===================================================================
|
||||
--- shadow-4.8.orig/lib/selinux.c
|
||||
+++ shadow-4.8/lib/selinux.c
|
||||
@@ -31,6 +31,7 @@
|
||||
|
||||
#ifdef WITH_SELINUX
|
||||
|
||||
+#include <stdio.h>
|
||||
#include "defines.h"
|
||||
|
||||
#include <selinux/selinux.h>
|
43
shadow-4.8-shell-check.patch
Normal file
43
shadow-4.8-shell-check.patch
Normal file
@ -0,0 +1,43 @@
|
||||
From 4ed08824e511fa5247006c71490b0440e1c17319 Mon Sep 17 00:00:00 2001
|
||||
From: Tomas Mraz <tmraz@fedoraproject.org>
|
||||
Date: Thu, 16 Jan 2020 12:55:30 +0100
|
||||
Subject: [PATCH] Make the check for non-executable shell only a warning.
|
||||
|
||||
Although it is a good idea to check for an inadvertent typo
|
||||
in the shell name it is possible that the shell might not be present
|
||||
on the system yet when the user is added.
|
||||
---
|
||||
src/useradd.c | 15 +++++++++++----
|
||||
1 file changed, 11 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/useradd.c b/src/useradd.c
|
||||
index c29ae949..a679392d 100644
|
||||
--- a/src/useradd.c
|
||||
+++ b/src/useradd.c
|
||||
@@ -1328,15 +1328,22 @@ static void process_flags (int argc, char **argv)
|
||||
if ( ( !VALID (optarg) )
|
||||
|| ( ('\0' != optarg[0])
|
||||
&& ('/' != optarg[0])
|
||||
- && ('*' != optarg[0]) )
|
||||
- || (stat(optarg, &st) != 0)
|
||||
- || (S_ISDIR(st.st_mode))
|
||||
- || (access(optarg, X_OK) != 0)) {
|
||||
+ && ('*' != optarg[0]) )) {
|
||||
fprintf (stderr,
|
||||
_("%s: invalid shell '%s'\n"),
|
||||
Prog, optarg);
|
||||
exit (E_BAD_ARG);
|
||||
}
|
||||
+ if ( '\0' != optarg[0]
|
||||
+ && '*' != optarg[0]
|
||||
+ && strcmp(optarg, "/sbin/nologin") != 0
|
||||
+ && ( stat(optarg, &st) != 0
|
||||
+ || S_ISDIR(st.st_mode)
|
||||
+ || access(optarg, X_OK) != 0)) {
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: Warning: missing or non-executable shell '%s'\n"),
|
||||
+ Prog, optarg);
|
||||
+ }
|
||||
user_shell = optarg;
|
||||
def_shell = optarg;
|
||||
sflg = true;
|
3
shadow-4.8.tar.xz
Normal file
3
shadow-4.8.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:64b46683b9c1f35b2cd2da9fa87a1383917666e85a56b35e081c7257d10dac64
|
||||
size 1609060
|
11
shadow-4.8.tar.xz.asc
Normal file
11
shadow-4.8.tar.xz.asc
Normal file
@ -0,0 +1,11 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQEzBAABCgAdFiEE8dCNt3gYW/eEAC3/6f7qBqheP50FAl3j/d0ACgkQ6f7qBqhe
