Add fix from upstream for groupmod pam check #300790 by Esther Dalhuisen and drop old adduser symlink #301027 by Vicente Olivert.

Package-Manager: portage-2.2_rc61/cvs/Linux x86_64
author: Mike Frysinger <vapier@gentoo.org> 2010-01-15 02:58:28 +0000
committer: Mike Frysinger <vapier@gentoo.org> 2010-01-15 02:58:28 +0000
commit: 965af1b61b372a2c5470f00fda8e6c2bc2f245d9 (patch)
tree: 183c0162bc1c1ad30a30c51b64097f8c8ca5b295 /sys-apps/shadow
parent: document the patch properly (diff)
download: historical-965af1b61b372a2c5470f00fda8e6c2bc2f245d9.tar.gz
historical-965af1b61b372a2c5470f00fda8e6c2bc2f245d9.tar.bz2
historical-965af1b61b372a2c5470f00fda8e6c2bc2f245d9.zip
3 files changed, 230 insertions, 35 deletions
diff --git a/sys-apps/shadow/ChangeLog b/sys-apps/shadow/ChangeLog
index 6357f0318c7d..bcb3d70b4a87 100644
--- a/sys-apps/shadow/ChangeLog
+++ b/sys-apps/shadow/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for sys-apps/shadow
-# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/ChangeLog,v 1.229 2009/12/04 23:26:34 lxnay Exp $
+# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/ChangeLog,v 1.230 2010/01/15 02:58:27 vapier Exp $
+
+*shadow-4.1.4.2-r2 (15 Jan 2010)
+
+  15 Jan 2010; Mike Frysinger <vapier@gentoo.org> +shadow-4.1.4.2-r2.ebuild,
+  +files/shadow-4.1.4.2-groupmod-pam-check.patch:
+  Add fix from upstream for groupmod pam check #300790 by Esther Dalhuisen
+  and drop old adduser symlink #301027 by Vicente Olivert.
 
 *shadow-4.1.4.2-r1 (04 Dec 2009)
 
@@ -700,7 +707,7 @@
   02 Nov 2004; Lars Weiler <pylon@gentoo.org> shadow-4.0.5.ebuild:
   Stable on ppc.  Bug #69212.
 
-  01 Nov 2004; Mike Frysinger <vapier@gentoo.org> shadow-4.0.5.ebuild, 
+  01 Nov 2004; Mike Frysinger <vapier@gentoo.org> shadow-4.0.5.ebuild,
   +files/shadow-4.0.5-skey.patch:
   Add patch by Mark Wagner to fix skey support #69741 by Thomas Matthijs.
 
@@ -909,9 +916,7 @@
 
   24 Feb 2003; Martin Schlemmer <azarah@gentoo.org> shadow-4.0.3-r4.ebuild :
   Remove the patch again, as it could be a security risk.  Users can use:
-
      # sudo -u nobody ls
-
   If they need to run commands as user with '/bin/false' as login ...
 
   23 Feb 2003; Martin Schlemmer <azarah@gentoo.org> shadow-4.0.3-r4.ebuild :
@@ -925,11 +930,9 @@
   Added hppa to keywords.
 
   19 Jan 2003; Martin Schlemmer <azarah@gentoo.org> shadow-4.0.3-r3.ebuild :
-  
   Patch the useradd manpage to be a bit more clear, closing bug #13203.
   Thanks to Guy <guycad@mindspring.com>.
 
-
 *shadow-4.0.3-r3 (25 Dec 2002)
 
   24 Mar 2003; Joshua Brindle <method@gentoo.org> shadow-4.0.3-r3.ebuild:
@@ -939,19 +942,15 @@
   added selinux support, thanks sindian
 
   18 Jan 2003; Jan Seidel <tuxus@gentoo.org> :
-
   Added mips to keywords
 
   25 Dec 2002; Martin Schlemmer <azarah@gentoo.org> shadow-4.0.3-r3.ebuild :
-
   Added /etc/default/useradd with default shell of /bin/bash, closing bug #5629.
 
   06 Dec 2002; Rodney Rees <manson@gentoo.org> :
-  
   Changed sparc ~sparc keywords.
- 
-  03 Dec 2002; Martin Schlemmer <azarah@gentoo.org> shadow-4.0.3-r2.ebuild :
 
+  03 Dec 2002; Martin Schlemmer <azarah@gentoo.org> shadow-4.0.3-r2.ebuild :
   Mark as stable.  Update pam.d/su to use pam_filelist.so if uncommented.
   This can be used as a type of /etc/suauth.  Should close bug #4210.
 
