From a52384dc013319198ba32b36cdb80b589280cda216b1fb2098110c1e36891394 Mon Sep 17 00:00:00 2001 From: Michael Vetter Date: Tue, 15 Sep 2020 07:22:16 +0000 Subject: [PATCH] Accepting request 833343 from home:sbrabec:branches:util-linux-multibuild - login.defs: Add support for new util-linux-2.36 login variable MOTD_FIRSTONLY (shadow-util-linux.patch). - shadow-login_defs-comments.patch: Remove duplicated LASTLOG_UID_MAX. - shadow-login_defs-check.sh: Update for new build system. - shadow-util-linux.patch: Restore lost chunk: SYSLOG_SU_ENAB is not used in SUSE Linux. - Refresh shadow-login_defs-suse.patch and shadow-login_defs-comments.patch. OBS-URL: https://build.opensuse.org/request/show/833343 OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=90 --- shadow-login_defs-check.sh | 2 +- shadow-login_defs-comments.patch | 28 +++++++++++++++----- shadow-login_defs-suse.patch | 26 +++++++++---------- shadow-util-linux.patch | 44 ++++++++++++++++++++++++++++---- shadow.changes | 13 ++++++++++ shadow.spec | 2 +- 6 files changed, 89 insertions(+), 26 deletions(-) diff --git a/shadow-login_defs-check.sh b/shadow-login_defs-check.sh index 21b74c1..b6dab00 100644 --- a/shadow-login_defs-check.sh +++ b/shadow-login_defs-check.sh @@ -104,7 +104,7 @@ LC_ALL=C sort -u ../../shadow-login_defs-check-login_defs.lst >../../shadow-logi echo "Extracting variables from lib/getdef.c..." # Extract variables referenced in lib/getdef.c using current defines. -sed -n 's/^\(},\|\) {"\([A-Z0-9_]*\)", /\2/p' ../../shadow-login_defs-check-getdef.lst +sed -n 's/^\(},\|\) {"\([A-Z0-9_]*\)", /\2/p' ../../shadow-login_defs-check-getdef.lst LC_ALL=C sort -u ../../shadow-login_defs-check-getdef.lst >../../shadow-login_defs-check-getdef-sorted.lst echo "Extracting variables from shadow..." diff --git a/shadow-login_defs-comments.patch b/shadow-login_defs-comments.patch index 69ffc76..5c9e4f1 100644 --- a/shadow-login_defs-comments.patch +++ b/shadow-login_defs-comments.patch @@ -13,7 +13,23 @@ Index: etc/login.defs # # Delay in seconds before being allowed another attempt after a login failure -@@ -47,6 +45,15 @@ CONSOLE /etc/securetty +@@ -23,15 +21,6 @@ LOG_UNKFAIL_ENAB no + # + + # +-# Limit the highest user ID number for which the lastlog entries should +-# be updated. +-# +-# No LASTLOG_UID_MAX means that there is no user ID limit for writing +-# lastlog entries. +-# +-#LASTLOG_UID_MAX +- +-# + # Enable "syslog" logging of newgrp(1) and sg(1) activity - in addition + # to sulog file logging. + # +@@ -46,6 +35,15 @@ CONSOLE /etc/securetty #CONSOLE console:tty01:tty02:tty03:tty04 # @@ -29,7 +45,7 @@ Index: etc/login.defs # If defined, all su(1) activity is logged to this file. # #SULOG_FILE /var/log/sulog -@@ -94,11 +101,14 @@ ENV_PATH /bin:/usr/bin +@@ -99,11 +97,14 @@ ENV_PATH /bin:/usr/bin ENV_ROOTPATH /sbin:/bin:/usr/sbin:/usr/bin #ENV_SUPATH /sbin:/bin:/usr/sbin:/usr/bin @@ -46,7 +62,7 @@ Index: etc/login.defs ALWAYS_SET_PATH no # -@@ -138,6 +148,11 @@ PASS_WARN_AGE 7 +@@ -148,6 +149,11 @@ PASS_WARN_AGE 7 # # Min/max values for automatic uid selection in useradd(8) # @@ -58,7 +74,7 @@ Index: etc/login.defs UID_MIN 1000 UID_MAX 60000 # System accounts -@@ -151,6 +166,11 @@ SUB_UID_COUNT 65536 +@@ -161,6 +167,11 @@ SUB_UID_COUNT 65536 # # Min/max values for automatic gid selection in groupadd(8) # @@ -70,7 +86,7 @@ Index: etc/login.defs GID_MIN 1000 GID_MAX 60000 # System accounts -@@ -180,7 +200,6 @@ LOGIN_TIMEOUT 60 +@@ -190,7 +201,6 @@ LOGIN_TIMEOUT 60 CHFN_RESTRICT rwh # @@ -78,7 +94,7 @@ Index: etc/login.defs # If set to "yes", new passwords will be encrypted using the MD5-based # algorithm compatible with the one used by recent releases of FreeBSD. # It supports passwords of unlimited length and longer salt