|
||||
P5185Qf9E2/IuxNWXdL30l+rA9w5WAIiQ61UHf/Z4HXPaVQnSmjGruHeuCbEDhyF
|
||||
Lcqqmhfi84CdFSJe3F+0JrpgFQ1wfc+j/n1jPjrtpjtje7cuuwFTTVx8LDL+hULl
|
||||
ylQKneQdDfX1vZnmcD5Us8YifG+eiTOHsLnk+HpgRekMpr6mIzJm8SkyJiVp8kAO
|
||||
Rfp60+XlCW4Q0bExQ9Ig4ElEagQTODwQ6xPxM5pHvc/pEvJyH/2fq9BzSfDRMU8q
|
||||
h9pO3gDgXp0A7hmkBlQVPsG9vXCwNuvrAj4p7TTYqdn03uTTcknFqhoECuQjJ+BM
|
||||
z2WaKWY2NAn53AWzABsoaPW6t8Y+cg==
|
||||
=4/Ig
|
||||
-----END PGP SIGNATURE-----
|
@ -13,7 +13,7 @@ Index: etc/login.defs
|
||||
|
||||
#
|
||||
# Delay in seconds before being allowed another attempt after a login failure
|
||||
@@ -32,6 +30,15 @@ CONSOLE /etc/securetty
|
||||
@@ -47,6 +45,15 @@ CONSOLE /etc/securetty
|
||||
#CONSOLE console:tty01:tty02:tty03:tty04
|
||||
|
||||
#
|
||||
@ -29,7 +29,7 @@ Index: etc/login.defs
|
||||
# If defined, all su(1) activity is logged to this file.
|
||||
#
|
||||
#SULOG_FILE /var/log/sulog
|
||||
@@ -79,11 +86,14 @@ ENV_PATH /bin:/usr/bin
|
||||
@@ -94,11 +101,14 @@ ENV_PATH /bin:/usr/bin
|
||||
ENV_ROOTPATH /sbin:/bin:/usr/sbin:/usr/bin
|
||||
#ENV_SUPATH /sbin:/bin:/usr/sbin:/usr/bin
|
||||
|
||||
@ -46,7 +46,7 @@ Index: etc/login.defs
|
||||
ALWAYS_SET_PATH no
|
||||
|
||||
#
|
||||
@@ -123,6 +133,11 @@ PASS_WARN_AGE 7
|
||||
@@ -138,6 +148,11 @@ PASS_WARN_AGE 7
|
||||
#
|
||||
# Min/max values for automatic uid selection in useradd(8)
|
||||
#
|
||||
@ -58,7 +58,7 @@ Index: etc/login.defs
|
||||
UID_MIN 1000
|
||||
UID_MAX 60000
|
||||
# System accounts
|
||||
@@ -136,6 +151,11 @@ SUB_UID_COUNT 65536
|
||||
@@ -151,6 +166,11 @@ SUB_UID_COUNT 65536
|
||||
#
|
||||
# Min/max values for automatic gid selection in groupadd(8)
|
||||
#
|
||||
@ -70,7 +70,7 @@ Index: etc/login.defs
|
||||
GID_MIN 1000
|
||||
GID_MAX 60000
|
||||
# System accounts
|
||||
@@ -165,7 +185,6 @@ LOGIN_TIMEOUT 60
|
||||
@@ -180,7 +200,6 @@ LOGIN_TIMEOUT 60
|
||||
CHFN_RESTRICT rwh
|
||||
|
||||
#
|
||||
@ -78,7 +78,7 @@ Index: etc/login.defs
|
||||
# If set to "yes", new passwords will be encrypted using the MD5-based
|
||||
# algorithm compatible with the one used by recent releases of FreeBSD.
|
||||
# It supports passwords of unlimited length and longer salt strings.
|
||||
@@ -180,7 +199,6 @@ CHFN_RESTRICT rwh
|
||||
@@ -195,7 +214,6 @@ CHFN_RESTRICT rwh
|
||||
#MD5_CRYPT_ENAB no
|
||||
|
||||
#
|
||||
@ -86,14 +86,3 @@ Index: etc/login.defs
|
||||
# If set to MD5, MD5-based algorithm will be used for encrypting password
|
||||
# If set to SHA256, SHA256-based algorithm will be used for encrypting password
|
||||
# If set to SHA512, SHA512-based algorithm will be used for encrypting password
|
||||
@@ -208,8 +226,8 @@ CHFN_RESTRICT rwh
|
||||
# If only one of the MIN or MAX values is set, then this value will be used.
|
||||
# If MIN > MAX, the highest value will be used.
|
||||
#
|
||||
-# SHA_CRYPT_MIN_ROUNDS 5000
|
||||
-# SHA_CRYPT_MAX_ROUNDS 5000
|
||||
+#SHA_CRYPT_MIN_ROUNDS 5000
|
||||
+#SHA_CRYPT_MAX_ROUNDS 5000
|
||||
|
||||
#
|
||||
# Should login be allowed if we can't cd to the home directory?
|
||||
|
@ -20,7 +20,7 @@ Index: etc/login.defs
|
||||
# Enable display of unknown usernames when login(1) failures are recorded.
|
||||
#
|
||||
LOG_UNKFAIL_ENAB no
|
||||
@@ -27,34 +22,6 @@ LOG_UNKFAIL_ENAB no
|
||||
@@ -27,11 +22,6 @@ LOG_UNKFAIL_ENAB no
|
||||
LOG_OK_LOGINS no
|
||||
|
||||
#
|
||||
@ -29,6 +29,13 @@ Index: etc/login.defs
|
||||
-LASTLOG_ENAB yes
|
||||
-
|
||||
-#
|
||||
# Limit the highest user ID number for which the lastlog entries should
|
||||
# be updated.
|
||||
#
|
||||
@@ -41,29 +31,6 @@ LASTLOG_ENAB yes
|
||||
#LASTLOG_UID_MAX
|
||||
|
||||
#
|
||||
-# Enable checking and display of mailbox status upon login.
