summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2006-01-04 02:37:21 +0000
committerMike Frysinger <vapier@gentoo.org>2006-01-04 02:37:21 +0000
commit94279a3dea59acb33b5609f649c464e28edc8f3a (patch)
tree19a2c8b248950f418bd4436996a3672a7a885d15 /sys-apps
parentinitial ebuild, written by myself (diff)
downloadgentoo-2-94279a3dea59acb33b5609f649c464e28edc8f3a.tar.gz
gentoo-2-94279a3dea59acb33b5609f649c464e28edc8f3a.tar.bz2
gentoo-2-94279a3dea59acb33b5609f649c464e28edc8f3a.zip
Version bump.
(Portage version: 2.1_pre3-r1)
Diffstat (limited to 'sys-apps')
-rw-r--r--sys-apps/shadow/ChangeLog11
-rw-r--r--sys-apps/shadow/files/digest-shadow-4.0.141
-rw-r--r--sys-apps/shadow/files/shadow-4.0.14-nls-manpages.patch18
-rw-r--r--sys-apps/shadow/files/shadow-4.0.14-su-fix-environment.patch26
-rw-r--r--sys-apps/shadow/shadow-4.0.14.ebuild236
5 files changed, 290 insertions, 2 deletions
diff --git a/sys-apps/shadow/ChangeLog b/sys-apps/shadow/ChangeLog
index fc6d0f0e8c7e..cc3a167feab9 100644
--- a/sys-apps/shadow/ChangeLog
+++ b/sys-apps/shadow/ChangeLog
@@ -1,6 +1,13 @@
# ChangeLog for sys-apps/shadow
-# Copyright 1999-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/ChangeLog,v 1.123 2005/12/25 15:32:55 flameeyes Exp $
+# Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/ChangeLog,v 1.124 2006/01/04 02:37:21 vapier Exp $
+
+*shadow-4.0.14 (04 Jan 2006)
+
+ 04 Jan 2006; Mike Frysinger <vapier@gentoo.org>
+ +files/shadow-4.0.14-nls-manpages.patch,
+ +files/shadow-4.0.14-su-fix-environment.patch, +shadow-4.0.14.ebuild:
+ Version bump.
25 Dec 2005; Diego Pettenò <flameeyes@gentoo.org> shadow-4.0.13.ebuild:
Use bindnow-flags function instead of -Wl,-z,now.
diff --git a/sys-apps/shadow/files/digest-shadow-4.0.14 b/sys-apps/shadow/files/digest-shadow-4.0.14
new file mode 100644
index 000000000000..c8fe2c833299
--- /dev/null
+++ b/sys-apps/shadow/files/digest-shadow-4.0.14
@@ -0,0 +1 @@
+MD5 903f55cf05bbe082617d3337743792fb shadow-4.0.14.tar.bz2 1246902
diff --git a/sys-apps/shadow/files/shadow-4.0.14-nls-manpages.patch b/sys-apps/shadow/files/shadow-4.0.14-nls-manpages.patch
new file mode 100644
index 000000000000..85fd5cd2d428
--- /dev/null
+++ b/sys-apps/shadow/files/shadow-4.0.14-nls-manpages.patch
@@ -0,0 +1,18 @@
+Don't install localized manpages is USE=-nls
+
+e-mailed upstream already
+
+--- man/Makefile.in
++++ man/Makefile.in
+@@ -193,7 +193,11 @@
+ target_alias = @target_alias@
+
+ # subdirectories for translated manual pages
++ifeq ($(USE_NLS),no)
++SUBDIRS =
++else
+ SUBDIRS = cs de es fi fr hu id it ja ko pl pt_BR ru tr zh_CN zh_TW
++endif
+ man_XMANS = \
+ chage.1.xml \
+ chfn.1.xml \
diff --git a/sys-apps/shadow/files/shadow-4.0.14-su-fix-environment.patch b/sys-apps/shadow/files/shadow-4.0.14-su-fix-environment.patch
new file mode 100644
index 000000000000..b537c7be19f0
--- /dev/null
+++ b/sys-apps/shadow/files/shadow-4.0.14-su-fix-environment.patch
@@ -0,0 +1,26 @@
+The patch from upstream (shadow-4.0.11.1-SUPATH.patch) sets environ too
+early when using PAM, so move it to !USE_PAM.
+
+--- shadow-4.0.14/src/su.c
++++ shadow-4.0.14/src/su.c
+@@ -594,11 +594,6 @@
+ addenv ("PATH", cp);
+ }
+
+-#ifndef USE_PAM
+- /* setup the environment for PAM later on, else we run into auth problems */
+- environ = newenvp; /* make new environment active */
+-#endif
+-
+ if (getenv ("IFS")) /* don't export user IFS ... */
+ addenv ("IFS= \t\n", NULL); /* ... instead, set a safe IFS */
+
+@@ -666,6 +664,8 @@
+ exit (1);
+ }
+ #else /* !USE_PAM */
++ environ = newenvp; /* make new environment active */
++
+ if (!amroot) /* no limits if su from root */
+ setup_limits (&pwent);
+
diff --git a/sys-apps/shadow/shadow-4.0.14.ebuild b/sys-apps/shadow/shadow-4.0.14.ebuild
new file mode 100644
index 000000000000..99c2c4aae2a6
--- /dev/null
+++ b/sys-apps/shadow/shadow-4.0.14.ebuild
@@ -0,0 +1,236 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/shadow-4.0.14.ebuild,v 1.1 2006/01/04 02:37:21 vapier Exp $
+
+inherit eutils libtool toolchain-funcs flag-o-matic
+
+# We should remove this login after pam-0.78 goes stable.
