* [gentoo-commits] repo/gentoo:master commit in: sys-apps/shadow/, sys-apps/shadow/files/
@ 2015-11-17 14:08 Patrice Clement
0 siblings, 0 replies; 8+ messages in thread
From: Patrice Clement @ 2015-11-17 14:08 UTC (permalink / raw
To: gentoo-commits
commit: 06aea5788b901abfbc2f329a686f2960bff7d2cc
Author: Jakub Jirutka <jakub <AT> jirutka <DOT> cz>
AuthorDate: Thu Oct 15 13:17:40 2015 +0000
Commit: Patrice Clement <monsieurp <AT> gentoo <DOT> org>
CommitDate: Thu Oct 15 13:24:33 2015 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=06aea578
sys-apps/shadow: Patch new[ug]idmap to print verbose err on ownership mismatch
Everything is explained in the patch file.
...4.2.1-verbose-error-when-uid-doesnt-match.patch | 76 ++++++++
sys-apps/shadow/shadow-4.2.1-r2.ebuild | 212 +++++++++++++++++++++
2 files changed, 288 insertions(+)
diff --git a/sys-apps/shadow/files/shadow-4.2.1-verbose-error-when-uid-doesnt-match.patch b/sys-apps/shadow/files/shadow-4.2.1-verbose-error-when-uid-doesnt-match.patch
new file mode 100644
index 0000000..340424e
--- /dev/null
+++ b/sys-apps/shadow/files/shadow-4.2.1-verbose-error-when-uid-doesnt-match.patch
@@ -0,0 +1,76 @@
+From: Hank Leininger <hlein@korelogic.com>
+Date: Mon, 6 Apr 2015 08:22:48 -0500
+Subject: [PATCH] Expand the error message when newuidmap / newgidmap do not
+ like the user/group ownership of their target process.
+
+Currently the error is just:
+
+newuidmap: Target [pid] is owned by a different user
+
+With this patch it will be like:
+
+newuidmap: Target [pid] is owned by a different user: uid:0 pw_uid:0 st_uid:0, gid:0 pw_gid:0 st_gid:99
+
+Why is this useful? Well, in my case...
+
+The grsecurity kernel-hardening patch includes an option to make parts
+of /proc unreadable, such as /proc/pid/ dirs for processes not owned by
+the current uid. This comes with an option to make /proc/pid/
+directories readable by a specific gid; sysadmins and the like are then
+put into that group so they can see a full 'ps'.
+
+This means that the check in new[ug]idmap fails, as in the above quoted
+error - /proc/[targetpid] is owned by root, but the group is 99 so that
+users in group 99 can see the process.
+
+Some Googling finds dozens of people hitting this problem, but not
+*knowing* that they have hit this problem, because the errors and
+circumstances are non-obvious.
+
+Some graceful way of handling this and not failing, will be next ;) But
+in the meantime it'd be nice to have new[ug]idmap emit a more useful
+error, so that it's easier to troubleshoot.
+
+Thanks!
+
+Signed-off-by: Hank Leininger <hlein@korelogic.com>
+Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
+---
+ src/newgidmap.c | 6 ++++--
+ src/newuidmap.c | 6 ++++--
+ 2 files changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/src/newgidmap.c b/src/newgidmap.c
+index a532b45..451c6a6 100644
+--- a/src/newgidmap.c
++++ b/src/newgidmap.c
+@@ -161,8 +161,10 @@ int main(int argc, char **argv)
+ (getgid() != pw->pw_gid) ||
+ (pw->pw_uid != st.st_uid) ||
+ (pw->pw_gid != st.st_gid)) {
+- fprintf(stderr, _( "%s: Target %u is owned by a different user\n" ),
+- Prog, target);
++ fprintf(stderr, _( "%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n" ),
++ Prog, target,
++ (unsigned long int)getuid(), (unsigned long int)pw->pw_uid, (unsigned long int)st.st_uid,
++ (unsigned long int)getgid(), (unsigned long int)pw->pw_gid, (unsigned long int)st.st_gid);
+ return EXIT_FAILURE;
+ }
+
+diff --git a/src/newuidmap.c b/src/newuidmap.c
+index 5150078..9c8bc1b 100644
+--- a/src/newuidmap.c
++++ b/src/newuidmap.c
+@@ -161,8 +161,10 @@ int main(int argc, char **argv)
+ (getgid() != pw->pw_gid) ||
+ (pw->pw_uid != st.st_uid) ||
+ (pw->pw_gid != st.st_gid)) {
+- fprintf(stderr, _( "%s: Target %u is owned by a different user\n" ),
+- Prog, target);
++ fprintf(stderr, _( "%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n" ),
++ Prog, target,
++ (unsigned long int)getuid(), (unsigned long int)pw->pw_uid, (unsigned long int)st.st_uid,
++ (unsigned long int)getgid(), (unsigned long int)pw->pw_gid, (unsigned long int)st.st_gid);
+ return EXIT_FAILURE;
+ }
+
diff --git a/sys-apps/shadow/shadow-4.2.1-r2.ebuild b/sys-apps/shadow/shadow-4.2.1-r2.ebuild
new file mode 100644
index 0000000..32acfbc
--- /dev/null
+++ b/sys-apps/shadow/shadow-4.2.1-r2.ebuild
@@ -0,0 +1,212 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=4
+
+inherit eutils libtool toolchain-funcs pam multilib autotools
+
+DESCRIPTION="Utilities to deal with user accounts"
+HOMEPAGE="http://shadow.pld.org.pl/ http://pkg-shadow.alioth.debian.org/"
+SRC_URI="http://pkg-shadow.alioth.debian.org/releases/${P}.tar.xz"
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="acl audit cracklib nls pam selinux skey xattr"
+# Taken from the man/Makefile.am file.