|
||||
-#
|
||||
-# Disable if the shell startup files already check for mail
|
||||
@ -55,7 +62,7 @@ Index: etc/login.defs
|
||||
# Enable "syslog" logging of su(1) activity - in addition to sulog file logging.
|
||||
# SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1).
|
||||
#
|
||||
@@ -82,46 +49,12 @@ MOTD_FILE /etc/motd
|
||||
@@ -91,46 +58,12 @@ MOTD_FILE /etc/motd
|
||||
#MOTD_FILE /etc/motd:/usr/lib/news/news-motd
|
||||
|
||||
#
|
||||
@ -102,7 +109,7 @@ Index: etc/login.defs
|
||||
# If defined, file which inhibits all the usual chatter during the login
|
||||
# sequence. If a full pathname, then hushed mode will be enabled if the
|
||||
# user's name or shell are found in the file. If not a full pathname, then
|
||||
@@ -131,21 +64,6 @@ HUSHLOGIN_FILE .hushlogin
|
||||
@@ -140,21 +73,6 @@ HUSHLOGIN_FILE .hushlogin
|
||||
#HUSHLOGIN_FILE /etc/hushlogins
|
||||
|
||||
#
|
||||
@ -124,7 +131,7 @@ Index: etc/login.defs
|
||||
# *REQUIRED* The default PATH settings, for superuser and normal users.
|
||||
#
|
||||
# (they are minimal, add the rest in the shell startup files)
|
||||
@@ -171,17 +89,13 @@ TTYPERM 0600
|
||||
@@ -180,17 +98,13 @@ TTYPERM 0600
|
||||
#
|
||||
# ERASECHAR Terminal ERASE character ('\010' = backspace).
|
||||
# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
|
||||
@ -142,7 +149,7 @@ Index: etc/login.defs
|
||||
|
||||
# Default initial "umask" value used by login(1) on non-PAM enabled systems.
|
||||
# Default "umask" value for pam_umask(8) on PAM enabled systems.
|
||||
@@ -197,28 +111,13 @@ UMASK 022
|
||||
@@ -206,28 +120,13 @@ UMASK 022
|
||||
#
|
||||
# PASS_MAX_DAYS Maximum number of days a password may be used.
|
||||
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
|
||||
@ -171,7 +178,7 @@ Index: etc/login.defs
|
||||
# Min/max values for automatic uid selection in useradd(8)
|
||||
#
|
||||
UID_MIN 1000
|
||||
@@ -255,28 +154,6 @@ LOGIN_RETRIES 5
|
||||
@@ -264,28 +163,6 @@ LOGIN_RETRIES 5
|
||||
LOGIN_TIMEOUT 60
|
||||
|
||||
#
|
||||
@ -200,7 +207,7 @@ Index: etc/login.defs
|
||||
# Which fields may be changed by regular users using chfn(1) - use
|
||||
# any combination of letters "frwh" (full name, room number, work
|
