From 93639b1c7669509068e27c38dc6d0eaaf7045c10c189ea99c722ebd527fcd9c5 Mon Sep 17 00:00:00 2001 From: Michael Vetter Date: Tue, 17 Dec 2019 12:44:46 +0000 Subject: [PATCH] - Update to 4.8: * Initial optional bcrypt support. * Make build/install of 'su' optional. * Fix for vipw not resuming correctly when suspended * Sync password field descriptions in manpages * Check for valid shell argument in useradd * Allow translation of new strings through POTFILES.in * Migrate to itstool for translations * Migrate to new SELinux api * Support --enable-vendordir * pwck: Only check homedir if set and not a system user * Support nonstandard usernames * sget{pw,gr}ent: check for data at EOL * Add YYY-MM-DD support in chage * Fix failing chmod calls for suidubins * Fix --sbindir and --bindir for binary installations * Fix LASTLOG_UID_MAX in login.defs * Fix configure error with dash - Remove because upstreamed: * libeconf.patch * shadow-usermod-variable.patch - Rebase: * shadow-login_defs-unused-by-pam.patch * chkname-regex.patch * shadow-util-linux.patch * shadow-login_defs-comments.patch - Add shadow-4.8-selinux-include.patch See https://github.com/shadow-maint/shadow/pull/200 OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=81 --- chkname-regex.patch | 23 ++++++++++--------- shadow-4.7.tar.xz | 3 --- shadow-4.7.tar.xz.asc | 11 --------- shadow-4.8-selinux-include.patch | 12 ++++++++++ shadow-4.8.tar.xz | 3 +++ shadow-4.8.tar.xz.asc | 11 +++++++++ shadow-login_defs-comments.patch | 23 +++++-------------- shadow-login_defs-unused-by-pam.patch | 25 +++++++++++++-------- shadow-util-linux.patch | 20 ++++++----------- shadow.changes | 32 +++++++++++++++++++++++++++ shadow.spec | 13 +++++------ 11 files changed, 104 insertions(+), 72 deletions(-) delete mode 100644 shadow-4.7.tar.xz delete mode 100644 shadow-4.7.tar.xz.asc create mode 100644 shadow-4.8-selinux-include.patch create mode 100644 shadow-4.8.tar.xz create mode 100644 shadow-4.8.tar.xz.asc diff --git a/chkname-regex.patch b/chkname-regex.patch index 9fc4c27..75e7272 100644 --- a/chkname-regex.patch +++ b/chkname-regex.patch @@ -2,7 +2,7 @@ Index: etc/login.defs =================================================================== --- etc/login.defs.orig +++ etc/login.defs -@@ -274,3 +274,11 @@ USERGROUPS_ENAB yes +@@ -299,3 +299,11 @@ USERGROUPS_ENAB yes # missing. # #FORCE_SHADOW yes @@ -18,7 +18,7 @@ Index: lib/getdef.c =================================================================== --- lib/getdef.c.orig +++ lib/getdef.c -@@ -77,6 +77,7 @@ struct itemdef { +@@ -80,6 +80,7 @@ struct itemdef { #define NUMDEFS (sizeof(def_table)/sizeof(def_table[0])) static struct itemdef def_table[] = { @@ -30,7 +30,7 @@ Index: libmisc/chkname.c =================================================================== --- libmisc/chkname.c.orig +++ libmisc/chkname.c -@@ -43,30 +43,57 @@ +@@ -43,8 +43,11 @@ #ident "$Id$" #include @@ -40,13 +40,15 @@ Index: libmisc/chkname.c +#include "getdef.h" +#include - static bool is_valid_name (const char *name) - { + int allow_bad_names = false; + +@@ -54,24 +57,46 @@ static bool is_valid_name (const char *n + return true; + } + - /* - * User/group names must match [a-z_][a-z0-9_-]*[$] - */ -- if (('\0' == *name) || -- !