@@ -960,22 +959,18 @@
 *shadow-4.0.3-r1 (20 Oct 2002)
 
   20 Oct 2002; Martin Schlemmer <azarah@gentoo.org> shadow-4.0.3-r2.ebuild :
-
   Update the su-pam_open_session.patch, as the old one did not export
   XAUTHORITY, or call pam_close_session().
 
 *shadow-4.0.3-r1 (19 Oct 2002)
 
   19 Oct 2002; Martin Schlemmer <azarah@gentoo.org> shadow-4.0.3-r1.ebuild :
-
   Get su to call pam_open_session(), and also set DISPLAY and XAUTHORITY,
   else the session entries in /etc/pam.d/su never get executed, and
   pam_xauth for one, is then never used.  This should close bug #8831.
 
-
   12 Oct 2002; Martin Schlemmer <azarah@gentoo.org> shadow-4.0.3.ebuild :
-
-  Fix bug #9031 (add /etc/default/ to fix adduser -D).
+  Fix bug #9031 (add /etc/default/ to fix useradd -D).
 
 *shadow-4.0.2-r4.ebuild (14 July 2002)
 
@@ -997,11 +992,9 @@
   Added KEYWORDS.
 
   28 Apr 2002; M.Schlemmer <azarah@gentoo.org>
-
   Remove /etc/login.defs.
 
   8 Apr 2002; M.Schlemmer <azarah@gentoo.org>
-
   Removed /bin/login in favour of the one in util-linux, as the one
   included here have a root exploit if pam_limits is in use.
 
@@ -1014,29 +1007,25 @@
   Added KEYWORDS.
 
   3 Apr 2002; Jared H. Hudson <jhhudso@gentoo.org>
-
   Added new shadow version, currently masked out until it's been
   tested better.
-	
+
 *shadow-4.0.2-r3 (3 Apr 2002)
 
   3 Apr 2002; Jared H. Hudson <jhhudso@gentoo.org>
-
   Cleaned up earlier fix to account for all possibilities, such as
   binary packages, different ROOT's, and an already existing good
   system-auth file.
-	
+
 *shadow-4.0.2-r2 (3 Apr 2002)
 
   3 Apr 2002; Jared H. Hudson <jhhudso@gentoo.org>
-
   Fixed /etc/pam.d/system-auth to use pam_unix instead of pam_pwdb due
   to security bug.
-  
+
 *shadow-4.0.2-r1 (25 Mar 2002)
 
   25 Mar 2002; M.Schlemmer <azarah@gentoo.org>
-
   Fix the "libdir" in /usr/lib/libmisc.la.
 
 *shadow-20001016-r10 (12 Mar 2002)
@@ -1044,8 +1033,7 @@
   14 Jul 2002; phoen][x <phoenix@gentoo.org> shadow-20001016-r10.ebuild :
   Added KEYWORDS, SLOT.
 
-  12 Mar 2002; Seemant Kulleen <seemant@gentoo.org> 
-
+  12 Mar 2002; Seemant Kulleen <seemant@gentoo.org>
   Added USE dependent nls compilation.
 
 *shadow-20001016-r9 (26 Feb 2002)
@@ -1054,17 +1042,16 @@
   Added KEYWORDS, SLOT.
 
   26 Feb 2002; T.Neidt <tod@gentoo.org> shadow-20001016-r9.ebuild, login.defs
-
   Changed 'CREATE_HOME yes' to 'CREATE_HOME no' in login.defs.
   CREATE_HOME is a RedHat'ism and is not supported by the stock shadow
   package (see src/useradd.c).  When CREATE_HOME is set to 'yes',
-  adduser generates a warning meassage. 
+  useradd generates a warning meassage.
 
   Bumped ebuild revision so login.defs will be updated by emerge updates.
-  
+
   Note to users:  'useradd -m <user>' will create the home directory and
-  add any files in /etc/skel (see 'man adduser')
-  
+  add any files in /etc/skel (see 'man useradd')
+
 
 *shadow-20001016-r8 (25 Feb 2002)
 
@@ -1072,7 +1059,6 @@
   Added KEYWORDS, SLOT.
 
   25 Feb 2002; M.Schlemmer <azarah@gentoo.org> shadow-20001016-r8.ebuild
-
   Added a 'rm -rf ${D}/usr/share/man/*' to Chris's man fix to clean the
   Polish pages.  Added the line for installing /etc/pam.d/chage again, which
   should close bug #837.
@@ -1092,7 +1078,6 @@
 *shadow-20001016-r6 (1 Feb 2002)
 