+LANGS=( cs da de es fi fr hu id it ja ko pl pt_BR ru sv tr zh_CN zh_TW )
+IUSE+=" $(printf 'linguas_%s ' ${LANGS[*]})"
+
+RDEPEND="acl? ( sys-apps/acl )
+ audit? ( sys-process/audit )
+ cracklib? ( >=sys-libs/cracklib-2.7-r3 )
+ pam? ( virtual/pam )
+ skey? ( sys-auth/skey )
+ selinux? (
+ >=sys-libs/libselinux-1.28
+ sys-libs/libsemanage
+ )
+ nls? ( virtual/libintl )
+ xattr? ( sys-apps/attr )"
+DEPEND="${RDEPEND}
+ app-arch/xz-utils
+ nls? ( sys-devel/gettext )"
+RDEPEND="${RDEPEND}
+ pam? ( >=sys-auth/pambase-20150213 )"
+
+src_prepare() {
+ epatch "${FILESDIR}"/${PN}-4.1.3-dots-in-usernames.patch #22920
+ epatch "${FILESDIR}"/${P}-cross-size-checks.patch
+ epatch "${FILESDIR}"/${P}-verbose-error-when-uid-doesnt-match.patch
+ epatch_user
+ # https://github.com/shadow-maint/shadow/pull/5
+ mv configure.{in,ac} || die
+ eautoreconf
+ #elibtoolize
+}
+
+src_configure() {
+ tc-is-cross-compiler && export ac_cv_func_setpgrp_void=yes
+ econf \
+ --without-group-name-max-length \
+ --without-tcb \
+ --enable-shared=no \
+ --enable-static=yes \
+ $(use_with acl) \
+ $(use_with audit) \
+ $(use_with cracklib libcrack) \
+ $(use_with pam libpam) \
+ $(use_with skey) \
+ $(use_with selinux) \
+ $(use_enable nls) \
+ $(use_with elibc_glibc nscd) \
+ $(use_with xattr attr)
+ has_version 'sys-libs/uclibc[-rpc]' && sed -i '/RLOGIN/d' config.h #425052
+
+ if use nls ; then
+ local l langs="po" # These are the pot files.
+ for l in ${LANGS[*]} ; do
+ use linguas_${l} && langs+=" ${l}"
+ done
+ sed -i "/^SUBDIRS = /s:=.*:= ${langs}:" man/Makefile || die
+ fi
+}
+
+set_login_opt() {
+ local comment="" opt=$1 val=$2
+ if [[ -z ${val} ]]; then
+ comment="#"
+ sed -i \
+ -e "/^${opt}\>/s:^:#:" \
+ "${ED}"/etc/login.defs || die
+ else
+ sed -i -r \
+ -e "/^#?${opt}\>/s:.*:${opt} ${val}:" \
+ "${ED}"/etc/login.defs
+ fi
+ local res=$(grep "^${comment}${opt}\>" "${ED}"/etc/login.defs)
+ einfo "${res:-Unable to find ${opt} in /etc/login.defs}"
+}
+
+src_install() {
+ emake DESTDIR="${D}" suidperms=4711 install
+
+ # Remove libshadow and libmisc; see bug 37725 and the following
+ # comment from shadow's README.linux:
+ # Currently, libshadow.a is for internal use only, so if you see
+ # -lshadow in a Makefile of some other package, it is safe to
+ # remove it.
+ rm -f "${ED}"/{,usr/}$(get_libdir)/lib{misc,shadow}.{a,la}
+
+ insinto /etc
+ if ! use pam ; then
+ insopts -m0600
+ doins etc/login.access etc/limits
+ fi
+
+ # needed for 'useradd -D'
+ insinto /etc/default
+ insopts -m0600
+ doins "${FILESDIR}"/default/useradd
+
+ # move passwd to / to help recover broke systems #64441
+ mv "${ED}"/usr/bin/passwd "${ED}"/bin/ || die
+ dosym /bin/passwd /usr/bin/passwd
+
+ cd "${S}"
+ insinto /etc
+ insopts -m0644
+ newins etc/login.defs login.defs
+
+ set_login_opt CREATE_HOME yes
+ if ! use pam ; then
+ set_login_opt MAIL_CHECK_ENAB no
+ set_login_opt SU_WHEEL_ONLY yes
+ set_login_opt CRACKLIB_DICTPATH /usr/$(get_libdir)/cracklib_dict
+ set_login_opt LOGIN_RETRIES 3
+ set_login_opt ENCRYPT_METHOD SHA512
+ set_login_opt CONSOLE
+ else
+ dopamd "${FILESDIR}"/pam.d-include/shadow
+
+ for x in chpasswd chgpasswd newusers; do
+ newpamd "${FILESDIR}"/pam.d-include/passwd ${x}
+ done
+
+ for x in chage chsh chfn \
+ user{add,del,mod} group{add,del,mod} ; do
+ newpamd "${FILESDIR}"/pam.d-include/shadow ${x}
+ done
+
+ # comment out login.defs options that pam hates
+ local opt sed_args=()
+ for opt in \
+ CHFN_AUTH \
+ CONSOLE \
+ CRACKLIB_DICTPATH \
+ ENV_HZ \
+ ENVIRON_FILE \
+ FAILLOG_ENAB \
+ FTMP_FILE \
+ LASTLOG_ENAB \
+ MAIL_CHECK_ENAB \
+ MOTD_FILE \
+ NOLOGINS_FILE \
+ OBSCURE_CHECKS_ENAB \
+ PASS_ALWAYS_WARN \
+ PASS_CHANGE_TRIES \
+ PASS_MIN_LEN \
+ PORTTIME_CHECKS_ENAB \
+ QUOTAS_ENAB \
+ SU_WHEEL_ONLY
+ do
+ set_login_opt ${opt}
+ sed_args+=( -e "/^#${opt}\>/b pamnote" )
+ done
+ sed -i "${sed_args[@]}" \
+ -e 'b exit' \
+ -e ': pamnote; i# NOTE: This setting should be configured via /etc/pam.d/ and not in this file.' \
+ -e ': exit' \
+ "${ED}"/etc/login.defs || die
+
+ # remove manpages that pam will install for us
+ # and/or don't apply when using pam
+ find "${ED}"/usr/share/man \
+ '(' -name 'limits.5*' -o -name 'suauth.5*' ')' \
+ -delete
+
+ # Remove pam.d files provided by pambase.