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) { + const char *class; + regex_t reg; + int result; @@ -79,7 +81,9 @@ Index: libmisc/chkname.c + fprintf (stderr, _("Can't compile regular expression: %s\n"), + buffer); + } */ -+ + +- if (('\0' == *name) || +- !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) { + regfree(®); return false; } @@ -98,7 +102,4 @@ Index: libmisc/chkname.c + return false; } -+ regfree(®); return true; - } - diff --git a/shadow-4.7.tar.xz b/shadow-4.7.tar.xz deleted file mode 100644 index 1b003f5..0000000 --- a/shadow-4.7.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e5e196a4a7e3b228c812f3163d368be3e932e6eaa4e616677a148d9ec921e16c -size 1624340 diff --git a/shadow-4.7.tar.xz.asc b/shadow-4.7.tar.xz.asc deleted file mode 100644 index a866b61..0000000 --- a/shadow-4.7.tar.xz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCgAdFiEE8dCNt3gYW/eEAC3/6f7qBqheP50FAl0CfrYACgkQ6f7qBqhe -P50xqQgAgmeu46zmQ7A+8nzcna8aaKQ5aftc9QVCQuPg94DvkXNuUjz384os1PBa -9DM5ukiDiDWhkmoKDCro9d/JVfKg0v0W2Ee29JvaZRhpUFlk3xWZAM55Na22ywbv -JYIF94wLfH0+AZQvjTpJmlJgeCK5K0L2LvAsPoEsHNuAKjpz7tFGJgqBKgK2+xAv -csmBhPRShZypXH3tQ/jcMT8itPSRBGt4W55zuNUT2OKc5ioXxc1TJ5jn0YX8AsOQ -5ZkBbGHL416QRonhiKfWsntB3RnmJQMcL8R72MpemKjVw+q+QYnnKIE/Fta7J0+N -EkUBRYdbbiAsUNW3syN/Q2o+DF00aw== -=dbPQ ------END PGP SIGNATURE----- diff --git a/shadow-4.8-selinux-include.patch b/shadow-4.8-selinux-include.patch new file mode 100644 index 0000000..17b7d04 --- /dev/null +++ b/shadow-4.8-selinux-include.patch @@ -0,0 +1,12 @@ +Index: shadow-4.8/lib/selinux.c +=================================================================== +--- shadow-4.8.orig/lib/selinux.c ++++ shadow-4.8/lib/selinux.c +@@ -31,6 +31,7 @@ + + #ifdef WITH_SELINUX + ++#include + #include "defines.h" + + #include diff --git a/shadow-4.8.tar.xz b/shadow-4.8.tar.xz new file mode 100644 index 0000000..35708d6 --- /dev/null +++ b/shadow-4.8.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:64b46683b9c1f35b2cd2da9fa87a1383917666e85a56b35e081c7257d10dac64 +size 1609060 diff --git a/shadow-4.8.tar.xz.asc b/shadow-4.8.tar.xz.asc new file mode 100644 index 0000000..9fc1018 --- /dev/null +++ b/shadow-4.8.tar.xz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCgAdFiEE8dCNt3gYW/eEAC3/6f7qBqheP50FAl3j/d0ACgkQ6f7qBqhe +P5185Qf9E2/IuxNWXdL30l+rA9w5WAIiQ61UHf/Z4HXPaVQnSmjGruHeuCbEDhyF +Lcqqmhfi84CdFSJe3F+0JrpgFQ1wfc+j/n1jPjrtpjtje7cuuwFTTVx8LDL+hULl +ylQKneQdDfX1vZnmcD5Us8YifG+eiTOHsLnk+HpgRekMpr6mIzJm8SkyJiVp8kAO +Rfp60+XlCW4Q0bExQ9Ig4ElEagQTODwQ6xPxM5pHvc/pEvJyH/2fq9BzSfDRMU8q +h9pO3gDgXp0A7hmkBlQVPsG9vXCwNuvrAj4p7TTYqdn03uTTcknFqhoECuQjJ+BM +z2WaKWY2NAn53AWzABsoaPW6t8Y+cg== +=4/Ig +-----END PGP SIGNATURE----- diff --git a/shadow-login_defs-comments.patch b/shadow-login_defs-comments.patch index 31c190e..69ffc76 100644 --- a/shadow-login_defs-comments.patch +++ b/shadow-login_defs-comments.patch @@ -13,7 +13,7 @@ Index: etc/login.defs # # Delay in seconds before being allowed another attempt after a login failure -@@ -32,6 +30,15 @@ CONSOLE /etc/securetty +@@ -47,6 +45,15 @@ CONSOLE /etc/securetty #CONSOLE console:tty01:tty02:tty03:tty04 # @@ -29,7 +29,7 @@ Index: etc/login.defs # If defined, all su(1) activity is logged to this file. # #SULOG_FILE /var/log/sulog -@@ -79,11 +86,14 @@ ENV_PATH /bin:/usr/bin +@@ -94,11 +101,14 @@ ENV_PATH /bin:/usr/bin ENV_ROOTPATH /sbin:/bin:/usr/sbin:/usr/bin #ENV_SUPATH /sbin:/bin:/usr/sbin:/usr/bin @@ -46,7 +46,7 @@ Index: etc/login.defs ALWAYS_SET_PATH no # -@@ -123,6 +133,11 @@ PASS_WARN_AGE 7 +@@ -138,6 +148,11 @@ PASS_WARN_AGE 7 # # Min/max values for automatic uid selection in useradd(8) # @@ -58,7 +58,7 @@ Index: etc/login.defs UID_MIN 1000 UID_MAX 60000 # System accounts -@@ -136,6 +151,11 @@ SUB_UID_COUNT 65536 +@@ -151,6 +166,11 @@ SUB_UID_COUNT 65536 # # Min/max values for automatic gid selection in groupadd(8) # @@ -70,7 +70,7 @@ Index: etc/login.defs GID_MIN 1000 GID_MAX 60000 # System accounts -@@ -165,7 +185,6 @@ LOGIN_TIMEOUT 60 +@@ -180,7 +200,6 @@ LOGIN_TIMEOUT 60 CHFN_RESTRICT rwh # @@ -78,7 +78,7 @@ Index: etc/login.defs # If set to "yes", new passwords will be encrypted using the MD5-based # algorithm compatible with the one used by recent releases of FreeBSD. # It supports passwords of unlimited length and longer salt strings. -@@ -180,7 +199,6 @@ CHFN_RESTRICT rwh +@@ -195,7 +214,6 @@ CHFN_RESTRICT rwh #MD5_CRYPT_ENAB no # @@ -86,14 +86,3 @@ Index: etc/login.defs # If set to MD5, MD5-based algorithm will be used for encrypting password # If set to SHA256, SHA256-based algorithm will be used for encrypting password # If set to SHA512, SHA512-based algorithm will be used for encrypting password -@@ -208,8 +226,8 @@ CHFN_RESTRICT rwh - # If only one of the MIN or MAX values is set, then this value will be used. - # If MIN > MAX, the highest value will be used. - # --# SHA_CRYPT_MIN_ROUNDS 5000 --# SHA_CRYPT_MAX_ROUNDS 5000 -+#SHA_CRYPT_MIN_ROUNDS 5000 -+#SHA_CRYPT_MAX_ROUNDS 5000 - - # - # Should login be allowed if we can't cd to the home directory? diff --git a/shadow-login_defs-unused-by-pam.patch b/shadow-login_defs-unused-by-pam.patch index 4fbae3f..948f797 100644 --- a/shadow-login_defs-unused-by-pam.patch +++ b/shadow-login_defs-unused-by-pam.patch @@ -20,7 +20,7 @@ Index: etc/login.defs # Enable display of unknown usernames when login(1) failures are recorded. # LOG_UNKFAIL_ENAB no -@@ -27,34 +22,6 @@ LOG_UNKFAIL_ENAB no +@@ -27,11 +22,6 @@ LOG_UNKFAIL_ENAB no LOG_OK_LOGINS no # @@ -29,6 +29,13 @@ Index: etc/login.defs -LASTLOG_ENAB yes - -# + # Limit the highest user ID number for which the lastlog entries should + # be updated. + # +@@ -41,29 +31,6 @@ LASTLOG_ENAB yes + #LASTLOG_UID_MAX + + # -# Enable checking and display of mailbox status upon login. -# -# Disable if the shell startup files already check for mail @@ -55,7 +62,7 @@ Index: etc/login.defs # Enable "syslog" logging of su(1) activity - in addition to sulog file logging. # SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1). # -@@ -82,46 +49,12 @@ MOTD_FILE /etc/motd +@@ -91,46 +58,12 @@ MOTD_FILE /etc/motd #MOTD_FILE /etc/motd:/usr/lib/news/news-motd # @@ -102,7 +109,7 @@ Index: etc/login.defs # If defined, file which inhibits all the usual chatter during the login # sequence. If a full pathname, then hushed mode will be enabled if the # user's name or shell are found in the file. If not a full pathname, then -@@ -131,21 +64,6 @@ HUSHLOGIN_FILE .hushlogin +@@ -140,21 +73,6 @@ HUSHLOGIN_FILE .hushlogin #HUSHLOGIN_FILE /etc/hushlogins # @@ -124,7 +131,7 @@ Index: etc/login.defs # *REQUIRED* The default PATH settings, for