diff options
Diffstat (limited to 'debian/patches')
23 files changed, 19 insertions, 1588 deletions
diff --git a/debian/patches/008_login_log_failure_in_FTMP b/debian/patches/008_login_log_failure_in_FTMP deleted file mode 100644 index b2851cc..0000000 --- a/debian/patches/008_login_log_failure_in_FTMP +++ /dev/null @@ -1,51 +0,0 @@ -Goal: Log login failures to the btmp file - -Notes: - * I'm not sure login should add an entry in the FTMP file when PAM is used. - (but nothing in /etc/login.defs indicates that the failure is not logged) - ---- a/src/login.c -+++ b/src/login.c -@@ -835,6 +835,24 @@ - (void) puts (""); - (void) puts (_("Login incorrect")); - -+ if (getdef_str("FTMP_FILE") != NULL) { -+#ifdef USE_UTMPX -+ struct utmpx *failent = -+ prepare_utmpx (failent_user, -+ tty, -+ /* FIXME: or fromhost? */hostname, -+ utent); -+#else /* !USE_UTMPX */ -+ struct utmp *failent = -+ prepare_utmp (failent_user, -+ tty, -+ hostname, -+ utent); -+#endif /* !USE_UTMPX */ -+ failtmp (failent_user, failent); -+ free (failent); -+ } -+ - if (failcount >= retries) { - SYSLOG ((LOG_NOTICE, - "TOO MANY LOGIN TRIES (%u)%s FOR '%s'", ---- a/lib/getdef.c -+++ b/lib/getdef.c -@@ -62,6 +62,7 @@ - {"ERASECHAR", NULL}, - {"FAIL_DELAY", NULL}, - {"FAKE_SHELL", NULL}, -+ {"FTMP_FILE", NULL}, - {"GID_MAX", NULL}, - {"GID_MIN", NULL}, - {"HUSHLOGIN_FILE", NULL}, -@@ -103,7 +104,6 @@ - {"ENVIRON_FILE", NULL}, - {"ENV_TZ", NULL}, - {"FAILLOG_ENAB", NULL}, -- {"FTMP_FILE", NULL}, - {"ISSUE_FILE", NULL}, - {"LASTLOG_ENAB", NULL}, - {"LOGIN_STRING", NULL}, diff --git a/debian/patches/401_cppw_src.dpatch b/debian/patches/401_cppw_src.dpatch deleted file mode 100644 index 687f9e9..0000000 --- a/debian/patches/401_cppw_src.dpatch +++ /dev/null @@ -1,276 +0,0 @@ -#! /bin/sh /usr/share/dpatch/dpatch-run -## 401_cppw_src.dpatch by Nicolas FRANCOIS <nicolas.francois@centraliens.net> -## -## All lines beginning with `## DP:' are a description of the patch. -## DP: Add cppw / cpgr - -@DPATCH@ ---- /dev/null -+++ b/src/cppw.c -@@ -0,0 +1,238 @@ -+/* -+ cppw, cpgr copy with locking given file over the password or group file -+ with -s will copy with locking given file over shadow or gshadow file -+ -+ Copyright (C) 1999 Stephen Frost <sfrost@snowman.net> -+ -+ Based on vipw, vigr by: -+ Copyright (C) 1997 Guy Maor <maor@ece.utexas.edu> -+ -+ This program is free software; you can redistribute it and/or modify -+ it under the terms of the GNU General Public License as published by -+ the Free Software Foundation; either version 2 of the License, or -+ (at your option) any later version. -+ -+ This program is distributed in the hope that it will be useful, but -+ WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ General Public License for more details. -+ -+ You should have received a copy of the GNU General Public License -+ along with this program; if not, write to the Free Software -+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -+ -+ */ -+ -+#include <config.h> -+#include "defines.h" -+ -+#include <errno.h> -+#include <sys/stat.h> -+#include <unistd.h> -+#include <stdio.h> -+#include <stdlib.h> -+#include <sys/types.h> -+#include <signal.h> -+#include <utime.h> -+#include "exitcodes.h" -+#include "prototypes.h" -+#include "pwio.h" -+#include "shadowio.h" -+#include "groupio.h" -+#include "sgroupio.h" -+ -+ -+const char *Prog; -+ -+const char *filename, *filenewname; -+static bool filelocked = false; -+static int (*unlock) (void); -+ -+/* local function prototypes */ -+static int create_copy (FILE *fp, const char *dest, struct stat *sb); -+static void cppwexit (const char *msg, int syserr, int ret); -+static void cppwcopy (const char *file, -+ const char *in_file, -+ int (*file_lock) (void), -+ int (*file_unlock) (void)); -+ -+static int create_copy (FILE *fp, const char *dest, struct stat *sb) -+{ -+ struct utimbuf ub; -+ FILE *bkfp; -+ int c; -+ mode_t mask; -+ -+ mask = umask (077); -+ bkfp = fopen (dest, "w"); -+ (void) umask (mask); -+ if (NULL == bkfp) { -+ return -1; -+ } -+ -+ rewind (fp); -+ while ((c = getc (fp)) != EOF) { -+ if (putc (c, bkfp) == EOF) { -+ break; -+ } -+ } -+ -+ if ( (c != EOF) -+ || (fflush (bkfp) != 0)) { -+ (void) fclose (bkfp); -+ (void) unlink (dest); -+ return -1; -+ } -+ if ( (fsync (fileno (bkfp)) != 0) -+ || (fclose (bkfp) != 0)) { -+ (void) unlink (dest); -+ return -1; -+ } -+ -+ ub.actime = sb->st_atime; -+ ub.modtime = sb->st_mtime; -+ if ( (utime (dest, &ub) != 0) -+ || (chmod (dest, sb->st_mode) != 0) -+ || (chown (dest, sb->st_uid, sb->st_gid) != 0)) { -+ (void) unlink (dest); -+ return -1; -+ } -+ return 0; -+} -+ -+static void cppwexit (const char *msg, int syserr, int ret) -+{ -+ int err = errno; -+ if (filelocked) { -+ (*unlock) (); -+ } -+ if (NULL != msg) { -+ fprintf (stderr, "%s: %s", Prog, msg); -+ if (0 != syserr) { -+ fprintf (stderr, ": %s", strerror (err)); -+ } -+ (void) fputs ("\n", stderr); -+ } -+ if (NULL != filename) { -+ fprintf (stderr, _("%s: %s is unchanged\n"), Prog, filename); -+ } else { -+ fprintf (stderr, _("%s: no changes\n"), Prog); -+ } -+ -+ exit (ret); -+} -+ -+static void cppwcopy (const char *file, -+ const char *in_file, -+ int (*file_lock) (void), -+ int (*file_unlock) (void)) -+{ -+ struct stat st1; -+ FILE *f; -+ char filenew[1024]; -+ -+ snprintf (filenew, sizeof filenew, "%s.new", file); -+ unlock = file_unlock; -+ filename = file; -+ filenewname = filenew; -+ -+ if (access (file, F_OK) != 0) { -+ cppwexit (file, 1, 1); -+ } -+ if (file_lock () == 0) { -+ cppwexit (_("Couldn't lock file"), 0, 5); -+ } -+ filelocked = true; -+ -+ /* file to copy has same owners, perm */ -+ if (stat (file, &st1) != 0) { -+ cppwexit (file, 1, 1); -+ } -+ f = fopen (in_file, "r"); -+ if (NULL == f) { -+ cppwexit (in_file, 1, 1); -+ } -+ if (create_copy (f, filenew, &st1) != 0) { -+ cppwexit (_("Couldn't make copy"), errno, 1); -+ } -+ -+ /* XXX - here we should check filenew for errors; if there are any, -+ * fail w/ an appropriate error code and let the user manually fix -+ * it. Use pwck or grpck to do the check. - Stephen (Shamelessly -+ * stolen from '--marekm's comment) */ -+ -+ if (rename (filenew, file) != 0) { -+ fprintf (stderr, _("%s: can't copy %s: %s)\n"), -+ Prog, filenew, strerror (errno)); -+ cppwexit (NULL,0,1); -+ } -+ -+ (*file_unlock) (); -+} -+ -+int main (int argc, char **argv) -+{ -+ int flag; -+ bool cpshadow = false; -+ char *in_file; -+ int e = E_USAGE; -+ bool do_cppw = true; -+ -+ (void) setlocale (LC_ALL, ""); -+ (void) bindtextdomain (PACKAGE, LOCALEDIR); -+ (void) textdomain (PACKAGE); -+ -+ Prog = Basename (argv[0]); -+ if (strcmp (Prog, "cpgr") == 0) { -+ do_cppw = false; -+ } -+ -+ while ((flag = getopt (argc, argv, "ghps")) != EOF) { -+ switch (flag) { -+ case 'p': -+ do_cppw = true; -+ break; -+ case 'g': -+ do_cppw = false; -+ break; -+ case 's': -+ cpshadow = true; -+ break; -+ case 'h': -+ e = E_SUCCESS; -+ /*pass through*/ -+ default: -+ (void) fputs (_("Usage:\n\ -+`cppw <file>' copys over /etc/passwd `cppw -s <file>' copys over /etc/shadow\n\ -+`cpgr <file>' copys over /etc/group `cpgr -s <file>' copys over /etc/gshadow\n\ -+"), (E_SUCCESS != e) ? stderr : stdout); -+ exit (e); -+ } -+ } -+ -+ if (argc != optind + 1) { -+ cppwexit (_("wrong number of arguments, -h for usage"),0,1); -+ } -+ -+ in_file = argv[optind]; -+ -+ if (do_cppw) { -+ if (cpshadow) { -+ cppwcopy (SHADOW_FILE, in_file, spw_lock, spw_unlock); -+ } else { -+ cppwcopy (PASSWD_FILE, in_file, pw_lock, pw_unlock); -+ } -+ } else { -+#ifdef SHADOWGRP -+ if (cpshadow) { -+ cppwcopy (SGROUP_FILE, in_file, sgr_lock, sgr_unlock); -+ } else -+#endif /* SHADOWGRP */ -+ { -+ cppwcopy (GROUP_FILE, in_file, gr_lock, gr_unlock); -+ } -+ } -+ -+ return 0; -+} -+ ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -26,6 +26,7 @@ - sbin_PROGRAMS = nologin - ubin_PROGRAMS = faillog lastlog chage chfn chsh expiry gpasswd newgrp passwd - usbin_PROGRAMS = \ -+ cppw \ - chgpasswd \ - chpasswd \ - groupadd \ -@@ -82,6 +83,7 @@ - chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT) - chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) - chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT) -+cppw_LDADD = $(LDADD) $(LIBSELINUX) - gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) - groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) - groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) ---- a/po/POTFILES.in -+++ b/po/POTFILES.in -@@ -85,6 +85,7 @@ - src/chgpasswd.c - src/chpasswd.c - src/chsh.c -+src/cppw.c - src/expiry.c - src/faillog.c - src/gpasswd.c diff --git a/debian/patches/402_cppw_selinux b/debian/patches/402_cppw_selinux deleted file mode 100644 index b92767f..0000000 --- a/debian/patches/402_cppw_selinux +++ /dev/null @@ -1,62 +0,0 @@ -Goal: Add selinux support to cppw - -Fix: - -Status wrt upstream: cppw is not available upstream. - The patch was made based on the - 302_vim_selinux_support patch. It needs to be - reviewed by an SE-Linux aware person. - -Depends on 401_cppw_src.dpatch - ---- a/src/cppw.c -+++ b/src/cppw.c -@@ -34,6 +34,9 @@ - #include <sys/types.h> - #include <signal.h> - #include <utime.h> -+#ifdef WITH_SELINUX -+#include <selinux/selinux.h> -+#endif /* WITH_SELINUX */ - #include "exitcodes.h" - #include "prototypes.h" - #include "pwio.h" -@@ -139,6 +142,22 @@ - if (access (file, F_OK) != 0) { - cppwexit (file, 1, 1); - } -+#ifdef WITH_SELINUX -+ /* if SE Linux is enabled then set the context of all new files -+ * to be the context of the file we are editing */ -+ if (is_selinux_enabled () > 0) { -+ security_context_t passwd_context=NULL; -+ int ret = 0; -+ if (getfilecon (file, &passwd_context) < 0) { -+ cppwexit (_("Couldn't get file context"), errno, 1); -+ } -+ ret = setfscreatecon (passwd_context); -+ freecon (passwd_context); -+ if (0 != ret) { -+ cppwexit (_("setfscreatecon () failed"), errno, 1); -+ } -+ } -+#endif /* WITH_SELINUX */ - if (file_lock () == 0) { - cppwexit (_("Couldn't lock file"), 0, 5); - } -@@ -167,6 +186,15 @@ - cppwexit (NULL,0,1); - } - -+#ifdef WITH_SELINUX -+ /* unset the fscreatecon */ -+ if (is_selinux_enabled () > 0) { -+ if (setfscreatecon (NULL)) { -+ cppwexit (_("setfscreatecon() failed"), errno, 1); -+ } -+ } -+#endif /* WITH_SELINUX */ -+ - (*file_unlock) (); - } - diff --git a/debian/patches/428_grpck_add_prune_option b/debian/patches/428_grpck_add_prune_option deleted file mode 100644 index e71f142..0000000 --- a/debian/patches/428_grpck_add_prune_option +++ /dev/null @@ -1,26 +0,0 @@ -Goal: grpck now has an (otherwise undocumented) -p option, so that - shadowconfig can clean up the results of the above, so the config - script will fail randomly less often. -Fixes: #103385 - -Status wrt upstream: It could certainly be submitted to upstream. - ---- a/src/grpck.c -+++ b/src/grpck.c -@@ -81,6 +81,7 @@ - /* Options */ - static bool read_only = false; - static bool sort_mode = false; -+static bool prune = false; - - /* local function prototypes */ - static void fail_exit (int status); -@@ -203,7 +204,7 @@ - /* - * Parse the command line arguments - */ -- while ((c = getopt_long (argc, argv, "hqrR:s", -+ while ((c = getopt_long (argc, argv, "hqprR:s", - long_options, NULL)) != -1) { - switch (c) { - case 'h': diff --git a/debian/patches/429_login_FAILLOG_ENAB b/debian/patches/429_login_FAILLOG_ENAB deleted file mode 100644 index 57a6d15..0000000 --- a/debian/patches/429_login_FAILLOG_ENAB +++ /dev/null @@ -1,92 +0,0 @@ -Goal: Re-enable logging and displaying failures on login when login is - compiled with PAM and when FAILLOG_ENAB is set to yes. And create the - faillog file if it does not exist on postinst (as on Woody). -Depends: 008_login_more_LOG_UNKFAIL_ENAB -Fixes: #192849 - -Note: It could be removed if pam_tally could report the number of failures - preceding a successful login. - ---- a/src/login.c -+++ b/src/login.c -@@ -133,9 +133,9 @@ - /*@null@*/const struct utmp *utent); - #endif /* ! USE_PAM */ - --#ifndef USE_PAM - static struct faillog faillog; - -+#ifndef USE_PAM - static void bad_time_notify (void); - static void check_nologin (bool login_to_root); - #else -@@ -795,6 +795,9 @@ - SYSLOG ((LOG_NOTICE, - "TOO MANY LOGIN TRIES (%u)%s FOR '%s'", - failcount, fromhost, failent_user)); -+ if ((NULL != pwd) && getdef_bool("FAILLOG_ENAB")) { -+ failure (pwd->pw_uid, tty, &faillog); -+ } - fprintf (stderr, - _("Maximum number of tries exceeded (%u)\n"), - failcount); -@@ -812,6 +815,14 @@ - pam_strerror (pamh, retcode))); - failed = true; - } -+ if ( (NULL != pwd) -+ && getdef_bool("FAILLOG_ENAB") -+ && ! failcheck (pwd->pw_uid, &faillog, failed)) { -+ SYSLOG((LOG_CRIT, -+ "exceeded failure limit for `%s' %s", -+ failent_user, fromhost)); -+ failed = 1; -+ } - - if (!failed) { - break; -@@ -835,6 +846,10 @@ - (void) puts (""); - (void) puts (_("Login incorrect")); - -+ if ((NULL != pwd) && getdef_bool("FAILLOG_ENAB")) { -+ failure (pwd->pw_uid, tty, &faillog); -+ } -+ - if (getdef_str("FTMP_FILE") != NULL) { - #ifdef USE_UTMPX - struct utmpx *failent = -@@ -1291,6 +1306,7 @@ - */ - #ifndef USE_PAM - motd (); /* print the message of the day */ -+#endif - if ( getdef_bool ("FAILLOG_ENAB") - && (0 != faillog.fail_cnt)) { - failprint (&faillog); -@@ -1303,6 +1319,7 @@ - username, (int) faillog.fail_cnt)); - } - } -+#ifndef USE_PAM - if ( getdef_bool ("LASTLOG_ENAB") - && (ll.ll_time != 0)) { - time_t ll_time = ll.ll_time; ---- a/lib/getdef.c -+++ b/lib/getdef.c -@@ -61,6 +61,7 @@ - {"ENV_SUPATH", NULL}, - {"ERASECHAR", NULL}, - {"FAIL_DELAY", NULL}, -+ {"FAILLOG_ENAB", NULL}, - {"FAKE_SHELL", NULL}, - {"FTMP_FILE", NULL}, - {"GID_MAX", NULL}, -@@ -103,7 +104,6 @@ - {"ENV_HZ", NULL}, - {"ENVIRON_FILE", NULL}, - {"ENV_TZ", NULL}, -- {"FAILLOG_ENAB", NULL}, - {"ISSUE_FILE", NULL}, - {"LASTLOG_ENAB", NULL}, - {"LOGIN_STRING", NULL}, diff --git a/debian/patches/463_login_delay_obeys_to_PAM b/debian/patches/463_login_delay_obeys_to_PAM deleted file mode 100644 index 26285ea..0000000 --- a/debian/patches/463_login_delay_obeys_to_PAM +++ /dev/null @@ -1,105 +0,0 @@ -Goal: Do not hardcode pam_fail_delay and let pam_unix do its - job to set a delay...or not - -Fixes: #87648 - -Status wrt upstream: Forwarded but not applied yet - -Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs - ---- a/src/login.c -+++ b/src/login.c -@@ -529,7 +529,6 @@ - #if defined(HAVE_STRFTIME) && !defined(USE_PAM) - char ptime[80]; - #endif -- unsigned int delay; - unsigned int retries; - bool subroot = false; - #ifndef USE_PAM -@@ -549,6 +548,7 @@ - pid_t child; - char *pam_user = NULL; - #else -+ unsigned int delay; - struct spwd *spwd = NULL; - #endif - /* -@@ -709,7 +709,6 @@ - } - - environ = newenvp; /* make new environment active */ -- delay = getdef_unum ("FAIL_DELAY", 1); - retries = getdef_unum ("LOGIN_RETRIES", RETRIES); - - #ifdef USE_PAM -@@ -725,8 +724,7 @@ - - /* - * hostname & tty are either set to NULL or their correct values, -- * depending on how much we know. We also set PAM's fail delay to -- * ours. -+ * depending on how much we know. - * - * PAM_RHOST and PAM_TTY are used for authentication, only use - * information coming from login or from the caller (e.g. no utmp) -@@ -735,10 +733,6 @@ - PAM_FAIL_CHECK; - retcode = pam_set_item (pamh, PAM_TTY, tty); - PAM_FAIL_CHECK; --#ifdef HAS_PAM_FAIL_DELAY -- retcode = pam_fail_delay (pamh, 1000000 * delay); -- PAM_FAIL_CHECK; --#endif - /* if fflg, then the user has already been authenticated */ - if (!fflg) { - unsigned int failcount = 0; -@@ -779,12 +773,6 @@ - bool failed = false; - - failcount++; --#ifdef HAS_PAM_FAIL_DELAY -- if (delay > 0) { -- retcode = pam_fail_delay(pamh, 1000000*delay); -- PAM_FAIL_CHECK; -- } --#endif - - retcode = pam_authenticate (pamh, 0); - -@@ -1107,14 +1095,17 @@ - free (username); - username = NULL; - -+#ifndef USE_PAM - /* - * Wait a while (a la SVR4 /usr/bin/login) before attempting - * to login the user again. If the earlier alarm occurs - * before the sleep() below completes, login will exit. - */ -+ delay = getdef_unum ("FAIL_DELAY", 1); - if (delay > 0) { - (void) sleep (delay); - } -+#endif - - (void) puts (_("Login incorrect")); - ---- a/lib/getdef.c -+++ b/lib/getdef.c -@@ -60,7 +60,6 @@ - {"ENV_PATH", NULL}, - {"ENV_SUPATH", NULL}, - {"ERASECHAR", NULL}, -- {"FAIL_DELAY", NULL}, - {"FAILLOG_ENAB", NULL}, - {"FAKE_SHELL", NULL}, - {"FTMP_FILE", NULL}, -@@ -104,6 +103,7 @@ - {"ENV_HZ", NULL}, - {"ENVIRON_FILE", NULL}, - {"ENV_TZ", NULL}, -+ {"FAIL_DELAY", NULL}, - {"ISSUE_FILE", NULL}, - {"LASTLOG_ENAB", NULL}, - {"LOGIN_STRING", NULL}, diff --git a/debian/patches/501_commonio_group_shadow b/debian/patches/501_commonio_group_shadow deleted file mode 100644 index 436d48f..0000000 --- a/debian/patches/501_commonio_group_shadow +++ /dev/null @@ -1,37 +0,0 @@ -Goal: save the [g]shadow files with the 'shadow' group and mode 0440 - -Fixes: #166793 - ---- a/lib/commonio.c -+++ b/lib/commonio.c -@@ -44,6 +44,7 @@ - #include <errno.h> - #include <stdio.h> - #include <signal.h> -+#include <grp.h> - #include "nscd.h" - #ifdef WITH_TCB - #include <tcb.h> -@@ -966,13 +967,20 @@ - goto fail; - } - } else { -+ struct group *grp; - /* - * Default permissions for new [g]shadow files. - * (passwd and group always exist...) - */ -- sb.st_mode = 0400; -+ sb.st_mode = 0440; - sb.st_uid = 0; -- sb.st_gid = 0; -+ /* -+ * Try to retrieve the shadow's GID, and fall back to GID 0. -+ */ -+ if ((grp = getgrnam("shadow")) != NULL) -+ sb.st_gid = grp->gr_gid; -+ else -+ sb.st_gid = 0; - } - - snprintf (buf, sizeof buf, "%s+", db->filename); diff --git a/debian/patches/503_shadowconfig.8 b/debian/patches/503_shadowconfig.8 deleted file mode 100644 index 9d78adf..0000000 --- a/debian/patches/503_shadowconfig.8 +++ /dev/null @@ -1,191 +0,0 @@ -Goal: Document the shadowconfig utility - -Status wrt upstream: The shadowconfig utility is debian specific. - Its man page also (but it used to be distributed) - ---- /dev/null -+++ b/man/shadowconfig.8 -@@ -0,0 +1,41 @@ -+.\"Generated by db2man.xsl. Don't modify this, modify the source. -+.de Sh \" Subsection -+.br -+.if t .Sp -+.ne 5 -+.PP -+\fB\\$1\fR -+.PP -+.. -+.de Sp \" Vertical space (when we can't use .PP) -+.if t .sp .5v -+.if n .sp -+.. -+.de Ip \" List item -+.br -+.ie \\n(.$>=3 .ne \\$3 -+.el .ne 3 -+.IP "\\$1" \\$2 -+.. -+.TH "SHADOWCONFIG" 8 "19 Apr 1997" "" "" -+.SH NAME -+shadowconfig \- toggle shadow passwords on and off -+.SH "SYNOPSIS" -+.ad l -+.hy 0 -+.HP 13 -+\fBshadowconfig\fR \fB\fIon\fR\fR | \fB\fIoff\fR\fR -+.ad -+.hy -+ -+.SH "DESCRIPTION" -+ -+.PP -+\fBshadowconfig\fR on will turn shadow passwords on; \fIshadowconfig off\fR will turn shadow passwords off\&. \fBshadowconfig\fR will print an error message and exit with a nonzero code if it finds anything awry\&. If that happens, you should correct the error and run it again\&. Turning shadow passwords on when they are already on, or off when they are already off, is harmless\&. -+ -+.PP -+Read \fI/usr/share/doc/passwd/README\&.Debian\fR for a brief introduction to shadow passwords and related features\&. -+ -+.PP -+Note that turning shadow passwords off and on again will lose all password aging information\&. -+ ---- /dev/null -+++ b/man/shadowconfig.8.xml -@@ -0,0 +1,52 @@ -+<?xml version="1.0" encoding="UTF-8"?