+ rm "${ED}"/etc/pam.d/{login,passwd,su} || die
+ fi
+
+ # Remove manpages that are handled by other packages
+ find "${ED}"/usr/share/man \
+ '(' -name id.1 -o -name passwd.5 -o -name getspnam.3 ')' \
+ -delete
+
+ cd "${S}"
+ dodoc ChangeLog NEWS TODO
+ newdoc README README.download
+ cd doc
+ dodoc HOWTO README* WISHLIST *.txt
+}
+
+pkg_preinst() {
+ rm -f "${EROOT}"/etc/pam.d/system-auth.new \
+ "${EROOT}/etc/login.defs.new"
+}
+
+pkg_postinst() {
+ # Enable shadow groups.
+ if [ ! -f "${EROOT}"/etc/gshadow ] ; then
+ if grpck -r -R "${EROOT}" 2>/dev/null ; then
+ grpconv -R "${EROOT}"
+ else
+ ewarn "Running 'grpck' returned errors. Please run it by hand, and then"
+ ewarn "run 'grpconv' afterwards!"
+ fi
+ fi
+
+ einfo "The 'adduser' symlink to 'useradd' has been dropped."
+}
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/shadow/, sys-apps/shadow/files/
@ 2017-02-24 12:43 Lars Wendler
0 siblings, 0 replies; 8+ messages in thread
From: Lars Wendler @ 2017-02-24 12:43 UTC (permalink / raw
To: gentoo-commits
commit: 8df93785b284c765f254f65922fb699e151d0f6e
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Fri Feb 24 12:42:44 2017 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Fri Feb 24 12:43:48 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8df93785
sys-apps/shadow: Security revbump to fix CVE-2017-2616 (bug #610804).
Package-Manager: Portage-2.3.3, Repoman-2.3.1
.../shadow/files/shadow-4.4-CVE-2017-2616.patch | 62 ++++++
sys-apps/shadow/shadow-4.4-r2.ebuild | 215 +++++++++++++++++++++
2 files changed, 277 insertions(+)
diff --git a/sys-apps/shadow/files/shadow-4.4-CVE-2017-2616.patch b/sys-apps/shadow/files/shadow-4.4-CVE-2017-2616.patch
new file mode 100644
index 0000000000..b788ec3534
--- /dev/null
+++ b/sys-apps/shadow/files/shadow-4.4-CVE-2017-2616.patch
@@ -0,0 +1,62 @@
+From 08fd4b69e84364677a10e519ccb25b71710ee686 Mon Sep 17 00:00:00 2001
+From: Tobias Stoeckmann <tobias@stoeckmann.org>
+Date: Thu, 23 Feb 2017 09:47:29 -0600
+Subject: [PATCH] su: properly clear child PID
+
+If su is compiled with PAM support, it is possible for any local user
+to send SIGKILL to other processes with root privileges. There are
+only two conditions. First, the user must be able to perform su with
+a successful login. This does NOT have to be the root user, even using
+su with the same id is enough, e.g. "su $(whoami)". Second, SIGKILL
+can only be sent to processes which were executed after the su process.
+It is not possible to send SIGKILL to processes which were already
+running. I consider this as a security vulnerability, because I was
+able to write a proof of concept which unlocked a screen saver of
+another user this way.