||||
# phone, home phone). If not defined, no changes are allowed.
|
||||
@@ -285,13 +162,6 @@ CHFN_AUTH yes
|
||||
@@ -294,13 +171,6 @@ CHFN_AUTH yes
|
||||
CHFN_RESTRICT rwh
|
||||
|
||||
#
|
||||
@ -214,8 +221,8 @@ Index: etc/login.defs
|
||||
# Only works if compiled with MD5_CRYPT defined:
|
||||
# If set to "yes", new passwords will be encrypted using the MD5-based
|
||||
# algorithm compatible with the one used by recent releases of FreeBSD.
|
||||
@@ -336,29 +206,12 @@ CHFN_RESTRICT rwh
|
||||
# SHA_CRYPT_MAX_ROUNDS 5000
|
||||
@@ -361,29 +231,12 @@ CHFN_RESTRICT rwh
|
||||
#BCRYPT_MAX_ROUNDS 13
|
||||
|
||||
#
|
||||
-# List of groups to add to the user's supplementary group set
|
||||
|
@ -1,28 +0,0 @@
|
||||
From fc0ed79e5d700b4a730235fe88e60951717edc6e Mon Sep 17 00:00:00 2001
|
||||
From: Stanislav Brabec <sbrabec@suse.cz>
|
||||
Date: Fri, 26 Jul 2019 21:39:42 +0200
|
||||
Subject: [PATCH] usermod.c: Fix invalid variable name
|
||||
|
||||
Fix invalid LASTLOG_MAX_UID variable name to correct LASTLOG_UID_MAX.
|
||||
|
||||
Signed-off-by: Stanislav Brabec <sbrabec@suse.cz>
|
||||
---
|
||||
src/usermod.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/usermod.c b/src/usermod.c
|
||||
index c3718864..0ae50e34 100644
|
||||
--- a/src/usermod.c
|
||||
+++ b/src/usermod.c
|
||||
@@ -1879,7 +1879,7 @@ static void update_lastlog (void)
|
||||
return;
|
||||
}
|
||||
|
||||
- max_uid = (uid_t) getdef_ulong ("LASTLOG_MAX_UID", 0xFFFFFFFFUL);
|
||||
+ max_uid = (uid_t) getdef_ulong ("LASTLOG_UID_MAX", 0xFFFFFFFFUL);
|
||||
if (user_newid > max_uid) {
|
||||
/* do not touch lastlog for large uids */
|
||||
return;
|
||||
--
|
||||
2.22.0
|
||||
|
@ -16,7 +16,7 @@ Index: etc/login.defs
|
||||
#
|
||||
# $Id$
|
||||
#
|
||||
@@ -17,15 +19,8 @@ FAIL_DELAY 3
|
||||
@@ -17,9 +19,8 @@ FAIL_DELAY 3
|
||||
LOG_UNKFAIL_ENAB no
|
||||
|
||||
#
|
||||
@ -24,16 +24,10 @@ Index: etc/login.defs
|
||||
+# Enable "syslog" logging of newgrp(1) and sg(1) activity.
|
||||
#
|
||||
-LOG_OK_LOGINS no
|
||||
-
|
||||
-#
|
||||
-# Enable "syslog" logging of su(1) activity - in addition to sulog file logging.
|
||||
-# SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1).