superuser and normal users. # # (they are minimal, add the rest in the shell startup files) -@@ -171,17 +89,13 @@ TTYPERM 0600 +@@ -180,17 +98,13 @@ TTYPERM 0600 # # ERASECHAR Terminal ERASE character ('\010' = backspace). # KILLCHAR Terminal KILL character ('\025' = CTRL/U). @@ -142,7 +149,7 @@ Index: etc/login.defs # Default initial "umask" value used by login(1) on non-PAM enabled systems. # Default "umask" value for pam_umask(8) on PAM enabled systems. -@@ -197,28 +111,13 @@ UMASK 022 +@@ -206,28 +120,13 @@ UMASK 022 # # PASS_MAX_DAYS Maximum number of days a password may be used. # PASS_MIN_DAYS Minimum number of days allowed between password changes. @@ -171,7 +178,7 @@ Index: etc/login.defs # Min/max values for automatic uid selection in useradd(8) # UID_MIN 1000 -@@ -255,28 +154,6 @@ LOGIN_RETRIES 5 +@@ -264,28 +163,6 @@ LOGIN_RETRIES 5 LOGIN_TIMEOUT 60 # @@ -200,7 +207,7 @@ Index: etc/login.defs # Which fields may be changed by regular users using chfn(1) - use # any combination of letters "frwh" (full name, room number, work # phone, home phone). If not defined, no changes are allowed. -@@ -285,13 +162,6 @@ CHFN_AUTH yes +@@ -294,13 +171,6 @@ CHFN_AUTH yes CHFN_RESTRICT rwh # @@ -214,8 +221,8 @@ Index: etc/login.defs # Only works if compiled with MD5_CRYPT defined: # If set to "yes", new passwords will be encrypted using the MD5-based # algorithm compatible with the one used by recent releases of FreeBSD. -@@ -336,29 +206,12 @@ CHFN_RESTRICT rwh - # SHA_CRYPT_MAX_ROUNDS 5000 +@@ -361,29 +231,12 @@ CHFN_RESTRICT rwh + #BCRYPT_MAX_ROUNDS 13 # -# List of groups to add to the user's supplementary group set diff --git a/shadow-util-linux.patch b/shadow-util-linux.patch index b9dda9f..21dd71c 100644 --- a/shadow-util-linux.patch +++ b/shadow-util-linux.patch @@ -16,7 +16,7 @@ Index: etc/login.defs # # $Id$ # -@@ -17,15 +19,8 @@ FAIL_DELAY 3 +@@ -17,9 +19,8 @@ FAIL_DELAY 3 LOG_UNKFAIL_ENAB no # @@ -24,16 +24,10 @@ Index: etc/login.defs +# Enable "syslog" logging of newgrp(1) and sg(1) activity. # -LOG_OK_LOGINS no -- --# --# Enable "syslog" logging of su(1) activity - in addition to sulog file logging. --# SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1). --# --SYSLOG_SU_ENAB yes - SYSLOG_SG_ENAB yes # -@@ -63,12 +58,33 @@ MOTD_FILE /etc/motd + # Limit the highest user ID number for which the lastlog entries should +@@ -72,12 +73,33 @@ MOTD_FILE /etc/motd HUSHLOGIN_FILE .hushlogin #HUSHLOGIN_FILE /etc/hushlogins @@ -69,7 +63,7 @@ Index: etc/login.defs # # Terminal permissions -@@ -84,19 +100,6 @@ ENV_PATH PATH=/bin:/usr/bin +@@ -93,19 +115,6 @@ ENV_PATH PATH=/bin:/usr/bin TTYGROUP tty TTYPERM 0600 @@ -93,7 +87,7 @@ Index: lib/getdef.c =================================================================== --- lib/getdef.c.orig +++ lib/getdef.c -@@ -77,6 +77,7 @@ struct itemdef { +@@ -80,6 +80,7 @@ struct itemdef { #define NUMDEFS (sizeof(def_table)/sizeof(def_table[0])) static struct itemdef def_table[] = { @@ -101,7 +95,7 @@ Index: lib/getdef.c {"CHARACTER_CLASS", NULL}, {"CHFN_RESTRICT", NULL}, {"CONSOLE_GROUPS", NULL}, -@@ -85,6 +86,7 @@ static struct itemdef def_table[] = { +@@ -88,6 +89,7 @@ static struct itemdef def_table[] = { {"DEFAULT_HOME", NULL}, {"ENCRYPT_METHOD", NULL}, {"ENV_PATH", NULL}, @@ -109,7 +103,7 @@ Index: lib/getdef.c {"ENV_SUPATH", NULL}, {"ERASECHAR", NULL}, {"FAIL_DELAY", NULL}, -@@ -95,6 +97,7 @@ static struct itemdef def_table[] = { +@@ -98,6 +100,7 @@ static struct itemdef def_table[] = { {"KILLCHAR", NULL}, {"LASTLOG_UID_MAX", NULL}, {"LOGIN_RETRIES", NULL}, diff --git a/shadow.changes b/shadow.changes index f84fbf4..3c12418 100644 --- a/shadow.changes +++ b/shadow.changes @@ -1,3 +1,35 @@ +------------------------------------------------------------------- +Tue Dec 17 12:43:01 UTC 2019 - Michael Vetter + +- Update to 4.8: + * Initial optional bcrypt support. + * Make build/install of 'su' optional. + * Fix for vipw not resuming correctly when suspended + * Sync password field descriptions in manpages + * Check for valid shell argument in useradd + * Allow translation of new strings through POTFILES.in + * Migrate to itstool for translations + * Migrate to new SELinux api + * Support --enable-vendordir + * pwck: Only check homedir if set and not a system user + * Support nonstandard usernames + * sget{pw,gr}ent: check for data at EOL + * Add YYY-MM-DD support in chage + * Fix failing chmod calls for suidubins + * Fix --sbindir and --bindir for binary installations + * Fix LASTLOG_UID_MAX in login.defs + * Fix configure error with dash +- Remove because upstreamed: + * libeconf.patch + * shadow-usermod-variable.patch +- Rebase: + * shadow-login_defs-unused-by-pam.patch + * chkname-regex.patch + * shadow-util-linux.patch + * shadow-login_defs-comments.patch +- Add shadow-4.8-selinux-include.patch + See https://github.com/shadow-maint/shadow/pull/200 + ------------------------------------------------------------------- Mon Oct 7 09:50:30 CEST 2019 - kukuk@suse.de diff --git a/shadow.spec b/shadow.spec index cc03e61..6517210 100644 --- a/shadow.spec +++ b/shadow.spec @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -23,7 +23,7 @@ %endif Name: shadow -Version: 4.7 +Version: 4.8 Release: 0 Summary: Utilities to Manage User and Group Accounts License: BSD-3-Clause AND GPL-2.0-or-later @@ -61,12 +61,10 @@ Patch7: shadow-4.1.5.1-logmsg.patch Patch13: shadow-login_defs-comments.patch # PATCH-FEATURE-SUSE shadow-login_defs-suse.patch kukuk@suse.com -- Customize login.defs. Patch14: shadow-login_defs-suse.patch +# PATCH-FIX-UPSTREAM shadow-4.8-selinux-include.patch mvetter@suse.com -- https://github.com/shadow-maint/shadow/pull/200 +Patch15: shadow-4.8-selinux-include.patch # PATCH-FIX-SUSE disable_new_audit_function.patch adam.majer@suse.de -- Disable newer libaudit functionality for older distributions. Patch20: disable_new_audit_function.patch -# PATCH-FIX-UPSTREAM shadow-usermod-variable.patch https://github.com/shadow-maint/shadow/pull/170 sbrabec@suse.com -- Fix variable name. -Patch21: shadow-usermod-variable.patch -# PATCH-FEATURE-UPSTREAM libeconf.patch https://github.com/shadow-maint/shadow/pull/180 kukuk@suse.com -- Add support for a vendor directory and libeconf -Patch22: libeconf.patch BuildRequires: audit-devel > 2.3 BuildRequires: autoconf BuildRequires: automake @@ -110,11 +108,10 @@ group accounts. %patch7 %patch13 %patch14 +%patch15 -p1 %if 0%{?suse_version} < 1330 %patch20 -p1 %endif -%patch21 -p1 -%patch22 -p1 iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 mv -v doc/HOWTO.utf8 doc/HOWTO