+---
+ src/su.c | 19 +++++++++++++++++--
+ 1 file changed, 17 insertions(+), 2 deletions(-)
+
+diff --git a/src/su.c b/src/su.c
+index f20d230..d86aa86 100644
+--- a/src/su.c
++++ b/src/su.c
+@@ -379,11 +379,13 @@ static void prepare_pam_close_session (void)
+ /* wake child when resumed */
+ kill (pid, SIGCONT);
+ stop = false;
++ } else {
++ pid_child = 0;
+ }
+ } while (!stop);
+ }
+
+- if (0 != caught) {
++ if (0 != caught && 0 != pid_child) {
+ (void) fputs ("\n", stderr);
+ (void) fputs (_("Session terminated, terminating shell..."),
+ stderr);
+@@ -393,9 +395,22 @@ static void prepare_pam_close_session (void)
+ snprintf (wait_msg, sizeof wait_msg, _(" ...waiting for child to terminate.\n"));
+
+ (void) signal (SIGALRM, kill_child);
++ (void) signal (SIGCHLD, catch_signals);
+ (void) alarm (2);
+
+- (void) wait (&status);
++ sigemptyset (&ourset);
++ if ((sigaddset (&ourset, SIGALRM) != 0)
++ || (sigprocmask (SIG_BLOCK, &ourset, NULL) != 0)) {
++ fprintf (stderr, _("%s: signal masking malfunction\n"), Prog);
++ kill_child (0);
++ } else {
++ while (0 == waitpid (pid_child, &status, WNOHANG)) {
++ sigsuspend (&ourset);
++ }
++ pid_child = 0;
++ (void) sigprocmask (SIG_UNBLOCK, &ourset, NULL);
++ }
++
+ (void) fputs (_(" ...terminated.\n"), stderr);
+ }
+
diff --git a/sys-apps/shadow/shadow-4.4-r2.ebuild b/sys-apps/shadow/shadow-4.4-r2.ebuild
new file mode 100644
index 0000000000..b28554f17f
--- /dev/null
+++ b/sys-apps/shadow/shadow-4.4-r2.ebuild
@@ -0,0 +1,215 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit eutils libtool pam multilib
+
+DESCRIPTION="Utilities to deal with user accounts"
+HOMEPAGE="https://github.com/shadow-maint/shadow http://pkg-shadow.alioth.debian.org/"
+SRC_URI="https://github.com/shadow-maint/shadow/releases/download/${PV}/${P}.tar.gz"
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="acl audit cracklib nls pam selinux skey xattr"
+# Taken from the man/Makefile.am file.
+LANGS=( cs da de es fi fr hu id it ja ko pl pt_BR ru sv tr zh_CN zh_TW )
+IUSE+=" $(printf 'linguas_%s ' ${LANGS[*]})"
+
+RDEPEND="acl? ( sys-apps/acl:0= )
+ audit? ( >=sys-process/audit-2.6:0= )
+ cracklib? ( >=sys-libs/cracklib-2.7-r3:0= )
+ pam? ( virtual/pam:0= )
+ skey? ( sys-auth/skey:0= )
+ selinux? (
+ >=sys-libs/libselinux-1.28:0=
+ sys-libs/libsemanage:0=
+ )
+ nls? ( virtual/libintl )
+ xattr? ( sys-apps/attr:0= )"
+DEPEND="${RDEPEND}
+ app-arch/xz-utils
+ nls? ( sys-devel/gettext )"
+RDEPEND="${RDEPEND}
+ pam? ( >=sys-auth/pambase-20150213 )"
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-4.1.3-dots-in-usernames.patch
+ "${FILESDIR}"/${P}-su-snprintf.patch
+ "${FILESDIR}"/${P}-prototypes.patch
+ "${FILESDIR}"/${P}-load_defaults.patch
+ "${FILESDIR}"/${P}-CVE-2017-2616.patch #610804
+)
+
+src_prepare() {
+ epatch "${PATCHES[@]}"
+ epatch_user
+ #eautoreconf
+ elibtoolize
+}
+
+src_configure() {
+ econf \
+ --without-group-name-max-length \
+ --without-tcb \
+ --enable-shared=no \
+ --enable-static=yes \
+ $(use_with acl) \
+ $(use_with audit) \
+ $(use_with cracklib libcrack) \
+ $(use_with pam libpam) \
+ $(use_with skey) \
+ $(use_with selinux) \
+ $(use_enable nls) \
+ $(use_with elibc_glibc nscd) \
+ $(use_with xattr attr)
+ has_version 'sys-libs/uclibc[-rpc]' && sed -i '/RLOGIN/d' config.h #425052
+
+ if use nls ; then
+ local l langs="po" # These are the pot files.
+ for l in ${LANGS[*]} ; do
+ use linguas_${l} && langs+=" ${l}"
+ done
+ sed -i "/^SUBDIRS = /s:=.*:= ${langs}:" man/Makefile || die
+ fi
+}
+
+set_login_opt() {
+ local comment="" opt=$1 val=$2
+ if [[ -z ${val} ]]; then
+ comment="#"
+ sed -i \
+ -e "/^${opt}\>/s:^:#:" \
+ "${ED}"/etc/login.defs || die
+ else
+ sed -i -r \
+ -e "/^#?${opt}\>/s:.*:${opt} ${val}:" \
+ "${ED}"/etc/login.defs
+ fi
+ local res=$(grep "^${comment}${opt}\>" "${ED}"/etc/login.defs)
+ einfo "${res:-Unable to find ${opt} in /etc/login.defs}"
+}
+
+src_install() {
+ emake DESTDIR="${D}" suidperms=4711 install
+
+ # Remove libshadow and libmisc; see bug 37725 and the following
+ # comment from shadow's README.linux:
+ # Currently, libshadow.a is for internal use only, so if you see
+ # -lshadow in a Makefile of some other package, it is safe to
+ # remove it.