> -+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" -+ "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"> -+<refentry id='shadowconfig.8'> -+ <!-- $Id: shadowconfig.8.xml,v 1.6 2005/06/15 12:39:27 kloczek Exp $ --> -+ <refentryinfo> -+ <date>19 Apr 1997</date> -+ </refentryinfo> -+ <refmeta> -+ <refentrytitle>shadowconfig</refentrytitle> -+ <manvolnum>8</manvolnum> -+ <refmiscinfo class='date'>19 Apr 1997</refmiscinfo> -+ <refmiscinfo class='source'>Debian GNU/Linux</refmiscinfo> -+ </refmeta> -+ <refnamediv id='name'> -+ <refname>shadowconfig</refname> -+ <refpurpose>toggle shadow passwords on and off</refpurpose> -+ </refnamediv> -+ -+ <refsynopsisdiv id='synopsis'> -+ <cmdsynopsis> -+ <command>shadowconfig</command> -+ <group choice='plain'> -+ <arg choice='plain'><replaceable>on</replaceable></arg> -+ <arg choice='plain'><replaceable>off</replaceable></arg> -+ </group> -+ </cmdsynopsis> -+ </refsynopsisdiv> -+ -+ <refsect1 id='description'> -+ <title>DESCRIPTION</title> -+ <para><command>shadowconfig</command> on will turn shadow passwords on; -+ <emphasis remap='B'>shadowconfig off</emphasis> will turn shadow -+ passwords off. <command>shadowconfig</command> will print an error -+ message and exit with a nonzero code if it finds anything awry. If -+ that happens, you should correct the error and run it again. Turning -+ shadow passwords on when they are already on, or off when they are -+ already off, is harmless. -+ </para> -+ -+ <para> -+ Read <filename>/usr/share/doc/passwd/README.Debian</filename> for a -+ brief introduction -+ to shadow passwords and related features. -+ </para> -+ -+ <para>Note that turning shadow passwords off and on again will lose all -+ password -+ aging information. -+ </para> -+ </refsect1> -+</refentry> ---- /dev/null -+++ b/man/fr/shadowconfig.8 -@@ -0,0 +1,26 @@ -+.\" This file was generated with po4a. Translate the source file. -+.\" -+.\"$Id: shadowconfig.8,v 1.4 2001/08/23 23:10:48 kloczek Exp $ -+.TH SHADOWCONFIG 8 "19 avril 1997" "Debian GNU/Linux" -+.SH NOM -+shadowconfig \- active ou désactive les mots de passe cachés -+.SH SYNOPSIS -+\fBshadowconfig\fP \fIon\fP | \fIoff\fP -+.SH DESCRIPTION -+.PP -+\fBshadowconfig on\fP active les mots de passe cachés («\ shadow passwords\ »)\ ; \fBshadowconfig off\fP les désactive. \fBShadowconfig\fP affiche un message -+d'erreur et quitte avec une valeur de retour non nulle s'il rencontre -+quelque chose d'inattendu. Dans ce cas, vous devrez corriger l'erreur avant -+de recommencer. -+ -+Activer les mots de passe cachés lorsqu'ils sont déjà activés, ou les -+désactiver lorsqu'ils ne sont pas actifs est sans effet. -+ -+Lisez \fI/usr/share/doc/passwd/README.Debian\fP pour une brève introduction aux -+mots de passe cachés et à leurs fonctionnalités. -+ -+Notez que désactiver puis réactiver les mots de passe cachés aura pour -+conséquence la perte des informations d'âge sur les mots de passe. -+.SH TRADUCTION -+Nicolas FRANÇOIS, 2004. -+Veuillez signaler toute erreur à <\fIdebian\-l10\-french@lists.debian.org\fR>. ---- /dev/null -+++ b/man/ja/shadowconfig.8 -@@ -0,0 +1,25 @@ -+.\" all right reserved, -+.\" Translated Tue Oct 30 11:59:11 JST 2001 -+.\" by Maki KURODA <mkuroda@aisys-jp.com> -+.\" -+.TH SHADOWCONFIG 8 "19 Apr 1997" "Debian GNU/Linux" -+.SH 名前 -+shadowconfig \- shadow パスワードの設定をオン及びオフに切替える -+.SH 書式 -+.B "shadowconfig" -+.IR on " | " off -+.SH 説明 -+.PP -+.B shadowconfig on -+は shadow パスワードを有効にする。 -+.B shadowconfig off -+は shadow パスワードを無効にする。 -+.B shadowconfig -+は何らかの間違いがあると、エラーメッセージを表示し、 -+ゼロではない返り値を返す。 -+もしそのようなことが起こった場合、エラーを修正し、再度実行しなければならない。 -+shadow パスワードの設定がすでにオンの場合にオンに設定したり、 -+すでにオフの場合にオフに設定しても、何の影響もない。 -+ -+.I /usr/share/doc/passwd/README.debian.gz -+には shadow パスワードとそれに関する特徴の簡単な紹介が書かれている。 ---- /dev/null -+++ b/man/pl/shadowconfig.8 -@@ -0,0 +1,27 @@ -+.\" $Id: shadowconfig.8,v 1.3 2001/08/23 23:10:51 kloczek Exp $ -+.\" {PTM/WK/1999-09-14} -+.TH SHADOWCONFIG 8 "19 kwietnia 1997" "Debian GNU/Linux" -+.SH NAZWA -+shadowconfig - przełącza ochronę haseł i grup przez pliki shadow -+.SH SKŁADNIA -+.B "shadowconfig" -+.IR on " | " off -+.SH OPIS -+.PP -+.B shadowconfig on -+włącza ochronę haseł i grup przez dodatkowe, przesłaniane pliki (shadow); -+.B shadowconfig off -+wyłącza dodatkowe pliki haseł i grup. -+.B shadowconfig -+wyświetla komunikat o błędzie i kończy pracę z niezerowym kodem jeśli -+znajdzie coś nieprawidłowego. W takim wypadku powinieneś poprawić błąd -+.\" if it finds anything awry. -+i uruchomić program ponownie. -+ -+Włączenie ochrony haseł, gdy jest ona już włączona lub jej wyłączenie, -+gdy jest wyłączona jest nieszkodliwe. -+ -+Przeczytaj -+.IR /usr/share/doc/passwd/README.debian.gz , -+gdzie znajdziesz krótkie wprowadzenie do ochrony haseł z użyciem dodatkowych -+plików haseł przesłanianych (shadow passwords) i związanych tematów. diff --git a/debian/patches/505_useradd_recommend_adduser b/debian/patches/505_useradd_recommend_adduser deleted file mode 100644 index c5c3587..0000000 --- a/debian/patches/505_useradd_recommend_adduser +++ /dev/null @@ -1,36 +0,0 @@ -Goal: Recommend using adduser and deluser. - -Fixes: #406046 - -Status wrt upstream: Debian specific patch. - ---- a/man/useradd.8.xml -+++ b/man/useradd.8.xml -@@ -84,6 +84,12 @@ - <refsect1 id='description'> - <title>DESCRIPTION</title> - <para> -+ <command>useradd</command> is a low level utility for adding -+ users. On Debian, administrators should usually use -+ <citerefentry><refentrytitle>adduser</refentrytitle> -+ <manvolnum>8</manvolnum></citerefentry> instead. -+ </para> -+ <para> - When invoked without the <option>-D</option> option, the - <command>useradd</command> command creates a new user account using - the values specified on the command line plus the default values from ---- a/man/userdel.8.xml -+++ b/man/userdel.8.xml -@@ -64,6 +64,12 @@ - <refsect1 id='description'> - <title>DESCRIPTION</title> - <para> -+ <command>userdel</command> is a low