+FORCE_SYSTEMAUTH_UPDATE="no"
+
+DESCRIPTION="Utilities to deal with user accounts"
+HOMEPAGE="http://shadow.pld.org.pl/"
+SRC_URI="ftp://ftp.pld.org.pl/software/${PN}/${P}.tar.bz2"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="nls pam selinux skey nousuid"
+
+RDEPEND=">=sys-libs/cracklib-2.7-r3
+ pam? ( virtual/pam )
+ !pam? ( !sys-apps/pam-login )
+ skey? ( app-admin/skey )
+ selinux? ( sys-libs/libselinux )"
+DEPEND="${RDEPEND}
+ >=sys-apps/portage-2.0.51-r2
+ nls? ( sys-devel/gettext )"
+# We moved /etc/pam.d/login to pam-login
+PDEPEND="pam? ( >=sys-apps/pam-login-4.0.11.1-r2 )"
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+
+ # uclibc support, corrects NIS usage
+ epatch "${FILESDIR}"/${PN}-4.0.13-nonis.patch
+
+ # If su should not simulate a login shell, use '/bin/sh' as shell to enable
+ # running of commands as user with /bin/false as shell, closing bug #15015.
+ # *** This one could be a security hole; disable for now ***
+ #epatch "${FILESDIR}"/${P}-nologin-run-sh.patch
+
+ # don't install manpages if USE=-nls
+ epatch "${FILESDIR}"/${PN}-4.0.14-nls-manpages.patch
+
+ # tweak the default login.defs
+ epatch "${FILESDIR}"/${PN}-4.0.13-login.defs.patch
+
+ # skeychallenge call needs updating #69741
+ epatch "${FILESDIR}"/shadow-4.0.5-skey.patch
+
+ # Make user/group names more flexible #3485 / #22920
+ epatch "${FILESDIR}"/${PN}-4.0.13-dots-in-usernames.patch
+ epatch "${FILESDIR}"/${PN}-4.0.13-long-groupnames.patch
+
+ # Fix compiling with gcc-2.95.x
+ epatch "${FILESDIR}"/${PN}-4.0.12-gcc2.patch
+
+ # Patch from upstream enables the new environment too early for PAM
+ epatch "${FILESDIR}"/${PN}-4.0.14-su-fix-environment.patch
+
+ # Some UCLIBC patches
+ epatch "${FILESDIR}"/${PN}-4.0.11.1-uclibc-missing-l64a.patch
+
+ # lock down setuid perms #47208
+ epatch "${FILESDIR}"/${PN}-4.0.11.1-perms.patch
+
+ # Needed by the UCLIBC patches
+ autoconf || die
+
+ elibtoolize
+ epunt_cxx
+}
+
+src_compile() {
+ append-ldflags $(bindnow-flags)
+ tc-is-cross-compiler && export ac_cv_func_setpgrp_void=yes
+ econf \
+ --disable-desrpc \
+ --with-libcrypt \
+ --with-libcrack \
+ --enable-shared=no \
+ --enable-static=yes \
+ $(use_with pam libpam) \
+ $(use_with skey libskey) \
+ $(use_with selinux) \
+ $(use_enable nls) \
+ || die "bad configure"
+ emake || die "compile problem"
+}
+
+src_install() {
+ local perms=4711
+ use nousuid && perms=711
+ make DESTDIR=${D} suiduperms=${perms} install || die "install problem"
+ dosym useradd /usr/sbin/adduser
+
+ # Remove libshadow and libmisc; see bug 37725 and the following
+ # comment from shadow's README.linux:
+ # Currently, libshadow.a is for internal use only, so if you see
+ # -lshadow in a Makefile of some other package, it is safe to
+ # remove it.
+ rm -f "${D}"/{,usr/}$(get_libdir)/lib{misc,shadow}.{a,la}
+
+ if use pam; then
+ # These is now shipped with pam-login, and login
+ # had/have a serious root exploit with pam support
+ # enabled.