+ rm -f "${ED}"/{,usr/}$(get_libdir)/lib{misc,shadow}.{a,la}
+
+ insinto /etc
+ if ! use pam ; then
+ insopts -m0600
+ doins etc/login.access etc/limits
+ fi
+
+ # needed for 'useradd -D'
+ insinto /etc/default
+ insopts -m0600
+ doins "${FILESDIR}"/default/useradd
+
+ # move passwd to / to help recover broke systems #64441
+ mv "${ED}"/usr/bin/passwd "${ED}"/bin/ || die
+ dosym /bin/passwd /usr/bin/passwd
+
+ cd "${S}"
+ insinto /etc
+ insopts -m0644
+ newins etc/login.defs login.defs
+
+ set_login_opt CREATE_HOME yes
+ if ! use pam ; then
+ set_login_opt MAIL_CHECK_ENAB no
+ set_login_opt SU_WHEEL_ONLY yes
+ set_login_opt CRACKLIB_DICTPATH /usr/$(get_libdir)/cracklib_dict
+ set_login_opt LOGIN_RETRIES 3
+ set_login_opt ENCRYPT_METHOD SHA512
+ set_login_opt CONSOLE
+ else
+ dopamd "${FILESDIR}"/pam.d-include/shadow
+
+ for x in chpasswd chgpasswd newusers; do
+ newpamd "${FILESDIR}"/pam.d-include/passwd ${x}
+ done
+
+ for x in chage chsh chfn \
+ user{add,del,mod} group{add,del,mod} ; do
+ newpamd "${FILESDIR}"/pam.d-include/shadow ${x}
+ done
+
+ # comment out login.defs options that pam hates
+ local opt sed_args=()
+ for opt in \
+ CHFN_AUTH \
+ CONSOLE \
+ CRACKLIB_DICTPATH \
+ ENV_HZ \
+ ENVIRON_FILE \
+ FAILLOG_ENAB \
+ FTMP_FILE \
+ LASTLOG_ENAB \
+ MAIL_CHECK_ENAB \
+ MOTD_FILE \
+ NOLOGINS_FILE \
+ OBSCURE_CHECKS_ENAB \
+ PASS_ALWAYS_WARN \
+ PASS_CHANGE_TRIES \
+ PASS_MIN_LEN \
+ PORTTIME_CHECKS_ENAB \
+ QUOTAS_ENAB \
+ SU_WHEEL_ONLY
+ do
+ set_login_opt ${opt}
+ sed_args+=( -e "/^#${opt}\>/b pamnote" )
+ done
+ sed -i "${sed_args[@]}" \
+ -e 'b exit' \
+ -e ': pamnote; i# NOTE: This setting should be configured via /etc/pam.d/ and not in this file.' \
+ -e ': exit' \
+ "${ED}"/etc/login.defs || die
+
+ # remove manpages that pam will install for us
+ # and/or don't apply when using pam
+ find "${ED}"/usr/share/man \
+ '(' -name 'limits.5*' -o -name 'suauth.5*' ')' \
+ -delete
+
+ # Remove pam.d files provided by pambase.
+ rm "${ED}"/etc/pam.d/{login,passwd,su} || die
+ fi
+
+ # Remove manpages that are handled by other packages
+ find "${ED}"/usr/share/man \
+ '(' -name id.1 -o -name passwd.5 -o -name getspnam.3 ')' \
+ -delete
+
+ cd "${S}"
+ dodoc ChangeLog NEWS TODO
+ newdoc README README.download
+ cd doc
+ dodoc HOWTO README* WISHLIST *.txt
+}
+
+pkg_preinst() {
+ rm -f "${EROOT}"/etc/pam.d/system-auth.new \
+ "${EROOT}/etc/login.defs.new"
+}
+
+pkg_postinst() {
+ # Enable shadow groups.
+ if [ ! -f "${EROOT}"/etc/gshadow ] ; then
+ if grpck -r -R "${EROOT}" 2>/dev/null ; then
+ grpconv -R "${EROOT}"
+ else
+ ewarn "Running 'grpck' returned errors. Please run it by hand, and then"
+ ewarn "run 'grpconv' afterwards!"
+ fi
+ fi
+
+ einfo "The 'adduser' symlink to 'useradd' has been dropped."
+}
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/shadow/, sys-apps/shadow/files/
@ 2017-03-13 12:38 Lars Wendler
0 siblings, 0 replies; 8+ messages in thread
From: Lars Wendler @ 2017-03-13 12:38 UTC (permalink / raw
To: gentoo-commits
commit: 4d5d0eac6f3ae936d0bdcd291ef01a39bfb8fd03
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Mon Mar 13 12:36:50 2017 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Mon Mar 13 12:38:29 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4d5d0eac
sys-apps/shadow: Security cleanup (bug #610804).