   1 Feb 2002; G.Bevin <gbevin@gentoo.org> ChangeLog :
-  
   Added initial ChangeLog which should be updated whenever the package is
   updated in any way. This changelog is targetted to users. This means that the
   comments should well explained and written in clean English. The details about
diff --git a/sys-apps/shadow/files/shadow-4.1.4.2-groupmod-pam-check.patch b/sys-apps/shadow/files/shadow-4.1.4.2-groupmod-pam-check.patch
new file mode 100644
index 000000000000..f25c4e10ff84
--- /dev/null
+++ b/sys-apps/shadow/files/shadow-4.1.4.2-groupmod-pam-check.patch
@@ -0,0 +1,21 @@
+http://bugs.gentoo.org/300790
+http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/2009-November/007850.html
+
+2009-11-05  Nicolas François  <nicolas.francois@centraliens.net>
+
+	* NEWS, src/groupmod.c: Fixed groupmod when configured with
+	--enable-account-tools-setuid.
+
+diff --git a/src/groupmod.c b/src/groupmod.c
+index 4205df2..da6d77f 100644
+--- a/src/groupmod.c
++++ b/src/groupmod.c
+@@ -724,7 +724,7 @@ int main (int argc, char **argv)
+ 	{
+ 		struct passwd *pampw;
+ 		pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
+-		if (NULL == pamh) {
++		if (NULL == pampw) {
+ 			fprintf (stderr,
+ 			         _("%s: Cannot determine your user name.\n"),
+ 			         Prog);
diff --git a/sys-apps/shadow/shadow-4.1.4.2-r2.ebuild b/sys-apps/shadow/shadow-4.1.4.2-r2.ebuild
new file mode 100644
index 000000000000..e04c036ff137
--- /dev/null
+++ b/sys-apps/shadow/shadow-4.1.4.2-r2.ebuild
@@ -0,0 +1,189 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/shadow-4.1.4.2-r2.ebuild,v 1.1 2010/01/15 02:58:27 vapier Exp $
+
+inherit eutils libtool toolchain-funcs pam multilib
+
+DESCRIPTION="Utilities to deal with user accounts"
+HOMEPAGE="http://shadow.pld.org.pl/ http://pkg-shadow.alioth.debian.org/"
+SRC_URI="ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-${PV}.tar.bz2"
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="audit cracklib nls pam selinux skey"
+
+RDEPEND="audit? ( sys-process/audit )
+	cracklib? ( >=sys-libs/cracklib-2.7-r3 )
+	pam? ( virtual/pam )
+	!sys-apps/pam-login
+	!app-admin/nologin
+	skey? ( sys-auth/skey )
+	selinux? ( >=sys-libs/libselinux-1.28 )
+	nls? ( virtual/libintl )"
+DEPEND="${RDEPEND}
+	nls? ( sys-devel/gettext )"
+RDEPEND="${RDEPEND}
+	pam? ( >=sys-auth/pambase-20080219.1 )"
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+	epatch "${FILESDIR}"/${PN}-4.1.4.2-env-reset-keep-locale.patch #283725
+	epatch "${FILESDIR}"/${PN}-4.1.3-dots-in-usernames.patch #22920
+	epatch "${FILESDIR}"/${PN}-4.1.4.2-groupmod-pam-check.patch #300790
+	elibtoolize
+	epunt_cxx
+}
+
+src_compile() {
+	tc-is-cross-compiler && export ac_cv_func_setpgrp_void=yes
+	econf \
+		--without-group-name-max-length \
+		--enable-shared=no \
+		--enable-static=yes \
+		$(use_with audit) \
+		$(use_with cracklib libcrack) \
+		$(use_with pam libpam) \
+		$(use_with skey) \
+		$(use_with selinux) \
+		$(use_enable nls) \
+		$(use_with elibc_glibc nscd)
+	emake || die "compile problem"
+}
+
+set_login_opt() {
+	local comment="" opt=$1 val=$2
+	[[ -z ${val} ]] && comment="#"
+	sed -i -r \
+		-e "/^#?${opt}/s:.*:${comment}${opt} ${val}:" \
+		"${D}"/etc/login.defs
+	local res=$(grep "^${comment}${opt}" "${D}"/etc/login.defs)
+	einfo ${res:-Unable to find ${opt} in /etc/login.defs}
+}
+
+src_install() {
+	emake DESTDIR="${D}" suidperms=4711 install || die "install problem"
+
+	# Remove libshadow and libmisc; see bug 37725 and the following
+	# comment from shadow's README.linux:
+	#   Currently, libshadow.a is for internal use only, so if you see