+ for x in "${D}"/bin/login \
+ "${D}"/usr/bin/faillog "${D}"/usr/bin/lastlog \
+ "${D}"/usr/share/man/man1/login.1* \
+ "${D}"/usr/share/man/man5/login.{access,defs}.5* \
+ "${D}"/usr/share/man/man5/faillog.5* \
+ "${D}"/usr/share/man/man8/lastlog.8* \
+ "${D}"/usr/share/man/man8/faillog.8*; do
+ [[ -f ${x} ]] && rm -f ${x}
+ done
+ fi
+
+ insinto /etc
+ # Using a securetty with devfs device names added
+ # (compat names kept for non-devfs compatibility)
+ insopts -m0600 ; doins "${FILESDIR}"/securetty
+ use pam || { insopts -m0600 ; doins etc/login.access ; }
+ use pam || { insopts -m0600 ; doins etc/limits ; }
+ # Output arch-specific cruft
+ case $(tc-arch) in
+ ppc64) echo "hvc0" >> "${D}"/etc/securetty
+ echo "hvsi0" >> "${D}"/etc/securetty;;
+ hppa) echo "ttyB0" >> "${D}"/etc/securetty;;
+ arm) echo "ttyFB0" >> "${D}"/etc/securetty;;
+ esac
+
+ # needed for 'adduser -D'
+ insinto /etc/default
+ insopts -m0600
+ doins "${FILESDIR}"/default/useradd
+
+ # move passwd to / to help recover broke systems #64441
+ mv "${D}"/usr/bin/passwd "${D}"/bin/
+ dosym /bin/passwd /usr/bin/passwd
+
+ if use pam ; then
+ local INSTALL_SYSTEM_PAMD="yes"
+
+ # Do not install below pam.d files if we have pam-0.78 or later
+ portageq has_version / '>=sys-libs/pam-0.78' && \
+ INSTALL_SYSTEM_PAMD="no"
+
+ for x in "${FILESDIR}"/pam.d-include/*; do
+ case "${x##*/}" in
+ "login")
+ # We do no longer install this one, as its from
+ # pam-login now.
+ ;;
+ "system-auth"|"system-auth-1.1"|"other")
+ # These we only install if we do not have pam-0.78
+ # or later.
+ [ "${INSTALL_SYSTEM_PAMD}" = "yes" ] && [ -f ${x} ] && \
+ dopamd ${x}
+ ;;
+ "su")
+ # Disable support for pam_env and pam_wheel on openpam
+ has_version sys-libs/pam && dopamd ${x}
+ ;;
+ "su-openpam")
+ has_version sys-libs/openpam && newpamd ${x} su
+ ;;
+ *)
+ [ -f ${x} ] && dopamd ${x}
+ ;;
+ esac
+ done
+ for x in chage chsh chfn chpasswd newusers \
+ user{add,del,mod} group{add,del,mod} ; do
+ newpamd "${FILESDIR}"/pam.d-include/shadow ${x}
+ done
+
+ # Only add this one if needed.
+ if [ "${FORCE_SYSTEMAUTH_UPDATE}" = "yes" ]; then
+ newpamd "${FILESDIR}"/pam.d-include/system-auth-1.1 system-auth.new || \
+ die "Failed to install system-auth.new!"
+ fi
+
+ # remove manpages that pam will install for us
+ # and/or don't apply when using pam
+
+ find "${D}"/usr/share/man \
+ '(' -name 'limits.5*' -o -name 'suauth.5*' ')' \
+ -exec rm {} \;
+ else
+ insinto /etc
+ insopts -m0644
+ newins etc/login.defs login.defs
+ fi
+
+ # Remove manpages that are handled by other packages
+ find "${D}"/usr/share/man \
+ '(' -name id.1 -o -name passwd.5 -o -name getspnam.3 ')' \
+ -exec rm {} \;
+
+ cd "${S}"
+ dodoc ChangeLog NEWS TODO
+ newdoc README README.download
+ cd doc
+ dodoc HOWTO LSM README* WISHLIST *.txt
+}
+
+pkg_preinst() {
+ rm -f "${ROOT}"/etc/pam.d/system-auth.new
+}
+
+pkg_postinst() {
+ use pam || return 0
+
+ if [ "${FORCE_SYSTEMAUTH_UPDATE}" = "yes" ]; then
+ local CHECK1=$(md5sum "${ROOT}"/etc/pam.d/system-auth | cut -d ' ' -f 1)
+ local CHECK2=$(md5sum "${ROOT}"/etc/pam.d/system-auth.new | cut -d ' ' -f 1)
+
+ if [ "${CHECK1}" != "${CHECK2}" ]; then
+ ewarn "Due to a security issue, ${ROOT}etc/pam.d/system-auth "
+ ewarn "is being updated automatically. Your old "
+ ewarn "system-auth will be backed up as:"
+ ewarn
+ ewarn " ${ROOT}etc/pam.d/system-auth.bak"
+ echo
+
+ cp -pPR "${ROOT}"/etc/pam.d/system-auth \
+ "${ROOT}"/etc/pam.d/system-auth.bak;
+ mv -f "${ROOT}"/etc/pam.d/system-auth.new \
+ "${ROOT}"/etc/pam.d/system-auth
+ rm -f "${ROOT}"/etc/pam.d/._cfg????_system-auth
+ else
+ rm -f "${ROOT}"/etc/pam.d/system-auth.new
+ fi
+ fi
+}