Package-Manager: Portage-2.3.4, Repoman-2.3.2
sys-apps/shadow/Manifest | 1 -
.../files/shadow-4.2.1-cross-size-checks.patch | 41 ----
...4.2.1-verbose-error-when-uid-doesnt-match.patch | 76 --------
sys-apps/shadow/shadow-4.2.1-r2.ebuild | 214 ---------------------
4 files changed, 332 deletions(-)
diff --git a/sys-apps/shadow/Manifest b/sys-apps/shadow/Manifest
index 251f1ce80a1..df4f7606de4 100644
--- a/sys-apps/shadow/Manifest
+++ b/sys-apps/shadow/Manifest
@@ -1,2 +1 @@
-DIST shadow-4.2.1.tar.xz 1594536 SHA256 3b0893d1476766868cd88920f4f1231c4795652aa407569faff802bcda0f3d41 SHA512 7a14bf8e08126f0402e37b6e4c559615ced7cf829e39156d929ed05cd8813de48a77ff1f7f6fe707da04cf662a2e9e84c22d63d88dd1ed13f935fde594db95f0 WHIRLPOOL 032857f5fae8486cc3dd11303bfa7da55019000ce8ad7bac2f398f9f9764c8659e20a1547d05c5e4f366db749a52afb3083017faf14f6a72ee48345dcd1f86aa
DIST shadow-4.4.tar.gz 3706812 SHA256 2398fe436e548786c17ec387b4c41f5339f72ec9ee2f3f7a6e0cc2cb240bb482 SHA512 c1e0f65a4fbd0f9d8de38e488b4a374cac5c476180e233269fc666988d9201c0dcc694605c5e54d54f81039c2e30c95b14c12f10adef749a45cc31f0b4b5d5a6 WHIRLPOOL a22fc0f90ec0623cbbcef253378a16ad605cf71345074880e3fd12fb5914058d3e721f378730c9684497cc597595b7defc7e710206268ae320a090c8c35fd41e
diff --git a/sys-apps/shadow/files/shadow-4.2.1-cross-size-checks.patch b/sys-apps/shadow/files/shadow-4.2.1-cross-size-checks.patch
deleted file mode 100644
index f067caab204..00000000000
--- a/sys-apps/shadow/files/shadow-4.2.1-cross-size-checks.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 2cb54158b80cdbd97ca3b36df83f9255e923ae3f Mon Sep 17 00:00:00 2001
-From: James Le Cuirot <chewi@aura-online.co.uk>
-Date: Sat, 23 Aug 2014 09:46:39 +0100
-Subject: [PATCH] Check size of uid_t and gid_t using AC_CHECK_SIZEOF
-
-This built-in check is simpler than the previous method and, most
-importantly, works when cross-compiling.
-
-Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
----
- configure.in | 14 ++++----------
- 1 file changed, 4 insertions(+), 10 deletions(-)
-
-diff --git a/configure.in b/configure.in
-index 1a3f841..4a4d6d0 100644
---- a/configure.in
-+++ b/configure.in
-@@ -335,16 +335,10 @@ if test "$enable_subids" != "no"; then
- dnl
- dnl FIXME: check if 32 bit UIDs/GIDs are supported by libc
- dnl
-- AC_RUN_IFELSE([AC_LANG_SOURCE([
--#include <sys/types.h>
--int main(void) {
-- uid_t u;
-- gid_t g;
-- return (sizeof u < 4) || (sizeof g < 4);
--}
-- ])], [id32bit="yes"], [id32bit="no"])
--
-- if test "x$id32bit" = "xyes"; then
-+ AC_CHECK_SIZEOF([uid_t],, [#include "sys/types.h"])
-+ AC_CHECK_SIZEOF([gid_t],, [#include "sys/types.h"])
-+
-+ if test "$ac_cv_sizeof_uid_t" -ge 4 && test "$ac_cv_sizeof_gid_t" -ge 4; then
- AC_DEFINE(ENABLE_SUBIDS, 1, [Define to support the subordinate IDs.])
- enable_subids="yes"
- else
---
-2.3.6
-
diff --git a/sys-apps/shadow/files/shadow-4.2.1-verbose-error-when-uid-doesnt-match.patch b/sys-apps/shadow/files/shadow-4.2.1-verbose-error-when-uid-doesnt-match.patch
deleted file mode 100644
index 340424eb12e..00000000000
--- a/sys-apps/shadow/files/shadow-4.2.1-verbose-error-when-uid-doesnt-match.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From: Hank Leininger <hlein@korelogic.com>
-Date: Mon, 6 Apr 2015 08:22:48 -0500
-Subject: [PATCH] Expand the error message when newuidmap / newgidmap do not
- like the user/group ownership of their target process.
-
-Currently the error is just:
-
-newuidmap: Target [pid] is owned by a different user
-
-With this patch it will be like:
-
-newuidmap: Target [pid] is owned by a different user: uid:0 pw_uid:0 st_uid:0, gid:0 pw_gid:0 st_gid:99
-
-Why is this useful? Well, in my case...
-
-The grsecurity kernel-hardening patch includes an option to make parts
-of /proc unreadable, such as /proc/pid/ dirs for processes not owned by
-the current uid. This comes with an option to make /proc/pid/
-directories readable by a specific gid; sysadmins and the like are then
-put into that group so they can see a full 'ps'.
-
-This means that the check in new[ug]idmap fails, as in the above quoted
-error - /proc/[targetpid] is owned by root, but the group is 99 so that
-users in group 99 can see the process.
-
-Some Googling finds dozens of people hitting this problem, but not
-*knowing* that they have hit this problem, because the errors and
-circumstances are non-obvious.
-
-Some graceful way of handling this and not failing, will be next ;) But
-in the meantime it'd be nice to have new[ug]idmap emit a more useful
-error, so that it's easier to troubleshoot.
-
-Thanks!