+	#   -lshadow in a Makefile of some other package, it is safe to
+	#   remove it.
+	rm -f "${D}"/{,usr/}$(get_libdir)/lib{misc,shadow}.{a,la}
+
+	insinto /etc
+	# Using a securetty with devfs device names added
+	# (compat names kept for non-devfs compatibility)
+	insopts -m0600 ; doins "${FILESDIR}"/securetty
+	if ! use pam ; then
+		insopts -m0600
+		doins etc/login.access etc/limits
+	fi
+	# Output arch-specific cruft
+	local devs
+	case $(tc-arch) in
+		ppc*)  devs="hvc0 hvsi0 ttyPSC0";;
+		hppa)  devs="ttyB0";;
+		arm)   devs="ttyFB0";;
+		sh)    devs="ttySC0 ttySC1";;
+	esac
+	[[ -n ${devs} ]] && printf '%s\n' ${devs} >> "${D}"/etc/securetty
+
+	# needed for 'useradd -D'
+	insinto /etc/default
+	insopts -m0600
+	doins "${FILESDIR}"/default/useradd
+
+	# move passwd to / to help recover broke systems #64441
+	mv "${D}"/usr/bin/passwd "${D}"/bin/
+	dosym /bin/passwd /usr/bin/passwd
+
+	cd "${S}"
+	insinto /etc
+	insopts -m0644
+	newins etc/login.defs login.defs
+
+	if ! use pam ; then
+		set_login_opt MAIL_CHECK_ENAB no
+		set_login_opt SU_WHEEL_ONLY yes
+		set_login_opt CRACKLIB_DICTPATH /usr/$(get_libdir)/cracklib_dict
+		set_login_opt LOGIN_RETRIES 3
+		set_login_opt ENCRYPT_METHOD SHA512
+	else
+		dopamd "${FILESDIR}/pam.d-include/"{su,passwd,shadow}
+
+		newpamd "${FILESDIR}/login.pamd.2" login
+
+		for x in chage chsh chfn chpasswd newusers \
+				 user{add,del,mod} group{add,del,mod} ; do
+			newpamd "${FILESDIR}"/pam.d-include/shadow ${x}
+		done
+
+		# comment out login.defs options that pam hates
+		local opt
+		for opt in \
+			CHFN_AUTH \
+			CRACKLIB_DICTPATH \
+			ENV_HZ \
+			ENVIRON_FILE \
+			FAILLOG_ENAB \
+			FTMP_FILE \
+			LASTLOG_ENAB \
+			MAIL_CHECK_ENAB \
+			MOTD_FILE \
+			NOLOGINS_FILE \
+			OBSCURE_CHECKS_ENAB \
+			PASS_ALWAYS_WARN \
+			PASS_CHANGE_TRIES \
+			PASS_MIN_LEN \
+			PORTTIME_CHECKS_ENAB \
+			QUOTAS_ENAB \
+			SU_WHEEL_ONLY
+		do
+			set_login_opt ${opt}
+		done
+
+		sed -i -f "${FILESDIR}"/login_defs_pam.sed \
+			"${D}"/etc/login.defs
+
+		# remove manpages that pam will install for us
+		# and/or don't apply when using pam
+		find "${D}"/usr/share/man \
+			'(' -name 'limits.5*' -o -name 'suauth.5*' ')' \
+			-exec rm {} +
+	fi
+
+	# Remove manpages that are handled by other packages
+	find "${D}"/usr/share/man \
+		'(' -name id.1 -o -name passwd.5 -o -name getspnam.3 ')' \
+		-exec rm {} +
+
+	cd "${S}"
+	dodoc ChangeLog NEWS TODO
+	newdoc README README.download
+	cd doc
+	dodoc HOWTO README* WISHLIST *.txt
+}
+
+pkg_preinst() {
+	rm -f "${ROOT}"/etc/pam.d/system-auth.new \
+		"${ROOT}/etc/login.defs.new"
+
+	use pam && pam_epam_expand "${D}"/etc/pam.d/login
+}
+
+pkg_postinst() {
+	# Enable shadow groups (we need ROOT=/ here, as grpconv only
+	# operate on / ...).
+	if [[ ${ROOT} == / && ! -f /etc/gshadow ]] ; then
+		if grpck -r 2>/dev/null ; then
+			grpconv
+		else
+			ewarn "Running 'grpck' returned errors.  Please run it by hand, and then"
+			ewarn "run 'grpconv' afterwards!"
+		fi
+	fi
+
+	einfo "The 'adduser' symlink to 'useradd' has been dropped."
+}
author	Mike Frysinger <vapier@gentoo.org>	2010-01-15 02:58:28 +0000
committer	Mike Frysinger <vapier@gentoo.org>	2010-01-15 02:58:28 +0000
commit	965af1b61b372a2c5470f00fda8e6c2bc2f245d9 (patch)
tree	183c0162bc1c1ad30a30c51b64097f8c8ca5b295 /sys-apps/shadow
parent	document the patch properly (diff)
download	historical-965af1b61b372a2c5470f00fda8e6c2bc2f245d9.tar.gz historical-965af1b61b372a2c5470f00fda8e6c2bc2f245d9.tar.bz2 historical-965af1b61b372a2c5470f00fda8e6c2bc2f245d9.zip