|
||||
-#
|
||||
-SYSLOG_SU_ENAB yes
|
||||
SYSLOG_SG_ENAB yes
|
||||
|
||||
#
|
||||
@@ -63,12 +58,33 @@ MOTD_FILE /etc/motd
|
||||
# Limit the highest user ID number for which the lastlog entries should
|
||||
@@ -72,12 +73,33 @@ MOTD_FILE /etc/motd
|
||||
HUSHLOGIN_FILE .hushlogin
|
||||
#HUSHLOGIN_FILE /etc/hushlogins
|
||||
|
||||
@ -69,7 +63,7 @@ Index: etc/login.defs
|
||||
|
||||
#
|
||||
# Terminal permissions
|
||||
@@ -84,19 +100,6 @@ ENV_PATH PATH=/bin:/usr/bin
|
||||
@@ -93,19 +115,6 @@ ENV_PATH PATH=/bin:/usr/bin
|
||||
TTYGROUP tty
|
||||
TTYPERM 0600
|
||||
|
||||
@ -93,7 +87,7 @@ Index: lib/getdef.c
|
||||
===================================================================
|
||||
--- lib/getdef.c.orig
|
||||
+++ lib/getdef.c
|
||||
@@ -77,6 +77,7 @@ struct itemdef {
|
||||
@@ -80,6 +80,7 @@ struct itemdef {
|
||||
|
||||
#define NUMDEFS (sizeof(def_table)/sizeof(def_table[0]))
|
||||
static struct itemdef def_table[] = {
|
||||
@ -101,7 +95,7 @@ Index: lib/getdef.c
|
||||
{"CHARACTER_CLASS", NULL},
|
||||
{"CHFN_RESTRICT", NULL},
|
||||
{"CONSOLE_GROUPS", NULL},
|
||||
@@ -85,6 +86,7 @@ static struct itemdef def_table[] = {
|
||||
@@ -88,6 +89,7 @@ static struct itemdef def_table[] = {
|
||||
{"DEFAULT_HOME", NULL},
|
||||
{"ENCRYPT_METHOD", NULL},
|
||||
{"ENV_PATH", NULL},
|
||||
@ -109,7 +103,7 @@ Index: lib/getdef.c
|
||||
{"ENV_SUPATH", NULL},
|
||||
{"ERASECHAR", NULL},
|
||||
{"FAIL_DELAY", NULL},
|
||||
@@ -95,6 +97,7 @@ static struct itemdef def_table[] = {
|
||||
@@ -98,6 +100,7 @@ static struct itemdef def_table[] = {
|
||||
{"KILLCHAR", NULL},
|
||||
{"LASTLOG_UID_MAX", NULL},
|
||||
{"LOGIN_RETRIES", NULL},
|
||||
|
@ -1,3 +1,47 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Jan 20 10:36:20 UTC 2020 - Michael Vetter <mvetter@suse.com>
|
||||
|
||||
- Set 0755 for chpasswd, groupadd, groupdel, groupmod, newusers,
|
||||
useradd, userdel, usermod explicitly.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 16 12:54:39 UTC 2020 - Michael Vetter <mvetter@suse.com>
|
||||
|
||||
- bsc#1160729: Make valid shell check only a warning
|
||||
* Add shadow-4.8-shell-check.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Dec 17 12:43:01 UTC 2019 - Michael Vetter <mvetter@suse.com>
|
||||
|
||||
- Update to 4.8:
|
||||
* Initial optional bcrypt support.
|
||||
* Make build/install of 'su' optional.
|
||||
* Fix for vipw not resuming correctly when suspended
|
||||
* Sync password field descriptions in manpages
|
||||
* Check for valid shell argument in useradd
|
||||
* Allow translation of new strings through POTFILES.in
|
||||
* Migrate to itstool for translations
|
||||
* Migrate to new SELinux api
|
||||
* Support --enable-vendordir
|
||||
* pwck: Only check homedir if set and not a system user
|
||||
* Support nonstandard usernames
|
||||
* sget{pw,gr}ent: check for data at EOL
|
||||
* Add YYY-MM-DD support in chage
|
||||
* Fix failing chmod calls for suidubins
|
||||
* Fix --sbindir and --bindir for binary installations
|
||||
* Fix LASTLOG_UID_MAX in login.defs
|
||||
* Fix configure error with dash
|
||||
- Remove because upstreamed:
|
||||
* libeconf.patch
|
||||
* shadow-usermod-variable.patch
|
||||
- Rebase:
|
||||
* shadow-login_defs-unused-by-pam.patch
|
||||
* chkname-regex.patch
|
||||
* shadow-util-linux.patch
|
||||
* shadow-login_defs-comments.patch
|
||||
- Add shadow-4.8-selinux-include.patch
|
||||
See https://github.com/shadow-maint/shadow/pull/200
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Oct 7 09:50:30 CEST 2019 - kukuk@suse.de