-
-Signed-off-by: Hank Leininger <hlein@korelogic.com>
-Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
----
- src/newgidmap.c | 6 ++++--
- src/newuidmap.c | 6 ++++--
- 2 files changed, 8 insertions(+), 4 deletions(-)
-
-diff --git a/src/newgidmap.c b/src/newgidmap.c
-index a532b45..451c6a6 100644
---- a/src/newgidmap.c
-+++ b/src/newgidmap.c
-@@ -161,8 +161,10 @@ int main(int argc, char **argv)
- (getgid() != pw->pw_gid) ||
- (pw->pw_uid != st.st_uid) ||
- (pw->pw_gid != st.st_gid)) {
-- fprintf(stderr, _( "%s: Target %u is owned by a different user\n" ),
-- Prog, target);
-+ fprintf(stderr, _( "%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n" ),
-+ Prog, target,
-+ (unsigned long int)getuid(), (unsigned long int)pw->pw_uid, (unsigned long int)st.st_uid,
-+ (unsigned long int)getgid(), (unsigned long int)pw->pw_gid, (unsigned long int)st.st_gid);
- return EXIT_FAILURE;
- }
-
-diff --git a/src/newuidmap.c b/src/newuidmap.c
-index 5150078..9c8bc1b 100644
---- a/src/newuidmap.c
-+++ b/src/newuidmap.c
-@@ -161,8 +161,10 @@ int main(int argc, char **argv)
- (getgid() != pw->pw_gid) ||
- (pw->pw_uid != st.st_uid) ||
- (pw->pw_gid != st.st_gid)) {
-- fprintf(stderr, _( "%s: Target %u is owned by a different user\n" ),
-- Prog, target);
-+ fprintf(stderr, _( "%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n" ),
-+ Prog, target,
-+ (unsigned long int)getuid(), (unsigned long int)pw->pw_uid, (unsigned long int)st.st_uid,
-+ (unsigned long int)getgid(), (unsigned long int)pw->pw_gid, (unsigned long int)st.st_gid);
- return EXIT_FAILURE;
- }
-
diff --git a/sys-apps/shadow/shadow-4.2.1-r2.ebuild b/sys-apps/shadow/shadow-4.2.1-r2.ebuild
deleted file mode 100644
index 0e9e3a4d4e5..00000000000
--- a/sys-apps/shadow/shadow-4.2.1-r2.ebuild
+++ /dev/null
@@ -1,214 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="5"
-
-inherit eutils libtool pam multilib autotools
-
-DESCRIPTION="Utilities to deal with user accounts"
-HOMEPAGE="http://shadow.pld.org.pl/ http://pkg-shadow.alioth.debian.org/"
-SRC_URI="http://pkg-shadow.alioth.debian.org/releases/${P}.tar.xz"
-
-LICENSE="BSD GPL-2"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86"
-IUSE="acl audit cracklib nls pam selinux skey xattr"
-# Taken from the man/Makefile.am file.
-LANGS=( cs da de es fi fr hu id it ja ko pl pt_BR ru sv tr zh_CN zh_TW )
-IUSE+=" $(printf 'linguas_%s ' ${LANGS[*]})"
-
-RDEPEND="acl? ( sys-apps/acl )
- audit? ( sys-process/audit )
- cracklib? ( >=sys-libs/cracklib-2.7-r3 )
- pam? ( virtual/pam )
- skey? ( sys-auth/skey )
- selinux? (
- >=sys-libs/libselinux-1.28
- sys-libs/libsemanage
- )
- nls? ( virtual/libintl )
- xattr? ( sys-apps/attr )"
-DEPEND="${RDEPEND}
- app-arch/xz-utils
- sys-devel/gettext"
-RDEPEND="${RDEPEND}
- pam? ( >=sys-auth/pambase-20150213 )"
-
-PATCHES=(
- "${FILESDIR}"/${PN}-4.1.3-dots-in-usernames.patch
- "${FILESDIR}"/${P}-cross-size-checks.patch
- "${FILESDIR}"/${P}-verbose-error-when-uid-doesnt-match.patch
-)
-
-src_prepare() {
- epatch "${PATCHES[@]}"
- epatch_user
- # https://github.com/shadow-maint/shadow/pull/5
- mv configure.{in,ac} || die
- eautoreconf
- #elibtoolize
-}
-
-src_configure() {
- econf \
- --without-group-name-max-length \
- --without-tcb \
- --enable-shared=no \
- --enable-static=yes \
- $(use_with acl) \
- $(use_with audit) \
- $(use_with cracklib libcrack) \
- $(use_with pam libpam) \
- $(use_with skey) \
- $(use_with selinux) \
- $(use_enable nls) \
- $(use_with elibc_glibc nscd) \
- $(use_with xattr attr)
- has_version 'sys-libs/uclibc[-rpc]' && sed -i '/RLOGIN/d' config.h #425052
-
- if use nls ; then
- local l langs="po" # These are the pot files.