level utility for removing -+ users. On Debian, administrators should usually use -+ <citerefentry><refentrytitle>deluser</refentrytitle> -+ <manvolnum>8</manvolnum></citerefentry> instead. -+ </para> -+ <para> - The <command>userdel</command> command modifies the system account - files, deleting all entries that refer to the user name <emphasis - remap='I'>LOGIN</emphasis>. The named user must exist. diff --git a/debian/patches/506_relaxed_usernames b/debian/patches/506_relaxed_usernames deleted file mode 100644 index bdf3961..0000000 --- a/debian/patches/506_relaxed_usernames +++ /dev/null @@ -1,100 +0,0 @@ -Goal: Relaxed usernames/groupnames checking patch. - -Status wrt upstream: Debian specific. Not to be used upstream - -Details: - Allows any non-empty user/grounames that don't contain ':', ',' or '\n' - characters and don't start with '-', '+', or '~'. This patch is more - restrictive than original Karl's version. closes: #264879 - Also closes: #377844 - - Comments from Karl Ramm (shadow 1:4.0.3-9, 20 Aug 2003 02:06:50 -0400): - - I can't come up with a good justification as to why characters other - than ':'s and '\0's should be disallowed in group and usernames (other - than '-' as the leading character). Thus, the maintenance tools don't - anymore. closes: #79682, #166798, #171179 - ---- a/libmisc/chkname.c -+++ b/libmisc/chkname.c -@@ -48,6 +48,7 @@ - - static bool is_valid_name (const char *name) - { -+#if 0 - /* - * User/group names must match [a-z_][a-z0-9_-]*[$] - */ -@@ -66,6 +67,26 @@ - return false; - } - } -+#endif -+ /* -+ * POSIX indicate that usernames are composed of characters from the -+ * portable filename character set [A-Za-z0-9._-], and that the hyphen -+ * should not be used as the first character of a portable user name. -+ * -+ * Allow more relaxed user/group names in Debian -- ^[^-~+:,\s][^:,\s]*$ -+ */ -+ if ( ('\0' == *name) -+ || ('-' == *name) -+ || ('~' == *name) -+ || ('+' == *name)) { -+ return false; -+ } -+ do { -+ if ((':' == *name) || (',' == *name) || isspace(*name)) { -+ return false; -+ } -+ name++; -+ } while ('\0' != *name); - - return true; - } ---- a/man/useradd.8.xml -+++ b/man/useradd.8.xml -@@ -635,12 +635,20 @@ - </para> - - <para> -- Usernames must start with a lower case letter or an underscore, -+ It is usually recommended to only use usernames that begin with a lower case letter or an underscore, - followed by lower case letters, digits, underscores, or dashes. - They can end with a dollar sign. - In regular expression terms: [a-z_][a-z0-9_-]*[$]? - </para> - <para> -+ On Debian, the only constraints are that usernames must neither start -+ with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a -+ colon (':'), a comma (','), or a whitespace (space: ' ', -+ end of line: '\n', tabulation: '\t', etc.). Note that using a slash -+ ('/') may break the default algorithm for the definition of the -+ user's home directory. -+ </para> -+ <para> - Usernames may only be up to 32 characters long. - </para> - </refsect1> ---- a/man/groupadd.8.xml -+++ b/man/groupadd.8.xml -@@ -240,12 +240,18 @@ - <refsect1 id='caveats'> - <title>CAVEATS</title> - <para> -- Groupnames must start with a lower case letter or an underscore, -+ It is usually recommended to only use groupnames that begin with a lower case letter or an underscore, - followed by lower case letters, digits, underscores, or dashes. - They can end with a dollar sign. - In regular expression terms: [a-z_][a-z0-9_-]*[$]? - </para> - <para> -+ On Debian, the only constraints are that groupnames must neither start -+ with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a -+ colon (':'), a comma (','), or a whitespace (space:' ', -+ end of line: '\n', tabulation: '\t', etc.). -+ </para> -+ <para> - Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long. - </para> - <para> diff --git a/debian/patches/508_nologin_in_usr_sbin b/debian/patches/508_nologin_in_usr_sbin deleted file mode 100644 index 026e2db..0000000 --- a/debian/patches/508_nologin_in_usr_sbin +++ /dev/null @@ -1,18 +0,0 @@ ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -23,7 +23,6 @@ - # $prefix/bin and $prefix/sbin, no install-data hacks...) - - bin_PROGRAMS = groups login su --sbin_PROGRAMS = nologin - ubin_PROGRAMS = faillog lastlog chage chfn chsh expiry gpasswd newgrp passwd - usbin_PROGRAMS = \ - cppw \ -@@ -38,6 +37,7 @@ - grpunconv \ - logoutd \ - newusers \ -+ nologin \ - pwck \ - pwconv \ - pwunconv \ diff --git a/debian/patches/523_su_arguments_are_concatenated b/debian/patches/523_su_arguments_are_concatenated deleted file mode 100644 index 0abc4c5..0000000 --- a/debian/patches/523_su_arguments_are_concatenated +++ /dev/null @@ -1,48 +0,0 @@ -Goal: Concatenate the non-su arguments and provide them to the shell with - the -c option -Fixes: #317264 - see also #276419 - -Status wrt upstream: This is a Debian specific patch. - -Note: the fix of the man page is still missing. - (to be taken from the trunk) - ---- a/src/su.c -+++ b/src/su.c -@@ -1150,6 +1150,35 @@ - argv[0] = "-c"; - argv[1] = command; - } -+ /* On Debian, the arguments are concatenated and the -+ * resulting string is always given to the shell with its -+ * -c option. -+ */ -+ { -+ char **parg; -+ unsigned int cmd_len = 0; -+ char *cmd = NULL; -+ if (strcmp(argv[0], "-c") != 0) { -+ argv--; -+ argv[0] = "-c"; -+ } -+ /* Now argv[0] is always -c, and other arguments -+ * can be concatenated -+ */ -+ cmd_len = 1; /* finale '\0' */ -+ for (parg = &argv[1]; *parg; parg++) { -+ cmd_len += strlen (*parg) + 1; -+ } -+ cmd = (char *) xmalloc (sizeof (char) * cmd_len); -+ cmd[0] = '\0'; -+ for (parg = &argv[1]; *parg; parg++) { -+ strcat (cmd, " "); -+ strcat (cmd, *parg); -+ } -+ cmd[cmd_len - 1] = '\0'; -+ argv[1] = &cmd[1]; /* do not take first space */ -+ argv[2] = NULL; -+ } - /* - * Use the shell and create an argv - * with the rest of the command line included. diff --git a/debian/patches/523_su_arguments_are_no_more_concatenated_by_default b/debian/patches/523_su_arguments_are_no_more_concatenated_by_default deleted file mode 100644 index d421345..0000000 --- a/debian/patches/523_su_arguments_are_no_more_concatenated_by_default +++ /dev/null @@ -1,50 +0,0 @@ -Goal: Do not concatenate the additional arguments, and support an - environment