strings. -@@ -195,7 +214,6 @@ CHFN_RESTRICT rwh +@@ -205,7 +215,6 @@ CHFN_RESTRICT rwh #MD5_CRYPT_ENAB no # diff --git a/shadow-login_defs-suse.patch b/shadow-login_defs-suse.patch index 1ef095b..db3c694 100644 --- a/shadow-login_defs-suse.patch +++ b/shadow-login_defs-suse.patch @@ -14,7 +14,7 @@ Index: etc/login.defs # # Delay in seconds before being allowed another attempt after a login failure -@@ -47,8 +50,7 @@ CONSOLE /etc/securetty +@@ -62,8 +65,7 @@ CONSOLE /etc/securetty # If defined, ":" delimited list of "message of the day" files to # be displayed upon login. # @@ -23,8 +23,8 @@ Index: etc/login.defs +#MOTD_FILE /etc/motd:/usr/share/misc/motd # - # If defined, file which maps tty line to TERM environment parameter. -@@ -62,8 +64,8 @@ MOTD_FILE /etc/motd + # If set to "yes", login stops display content specified by MOTD_FILE after +@@ -83,8 +85,8 @@ MOTD_FILE /etc/motd # user's name or shell are found in the file. If not a full pathname, then # hushed mode will be enabled if the file exists in the user's home directory. # @@ -35,7 +35,7 @@ Index: etc/login.defs # If this variable is set to "yes", hostname will be suppressed in the # login: prompt. -@@ -82,9 +84,9 @@ HUSHLOGIN_FILE .hushlogin +@@ -103,9 +105,9 @@ HUSHLOGIN_FILE .hushlogin # ENV_SUPATH is an ENV_ROOTPATH override for su and runuser # (and falback for login). # @@ -48,7 +48,7 @@ Index: etc/login.defs # If this variable is set to "yes" (default is "no"), su will always set # path. every su call will overwrite the PATH variable. -@@ -94,7 +96,7 @@ ENV_ROOTPATH /sbin:/bin:/usr/sbin:/usr/b +@@ -115,7 +117,7 @@ ENV_ROOTPATH /sbin:/bin:/usr/sbin:/usr/b # The recommended value is "yes". The default "no" behavior could have # a security implication in applications that use commands without path. # @@ -57,7 +57,7 @@ Index: etc/login.defs # # Terminal permissions -@@ -108,7 +110,7 @@ ALWAYS_SET_PATH no +@@ -129,7 +131,7 @@ ALWAYS_SET_PATH no # set TTYPERM to either 622 or 600. # TTYGROUP tty @@ -66,7 +66,7 @@ Index: etc/login.defs # Default initial "umask" value used by login(1) on non-PAM enabled systems. # Default "umask" value for pam_umask(8) on PAM enabled systems. -@@ -141,8 +143,8 @@ PASS_WARN_AGE 7 +@@ -167,8 +169,8 @@ PASS_WARN_AGE 7 UID_MIN 1000 UID_MAX 60000 # System accounts @@ -77,7 +77,7 @@ Index: etc/login.defs # Extra per user uids SUB_UID_MIN 100000 SUB_UID_MAX 600100000 -@@ -159,8 +161,8 @@ SUB_UID_COUNT 65536 +@@ -185,8 +187,8 @@ SUB_UID_COUNT 65536 GID_MIN 1000 GID_MAX 60000 # System accounts @@ -88,7 +88,7 @@ Index: etc/login.defs # Extra per user group ids SUB_GID_MIN 100000 SUB_GID_MAX 600100000 -@@ -169,7 +171,7 @@ SUB_GID_COUNT 65536 +@@ -195,7 +197,7 @@ SUB_GID_COUNT 65536 # # Max number of login(1) retries if password is bad # @@ -97,7 +97,7 @@ Index: etc/login.defs # # Max time in seconds for login(1) -@@ -185,18 +187,9 @@ LOGIN_TIMEOUT 60 +@@ -211,18 +213,9 @@ LOGIN_TIMEOUT 60 CHFN_RESTRICT rwh # @@ -118,7 +118,7 @@ Index: etc/login.defs # # If set to MD5, MD5-based algorithm will be used for encrypting password -@@ -210,7 +203,7 @@ CHFN_RESTRICT rwh +@@ -235,7 +228,7 @@ CHFN_RESTRICT rwh # Note: If you use PAM, it is recommended to use a value consistent with # the PAM modules configuration. # @@ -127,7 +127,7 @@ Index: etc/login.defs # # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512. -@@ -268,7 +261,7 @@ USERDEL_POSTCMD /usr/sbin/userde +@@ -311,7 +304,7 @@ USERDEL_POSTCMD /usr/sbin/userde # # This also enables userdel(8) to remove user groups if no members exist. # @@ -136,7 +136,7 @@ Index: etc/login.defs # # If set to a non-zero number, the shadow utilities will make sure that -@@ -291,13 +284,13 @@ USERGROUPS_ENAB yes +@@ -330,13 +323,13 @@ USERGROUPS_ENAB yes # This option