|
||||
|
||||
|
34
shadow.spec
34
shadow.spec
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package shadow
|
||||
#
|
||||
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -12,7 +12,7 @@
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
||||
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
|
||||
@ -23,7 +23,7 @@
|
||||
%endif
|
||||
|
||||
Name: shadow
|
||||
Version: 4.7
|
||||
Version: 4.8
|
||||
Release: 0
|
||||
Summary: Utilities to Manage User and Group Accounts
|
||||
License: BSD-3-Clause AND GPL-2.0-or-later
|
||||
@ -61,12 +61,12 @@ Patch7: shadow-4.1.5.1-logmsg.patch
|
||||
Patch13: shadow-login_defs-comments.patch
|
||||
# PATCH-FEATURE-SUSE shadow-login_defs-suse.patch kukuk@suse.com -- Customize login.defs.
|
||||
Patch14: shadow-login_defs-suse.patch
|
||||
# PATCH-FIX-UPSTREAM shadow-4.8-selinux-include.patch mvetter@suse.com -- https://github.com/shadow-maint/shadow/pull/200
|
||||
Patch15: shadow-4.8-selinux-include.patch
|
||||
# PATCH-FEATURE mvetter@suse.com -- bsc#1160729 https://github.com/shadow-maint/shadow/pull/210
|
||||
Patch16: shadow-4.8-shell-check.patch
|
||||
# PATCH-FIX-SUSE disable_new_audit_function.patch adam.majer@suse.de -- Disable newer libaudit functionality for older distributions.
|
||||
Patch20: disable_new_audit_function.patch
|
||||
# PATCH-FIX-UPSTREAM shadow-usermod-variable.patch https://github.com/shadow-maint/shadow/pull/170 sbrabec@suse.com -- Fix variable name.
|
||||
Patch21: shadow-usermod-variable.patch
|
||||
# PATCH-FEATURE-UPSTREAM libeconf.patch https://github.com/shadow-maint/shadow/pull/180 kukuk@suse.com -- Add support for a vendor directory and libeconf
|
||||
Patch22: libeconf.patch
|
||||
BuildRequires: audit-devel > 2.3
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
@ -110,11 +110,11 @@ group accounts.
|
||||
%patch7
|
||||
%patch13
|
||||
%patch14
|
||||
%patch15 -p1
|
||||
%patch16 -p1
|
||||
%if 0%{?suse_version} < 1330
|
||||
%patch20 -p1
|
||||
%endif
|
||||
%patch21 -p1
|
||||
%patch22 -p1
|
||||
|
||||
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
|
||||
mv -v doc/HOWTO.utf8 doc/HOWTO
|
||||
@ -312,18 +312,18 @@ done
|
||||
%verify(not mode) %attr(4755,root,shadow) %{_bindir}/newuidmap
|
||||
%{_bindir}/lastlog
|
||||
%{_bindir}/sg
|
||||
%{_sbindir}/groupadd
|
||||
%{_sbindir}/groupdel
|
||||
%{_sbindir}/groupmod
|
||||
%attr(0755,root,root) %{_sbindir}/groupadd
|
||||
%attr(0755,root,root) %{_sbindir}/groupdel
|
||||
%attr(0755,root,root) %{_sbindir}/groupmod
|
||||
%{_sbindir}/grpck
|
||||
%{_sbindir}/pwck
|
||||
%{_sbindir}/useradd
|
||||
%{_sbindir}/userdel
|
||||
%{_sbindir}/usermod
|
||||
%attr(0755,root,root) %{_sbindir}/useradd
|
||||
%attr(0755,root,root) %{_sbindir}/userdel
|
||||
%attr(0755,root,root) %{_sbindir}/usermod
|
||||
%{_sbindir}/pwconv
|
||||
%{_sbindir}/pwunconv
|
||||
%{_sbindir}/chpasswd
|
||||
%{_sbindir}/newusers
|
||||
%attr(0755,root,root) %{_sbindir}/chpasswd
|
||||
%attr(0755,root,root) %{_sbindir}/newusers
|
||||
%{_sbindir}/vipw
|
||||
%{_sbindir}/vigr
|
||||
%verify(not md5 size mtime) %config(noreplace) %{_sbindir}/useradd.local
|
||||
|
Loading…
Reference in New Issue
Block a user