variable to revert to the old Debian's su behavior. - -This patch needs the su_arguments_are_concatenated patch. - -This patch, and su_arguments_are_concatenated should be dropped after -Etch. - -Status wrt upstream: This patch is Debian specific. - ---- a/src/su.c -+++ b/src/su.c -@@ -104,6 +104,19 @@ - /* If nonzero, change some environment vars to indicate the user su'd to. */ - static bool change_environment = true; - -+/* -+ * If nonzero, keep the old Debian behavior: -+ * * concatenate all the arguments and provide them to the -c option of -+ * the shell -+ * * If there are some additional arguments, but no -c, add a -c -+ * argument anyway -+ * Drawbacks: -+ * * you can't provide options to the shell (other than -c) -+ * * you can't rely on the argument count -+ * See http://bugs.debian.org/276419 -+ */ -+static int old_debian_behavior; -+ - #ifdef USE_PAM - static pam_handle_t *pamh = NULL; - static int caught = 0; -@@ -950,6 +963,8 @@ - int ret; - #endif /* USE_PAM */ - -+ old_debian_behavior = (getenv("SU_NO_SHELL_ARGS") != NULL); -+ - (void) setlocale (LC_ALL, ""); - (void) bindtextdomain (PACKAGE, LOCALEDIR); - (void) textdomain (PACKAGE); -@@ -1154,7 +1169,7 @@ - * resulting string is always given to the shell with its - * -c option. - */ -- { -+ if (old_debian_behavior) { - char **parg; - unsigned int cmd_len = 0; - char *cmd = NULL; diff --git a/debian/patches/542_useradd-O_option b/debian/patches/542_useradd-O_option deleted file mode 100644 index 506352f..0000000 --- a/debian/patches/542_useradd-O_option +++ /dev/null @@ -1,43 +0,0 @@ -Goal: accepts the -O flag for backward compatibility. (was used by adduser?) - -Note: useradd.8 needs to be regenerated. - -Status wrt upstream: not included as this is just specific - backward compatibility for Debian - ---- a/man/useradd.8.xml -+++ b/man/useradd.8.xml -@@ -321,6 +321,11 @@ - databases are resetted to avoid reusing the entry from a previously - deleted user. - </para> -+ <para> -+ For the compatibility with previous Debian's -+ <command>useradd</command>, the <option>-O</option> option is -+ also supported. -+ </para> - </listitem> - </varlistentry> - <varlistentry> ---- a/src/useradd.c -+++ b/src/useradd.c -@@ -1011,9 +1011,9 @@ - }; - while ((c = getopt_long (argc, argv, - #ifdef WITH_SELINUX -- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:UZ:", -+ "b:c:d:De:f:g:G:hk:O:K:lmMNop:rR:s:u:UZ:", - #else /* !WITH_SELINUX */ -- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:U", -+ "b:c:d:De:f:g:G:hk:O:K:lmMNop:rR:s:u:U", - #endif /* !WITH_SELINUX */ - long_options, NULL)) != -1) { - switch (c) { -@@ -1136,6 +1136,7 @@ - kflg = true; - break; - case 'K': -+ case 'O': /* compatibility with previous Debian useradd */ - /* - * override login.defs defaults (-K name=value) - * example: -K UID_MIN=100 -K UID_MAX=499 diff --git a/debian/patches/900_testsuite_groupmems b/debian/patches/900_testsuite_groupmems deleted file mode 100644 index 6bdc497..0000000 --- a/debian/patches/900_testsuite_groupmems +++ /dev/null @@ -1,81 +0,0 @@ ---- a/debian/passwd.install -+++ b/debian/passwd.install -@@ -9,6 +9,7 @@ - usr/sbin/cppw - usr/sbin/groupadd - usr/sbin/groupdel -+usr/sbin/groupmems - usr/sbin/groupmod - usr/sbin/grpck - usr/sbin/grpconv -@@ -33,6 +34,7 @@ - usr/share/man/*/man8/chpasswd.8 - usr/share/man/*/man8/groupadd.8 - usr/share/man/*/man8/groupdel.8 -+usr/share/man/*/man8/groupmems.8 - usr/share/man/*/man8/groupmod.8 - usr/share/man/*/man8/grpck.8 - usr/share/man/*/man8/grpconv.8 -@@ -59,6 +61,7 @@ - usr/share/man/man8/chpasswd.8 - usr/share/man/man8/groupadd.8 - usr/share/man/man8/groupdel.8 -+usr/share/man/man8/groupmems.8 - usr/share/man/man8/groupmod.8 - usr/share/man/man8/grpck.8 - usr/share/man/man8/grpconv.8 ---- a/debian/passwd.postinst -+++ b/debian/passwd.postinst -@@ -31,6 +31,24 @@ - exit 1 - ) - fi -+ if ! getent group groupmems | grep -q '^groupmems:[^:]*:99' -+ then -+ groupadd -g 99 groupmems || ( -+ cat <<EOF -+************************ TESTSUITE ***************************** -+Group ID 99 has been allocated for the groupmems group. You have either -+used 99 yourself or created a groupmems group with a different ID. -+Please correct this problem and reconfigure with ``dpkg --configure passwd''. -+ -+Note that both user and group IDs in the range 0-99 are globally -+allocated by the Debian project and must be the same on every Debian -+system. -+EOF -+ exit 1 -+ ) -+# FIXME -+ chgrp groupmems /usr/sbin/groupmems -+ fi - ;; - esac - ---- a/debian/rules -+++ b/debian/rules -@@ -60,6 +60,7 @@ - dh_installpam -p passwd --name=chsh - dh_installpam -p passwd --name=chpasswd - dh_installpam -p passwd --name=newusers -+ dh_installpam -p passwd --name=groupmems - ifeq ($(DEB_HOST_ARCH_OS),hurd) - # login is not built on The Hurd, but some utilities of passwd depends on - # /etc/login.defs. -@@ -87,3 +88,6 @@ - chgrp shadow debian/passwd/usr/bin/expiry - chmod g+s debian/passwd/usr/bin/chage - chmod g+s debian/passwd/usr/bin/expiry -+ chgrp groupmems debian/passwd/usr/sbin/groupmems -+ chmod u+s debian/passwd/usr/sbin/groupmems -+ chmod o-x debian/passwd/usr/sbin/groupmems ---- /dev/null -+++ b/debian/passwd.groupmems.pam -@@ -0,0 +1,8 @@ -+# The PAM configuration file for the Shadow 'groupmod' service -+# -+ -+# This allows root to modify groups without being prompted for a password -+auth sufficient pam_rootok.so -+ -+@include common-auth -+@include common-account diff --git a/debian/patches/901_testsuite_gcov b/debian/patches/901_testsuite_gcov deleted file mode 100644 index 717ccca..0000000 --- a/debian/patches/901_testsuite_gcov +++ /dev/null @@ -1,76 +0,0 @@ ---- a/lib/Makefile.am -+++ b/lib/Makefile.am -@@ -1,6 +1,8 @@ - - AUTOMAKE_OPTIONS = 1.0 foreign - -+CFLAGS += -fprofile-arcs -ftest-coverage -+ - DEFS = - - noinst_LTLIBRARIES = libshadow.la ---- a/libmisc/Makefile.am -+++ b/libmisc/Makefile.am -@@ -1,6 +1,8 @@ - - EXTRA_DIST = .indent.pro xgetXXbyYY.c - -+CFLAGS += -fprofile-arcs -ftest-coverage -+ - INCLUDES = -I$(top_srcdir)/lib - - noinst_LIBRARIES = libmisc.a ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -7,6 +7,8 @@ - suidperms = 4755 - sgidperms = 2755 - -+CFLAGS += -fprofile-arcs -ftest-coverage -+ - INCLUDES = \ - -I${top_srcdir}/lib \ - -I$(top_srcdir)/libmisc ---- a/debian/rules -+++ b/debian/rules -@@ -40,6 +40,12 @@ - endif - export CFLAGS - -+clean:: clean_gcov -+ -+clean_gcov: -+ find . -name "*.gcda" -delete -+ find . -name "*.gcno" -delete -+ - # Add extras to the install process: - binary-install/login:: - dh_installpam -p login ---- a/lib/defines.h -+++ b/lib/defines.h -@@ -174,23 +174,9 @@ - trust the formatted time received from the unix domain (or worse, - UDP) socket. -MM */ - /* Avoid translated PAM error messages: Set LC_ALL to "C". -+ * This is disabled for coverage testing - * --Nekral */ --#define SYSLOG(x) \ -- do { \ -- char *old_locale = setlocale (LC_ALL, NULL); \ -- char *saved_locale = NULL; \ -- if (NULL != old_locale) { \ -- saved_locale = strdup (old_locale); \ -- } \ -- if (NULL != saved_locale) { \ -- (void) setlocale (LC_ALL, "C"); \ -- } \ -- syslog x ; \ -- if (NULL != saved_locale) { \ -- (void) setlocale (LC_ALL, saved_locale); \ -- free (saved_locale); \ -- } \ -- } while (false) -+#define SYSLOG(x) syslog x - #else /* !ENABLE_NLS */ - #define SYSLOG(x) syslog x - #endif /* !ENABLE_NLS */ diff --git a/debian/patches/README.patches b/debian/patches/README.patches deleted file mode 100644 index 8df4cd3..0000000 --- a/debian/patches/README.patches +++ /dev/null @@ -1,71 +0,0 @@ -Small intro to the system for numbering the patches here... - --The 0xx series of patches are patches isolated from the latest - version of the shadow Debian package not using quilt in order to - separate upstream from Debian-specific stuff. - - NO MORE PATCHES SHOULD BE ADDED IN THESE SERIES - --The 1xx series are l10n patches to upstream 4.0.18.1. As upstream has - adopted Debian translations, it is very likely that these patches - will become useless when we will have synced with upstream - --The 2xx series are patches for manual pages translations to upstream - 4.0.18.1. - --The 3xx series are patches which have been temporarily applied to - Debian's shadow while we *know* they have been applied upstream as well - These patches should NOT be kept when we will sync with upstream - --The 4xx series are patches which have been applied to Debian's shadow - and have NOT been accepted and/or applied upstream. These patches MUST be kept - even after resynced with upstream - --The 5xx series are patches which are applied to Debian's shadow - and will never be proposed upstream because they're too specific - This list SHOULD BE AS SHORT AS POSSIBLE - -In short, while we are working towards synchronisation with upstream, -our goal is to make 0xx patches disappear by moving them either to 3xx -series (things already implemented upstream) or to 4xx series -(Debian-specific patches). - - -Short HOWTO for quilt -===================== - -The quilt system can be assimilated to a Pile Of Patches management system. -Patches live in debian/patches, the working directory is "." - -The basic commands are (abbreviation accepted): -quilt push (asks to apply the next patch in the pile) -quilt pop (removes the current patch and go up in the pile) -quilt refresh (take the current changes in tree onto the patch) - -When a file is changed by a patch, quilt saves it somewhere under .pc on -application. This is how it can refresh it afterward (comparing the version -in .pc and the one you currently have in your working dir). - -There are three common pitfalls with quilt: - - doing "quilt pop" without doing "quilt refresh". The version of current - dir is replaced with the version of the .pc dir. Your changes are lost. - Quilt wont let you do so, but you can force it with '-f' if you're fool. - - editing a file with is not in the patch yet. Quilt didn't do any previous - backup. - Use "quilt add" to add files to patches. - Set $EDITOR and use "quilt edit" to edit a file, and add it onto the - patch if needed. - - If you update your working directory, patches may not revert cleanly. - It is thus recommended to use "quilt pop -a" before updating with - "svn up". - If you forget (and run into trouble), you may want to remove the whole - shadow-?.?.? directory. If you use the makefile which is in the upper - directory (trunk/), shadow-?.?.?/debian/patches is a link to - debian/patches, so this dirctory does not contain any valuable info. - -The documentation is quite well done, I think. "quilt -h" will list you the -commands. "quilt <cmd> -h" will give you some hints about it. "man quilt" is -a reference documentation. /usr/share/doc/quilt/quilt.pdf.gz is a complete -manual, with tutorial. - - diff --git a/debian/patches/environ.patch b/debian/patches/environ.patch deleted file mode 100644 index 4f1f9b1..0000000 --- a/debian/patches/environ.patch +++ /dev/null @@ -1,26 +0,0 @@ -Index: shadow-4.1.5/lib/spawn.c -=================================================================== ---- shadow-4.1.5.orig/lib/spawn.c 2011-10-16 18:05:19.000000000 +0000 -+++ shadow-4.1.5/lib/spawn.c 2012-05-29 00:09:49.520136311 +0000 -@@ -38,6 +38,8 @@ - #include "exitcodes.h" - #include "prototypes.h" - -+extern char **environ; -+ - int run_command (const char *cmd, const char *argv[], - /*@null@*/const char *envp[], /*@out@*/int *status) - { -Index: shadow-4.1.5/src/su.c -=================================================================== ---- shadow-4.1.5.orig/src/su.c 2012-05-28 20:21:23.981943165 +0000 -+++ shadow-4.1.5/src/su.c 2012-05-29 00:10:44.318173199 +0000 -@@ -78,6 +78,8 @@ - /*@-exitarg@*/ - #include "exitcodes.h" - -+extern char **environ; -+ - /* - * Global variables - */ diff --git a/debian/patches/getspnam_r.patch b/debian/patches/getspnam_r.patch deleted file mode 100644 index e0603cc..0000000 --- a/debian/patches/getspnam_r.patch +++ /dev/null @@ -1,64 +0,0 @@ -Index: shadow-4.1.5/configure.in -=================================================================== ---- shadow-4.1.5.orig/configure.in 2012-05-29 01:07:07.625675582 +0000 -+++ shadow-4.1.5/configure.in 2012-05-29 01:08:12.699463029 +0000 -@@ -45,6 +45,25 @@ - getpwnam_r getpwuid_r getgrnam_r getgrgid_r getspnam_r getaddrinfo) - AC_SYS_LARGEFILE - -+AC_MSG_CHECKING(if getspnam_r take 5 arguments) -+AC_TRY_COMPILE( -+ [ -+#include <sys/types.h> -+#include <shadow.h> -+ ], -+ [ -+struct spwd *pw; -+struct spwd pwbuf; -+char pwdata[512]; -+(void) getspnam_r("bin", &pwbuf, pwdata, sizeof(pwdata), &pw); -+ ], -+ [AC_MSG_RESULT(yes) -+ AC_DEFINE(GETSPNAM_R_5ARG, 1, -+ [Define if your getspnam_r() -+ functions take 5 arguments])], -+ [AC_MSG_RESULT(no)] -+) -+ - dnl Checks for typedefs, structures, and compiler characteristics. - AC_C_CONST - AC_TYPE_UID_T -Index: shadow-4.1.5/libmisc/xgetXXbyYY.c -=================================================================== ---- shadow-4.1.5.orig/libmisc/xgetXXbyYY.c 2012-05-29 01:07:07.652770807 +0000 -+++ shadow-4.1.5/libmisc/xgetXXbyYY.c 2012-05-29 01:11:08.044438439 +0000 -@@ -89,9 +89,15 @@ - exit (13); - } - errno = 0; -+#ifndef __use_4_args - status = REENTRANT_NAME(ARG_NAME, result, buffer, - length, &resbuf); - if ((0 == status) && (resbuf == result)) { -+#else -+ resbuf = REENTRANT_NAME(ARG_NAME, result, buffer, -+ length); -+ if (resbuf == result) { -+#endif - /* Build a result structure that can be freed by - * the shadow *_free functions. */ - LOOKUP_TYPE *ret_result = DUP_FUNCTION(result); -Index: shadow-4.1.5/libmisc/xgetspnam.c -=================================================================== ---- shadow-4.1.5.orig/libmisc/xgetspnam.c 2012-05-29 01:07:07.687176476 +0000 -+++ shadow-4.1.5/libmisc/xgetspnam.c 2012-05-29 01:11:15.833088840 +0000 -@@ -60,5 +60,9 @@ - #define DUP_FUNCTION __spw_dup - #define HAVE_FUNCTION_R (defined HAVE_GETSPNAM_R) - -+#ifndef GETSPNAM_R_5ARG -+#define __use_4_args -+#endif -+ - #include "xgetXXbyYY.c" - diff --git a/debian/patches/putgrent.patch b/debian/patches/putgrent.patch deleted file mode 100644 index ea326c2..0000000 --- a/debian/patches/putgrent.patch +++ /dev/null @@ -1,51 +0,0 @@ -Index: shadow-4.1.5/lib/groupio.c -=================================================================== ---- shadow-4.1.5.orig/lib/groupio.c 2012-05-29 01:52:46.829380353 +0000 -+++ shadow-4.1.5/lib/groupio.c 2012-05-29 01:54:54.027846005 +0000 -@@ -44,6 +44,46 @@ - #include "getdef.h" - #include "groupio.h" - -+#ifndef HAVE_PUTGRENT -+#define _nn(x) x ? x : "" -+int putgrent (const struct group *gr, FILE *fp) -+{ -+ int rc; -+ int i; -+ -+ if ((NULL == gr) || (NULL == fp)) { -+ errno = EINVAL; -+ return -1; -+ } -+ -+ flockfile(fp); -+ if (gr->gr_name[0] == '+' || gr->gr_name[0] == '-') { -+ rc = fprintf(fp, "%s:%s::", gr->gr_name, _nn(gr->gr_passwd)); -+ } else { -+ rc = fprintf(fp, "%s:%s:%lu:", gr->gr_name, _nn(gr->gr_passwd), (unsigned long int) gr->gr_gid); -+ } -+ -+ if (rc < 0) { -+ funlockfile(fp); -+ return -1; -+ } -+ -+ if (NULL != gr->gr_mem) { -+ for (i = 0; gr->gr_mem[i] != NULL; ++i) { -+ if (0 > fprintf(fp, i == 0 ? "%s" : ",%s", gr->gr_mem[i])) { -+ funlockfile(fp); -+ return -1; -+ } -+ } -+ } -+ -+ putc_unlocked('\n', fp); -+ funlockfile(fp); -+ return 0; -+} -+#undef _nn -+#endif /* HAVE_PUTGRENT */ -+ - static /*@null@*/struct commonio_entry *merge_group_entries ( - /*@null@*/ /*@returned@*/struct commonio_entry *gr1, - /*@null@*/struct commonio_entry *gr2); diff --git a/debian/patches/putpwent-segfault.patch b/debian/patches/putpwent-segfault.patch deleted file mode 100644 index 601ecf6..0000000 --- a/debian/patches/putpwent-segfault.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: shadow-4.1.5/lib/pwmem.c -=================================================================== ---- shadow-4.1.5.orig/lib/pwmem.c 2009-09-07 19:08:21.000000000 +0000 -+++ shadow-4.1.5/lib/pwmem.c 2012-06-03 18:39:48.377996169 +0000 -@@ -44,7 +44,7 @@ - { - struct passwd *pw; - -- pw = (struct passwd *) malloc (sizeof *pw); -+ pw = (struct passwd *) calloc (1, sizeof *pw); - if (NULL == pw) { - return NULL; - } diff --git a/debian/patches/series b/debian/patches/series index 6d2d836..98b7f59 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,24 +1,19 @@ -# These patches are only for the testsuite: -#900_testsuite_groupmems -#901_testsuite_gcov - -503_shadowconfig.8 -428_grpck_add_prune_option -008_login_log_failure_in_FTMP -429_login_FAILLOG_ENAB -401_cppw_src.dpatch -# 402 should be merged in 401, but should be reviewed by SE Linux experts first -402_cppw_selinux -506_relaxed_usernames -542_useradd-O_option -501_commonio_group_shadow -463_login_delay_obeys_to_PAM -523_su_arguments_are_concatenated -523_su_arguments_are_no_more_concatenated_by_default -508_nologin_in_usr_sbin -505_useradd_recommend_adduser -utmp.c.patch -getspnam_r.patch -environ.patch -putgrent.patch -putpwent-segfault.patch +0001-503_shadowconfig.8.patch +0002-428_grpck_add_prune_option.patch +0003-008_login_log_failure_in_FTMP.patch +0004-429_login_FAILLOG_ENAB.patch +0005-401_cppw_src.dpatch.patch +0006-402_cppw_selinux.patch +0007-506_relaxed_usernames.patch +0008-542_useradd-O_option.patch +0009-501_commonio_group_shadow.patch +0010-463_login_delay_obeys_to_PAM.patch +0011-523_su_arguments_are_concatenated.patch +0012-523_su_arguments_are_no_more_concatenated_by_default.patch +0013-508_nologin_in_usr_sbin.patch +0014-505_useradd_recommend_adduser.patch +0015-utmp.c.patch +0016-getspnam_r.patch +0017-environ.patch +0018-putgrent.patch +0019-putpwent-segfault.patch diff --git a/debian/patches/utmp.c.patch b/debian/patches/utmp.c.patch deleted file mode 100644 index 624303f..0000000 --- a/debian/patches/utmp.c.patch +++ /dev/null @@ -1,47 +0,0 @@ -Index: shadow-4.1.5/libmisc/utmp.c -=================================================================== ---- shadow-4.1.5.orig/libmisc/utmp.c 2012-05-29 01:00:07.623017148 +0000 -+++ shadow-4.1.5/libmisc/utmp.c 2012-05-29 01:08:05.294474465 +0000 -@@ -32,15 +32,19 @@ - - #include <config.h> - --#include "defines.h" --#include "prototypes.h" -- --#include <utmp.h> - - #ifdef USE_UTMPX - #include <utmpx.h> -+#define utmp utmpx -+#define updwtmp updwtmpx -+#define pututline pututxline -+#else -+#include <utmp.h> - #endif - -+#include "defines.h" -+#include "prototypes.h" -+ - #include <assert.h> - #include <netdb.h> - #include <stdio.h> -@@ -281,6 +285,10 @@ - /* ut_exit is only for DEAD_PROCESS */ - utent->ut_session = getsid (0); - if (gettimeofday (&tv, NULL) == 0) { -+#ifdef USE_UTMPX -+ utent->ut_tv.tv_sec = tv.tv_sec; -+ utent->ut_tv.tv_usec = tv.tv_usec; -+#else - #ifdef HAVE_STRUCT_UTMP_UT_TIME - utent->ut_time = tv.tv_sec; - #endif /* HAVE_STRUCT_UTMP_UT_TIME */ -@@ -291,6 +299,7 @@ - utent->ut_tv.tv_sec = tv.tv_sec; - utent->ut_tv.tv_usec = tv.tv_usec; - #endif /* HAVE_STRUCT_UTMP_UT_TV */ -+#endif - } - - return utent; |