is overridden with the -M or -m flags on the useradd(8) # command-line. # diff --git a/shadow-util-linux.patch b/shadow-util-linux.patch index 21dd71c..237f758 100644 --- a/shadow-util-linux.patch +++ b/shadow-util-linux.patch @@ -27,7 +27,33 @@ Index: etc/login.defs # # Limit the highest user ID number for which the lastlog entries should -@@ -72,12 +73,33 @@ MOTD_FILE /etc/motd +@@ -31,10 +32,9 @@ LOG_OK_LOGINS no + #LASTLOG_UID_MAX + + # +-# Enable "syslog" logging of su(1) activity - in addition to sulog file logging. +-# SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1). ++# Enable "syslog" logging of newgrp(1) and sg(1) activity - in addition ++# to sulog file logging. + # +-SYSLOG_SU_ENAB yes + SYSLOG_SG_ENAB yes + + # +@@ -58,6 +58,12 @@ MOTD_FILE /etc/motd + #MOTD_FILE /etc/motd:/usr/lib/news/news-motd + + # ++# If set to "yes", login stops display content specified by MOTD_FILE after ++# the first accessible item in the list. ++# ++#MOTD_FIRSTONLY no ++ ++# + # If defined, file which maps tty line to TERM environment parameter. + # Each line of the file is in a format similar to "vt100 tty01". + # +@@ -72,12 +78,33 @@ MOTD_FILE /etc/motd HUSHLOGIN_FILE .hushlogin #HUSHLOGIN_FILE /etc/hushlogins @@ -63,7 +89,7 @@ Index: etc/login.defs # # Terminal permissions -@@ -93,19 +115,6 @@ ENV_PATH PATH=/bin:/usr/bin +@@ -93,19 +120,6 @@ ENV_PATH PATH=/bin:/usr/bin TTYGROUP tty TTYPERM 0600 @@ -87,7 +113,15 @@ Index: lib/getdef.c =================================================================== --- lib/getdef.c.orig +++ lib/getdef.c -@@ -80,6 +80,7 @@ struct itemdef { +@@ -66,6 +66,7 @@ struct itemdef { + {"LOGIN_STRING", NULL}, \ + {"MAIL_CHECK_ENAB", NULL}, \ + {"MOTD_FILE", NULL}, \ ++ {"MOTD_FIRSTONLY", NULL}, \ + {"NOLOGINS_FILE", NULL}, \ + {"OBSCURE_CHECKS_ENAB", NULL}, \ + {"PASS_ALWAYS_WARN", NULL}, \ +@@ -80,6 +81,7 @@ struct itemdef { #define NUMDEFS (sizeof(def_table)/sizeof(def_table[0])) static struct itemdef def_table[] = { @@ -95,7 +129,7 @@ Index: lib/getdef.c {"CHARACTER_CLASS", NULL}, {"CHFN_RESTRICT", NULL}, {"CONSOLE_GROUPS", NULL}, -@@ -88,6 +89,7 @@ static struct itemdef def_table[] = { +@@ -88,6 +90,7 @@ static struct itemdef def_table[] = { {"DEFAULT_HOME", NULL}, {"ENCRYPT_METHOD", NULL}, {"ENV_PATH", NULL}, @@ -103,7 +137,7 @@ Index: lib/getdef.c {"ENV_SUPATH", NULL}, {"ERASECHAR", NULL}, {"FAIL_DELAY", NULL}, -@@ -98,6 +100,7 @@ static struct itemdef def_table[] = { +@@ -99,6 +102,7 @@ static struct itemdef def_table[] = { {"KILLCHAR", NULL}, {"LASTLOG_UID_MAX", NULL}, {"LOGIN_RETRIES", NULL}, diff --git a/shadow.changes b/shadow.changes index 62c706d..9e19dfa 100644 --- a/shadow.changes +++ b/shadow.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Tue Sep 8 00:56:37 UTC 2020 - Stanislav Brabec + +- login.defs: Add support for new util-linux-2.36 login variable + MOTD_FIRSTONLY (shadow-util-linux.patch). +- shadow-login_defs-comments.patch: Remove duplicated + LASTLOG_UID_MAX. +- shadow-login_defs-check.sh: Update for new build system. +- shadow-util-linux.patch: Restore lost chunk: SYSLOG_SU_ENAB is + not used in SUSE Linux. +- Refresh shadow-login_defs-suse.patch and + shadow-login_defs-comments.patch. + ------------------------------------------------------------------- Fri May 22 11:21:15 UTC 2020 - Fabian Vogt diff --git a/shadow.spec b/shadow.spec index 9c73f09..32c2ea8 100644 --- a/shadow.spec +++ b/shadow.spec @@ -86,7 +86,7 @@ Obsoletes: pwdutils <= 3.2.19 # encryption_method_nis.patch has to be ported! # Call shadow-login_defs-check.sh before! Provides: login_defs-support-for-pam = 1.3.1 -Provides: login_defs-support-for-util-linux = 2.33.1 +Provides: login_defs-support-for-util-linux = 2.36 Provides: useradd_or_adduser_dep %description