- for l in ${LANGS[*]} ; do
- use linguas_${l} && langs+=" ${l}"
- done
- sed -i "/^SUBDIRS = /s:=.*:= ${langs}:" man/Makefile || die
- fi
-}
-
-set_login_opt() {
- local comment="" opt=$1 val=$2
- if [[ -z ${val} ]]; then
- comment="#"
- sed -i \
- -e "/^${opt}\>/s:^:#:" \
- "${ED}"/etc/login.defs || die
- else
- sed -i -r \
- -e "/^#?${opt}\>/s:.*:${opt} ${val}:" \
- "${ED}"/etc/login.defs
- fi
- local res=$(grep "^${comment}${opt}\>" "${ED}"/etc/login.defs)
- einfo "${res:-Unable to find ${opt} in /etc/login.defs}"
-}
-
-src_install() {
- emake DESTDIR="${D}" suidperms=4711 install
-
- # Remove libshadow and libmisc; see bug 37725 and the following
- # comment from shadow's README.linux:
- # Currently, libshadow.a is for internal use only, so if you see
- # -lshadow in a Makefile of some other package, it is safe to
- # remove it.
- rm -f "${ED}"/{,usr/}$(get_libdir)/lib{misc,shadow}.{a,la}
-
- insinto /etc
- if ! use pam ; then
- insopts -m0600
- doins etc/login.access etc/limits
- fi
-
- # needed for 'useradd -D'
- insinto /etc/default
- insopts -m0600
- doins "${FILESDIR}"/default/useradd
-
- # move passwd to / to help recover broke systems #64441
- mv "${ED}"/usr/bin/passwd "${ED}"/bin/ || die
- dosym /bin/passwd /usr/bin/passwd
-
- cd "${S}"
- insinto /etc
- insopts -m0644
- newins etc/login.defs login.defs
-
- set_login_opt CREATE_HOME yes
- if ! use pam ; then
- set_login_opt MAIL_CHECK_ENAB no
- set_login_opt SU_WHEEL_ONLY yes
- set_login_opt CRACKLIB_DICTPATH /usr/$(get_libdir)/cracklib_dict
- set_login_opt LOGIN_RETRIES 3
- set_login_opt ENCRYPT_METHOD SHA512
- set_login_opt CONSOLE
- else
- dopamd "${FILESDIR}"/pam.d-include/shadow
-
- for x in chpasswd chgpasswd newusers; do
- newpamd "${FILESDIR}"/pam.d-include/passwd ${x}
- done
-
- for x in chage chsh chfn \
- user{add,del,mod} group{add,del,mod} ; do
- newpamd "${FILESDIR}"/pam.d-include/shadow ${x}
- done
-
- # comment out login.defs options that pam hates
- local opt sed_args=()
- for opt in \
- CHFN_AUTH \
- CONSOLE \
- CRACKLIB_DICTPATH \
- ENV_HZ \
- ENVIRON_FILE \
- FAILLOG_ENAB \
- FTMP_FILE \
- LASTLOG_ENAB \
- MAIL_CHECK_ENAB \
- MOTD_FILE \
- NOLOGINS_FILE \
- OBSCURE_CHECKS_ENAB \
- PASS_ALWAYS_WARN \
- PASS_CHANGE_TRIES \
- PASS_MIN_LEN \
- PORTTIME_CHECKS_ENAB \
- QUOTAS_ENAB \
- SU_WHEEL_ONLY
- do
- set_login_opt ${opt}
- sed_args+=( -e "/^#${opt}\>/b pamnote" )
- done
- sed -i "${sed_args[@]}" \
- -e 'b exit' \
- -e ': pamnote; i# NOTE: This setting should be configured via /etc/pam.d/ and not in this file.' \
- -e ': exit' \
- "${ED}"/etc/login.defs || die
-
- # remove manpages that pam will install for us
- # and/or don't apply when using pam
- find "${ED}"/usr/share/man \
- '(' -name 'limits.5*' -o -name 'suauth.5*' ')' \
- -delete
-
- # Remove pam.d files provided by pambase.
- rm "${ED}"/etc/pam.d/{login,passwd,su} || die
- fi
-
- # Remove manpages that are handled by other packages
- find "${ED}"/usr/share/man \
- '(' -name id.1 -o -name passwd.5 -o -name getspnam.3 ')' \
- -delete
-
- cd "${S}"
- dodoc ChangeLog NEWS TODO
- newdoc README README.download
- cd doc
- dodoc HOWTO README* WISHLIST *.txt
-}
-
-pkg_preinst() {
- rm -f "${EROOT}"/etc/pam.d/system-auth.new \
- "${EROOT}/etc/login.defs.new"
-}
-
-pkg_postinst() {
- # Enable shadow groups.
- if [ ! -f "${EROOT}"/etc/gshadow ] ; then
- if grpck -r -R "${EROOT}" 2>/dev/null ; then
- grpconv -R "${EROOT}"
- else
- ewarn "Running 'grpck' returned errors. Please run it by hand, and then"
- ewarn "run 'grpconv' afterwards!"
- fi
- fi
-
- einfo "The 'adduser' symlink to 'useradd' has been dropped."
-}
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/shadow/, sys-apps/shadow/files/
@ 2021-08-04 16:00 Mike Gilbert
0 siblings, 0 replies; 8+ messages in thread
From: Mike Gilbert @ 2021-08-04 16:00 UTC (permalink / raw
To: gentoo-commits
commit: 99492d04ef5f0e1834eaf0930951a492e22a3092
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Wed Aug 4 15:59:30 2021 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Wed Aug 4 15:59:30 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=99492d04
sys-apps/shadow: fix build with cracklib enabled
Closes: https://bugs.gentoo.org/806124
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
sys-apps/shadow/files/shadow-4.9-libcrack.patch | 27 +++++++++++++++++++++++++
sys-apps/shadow/shadow-4.9-r1.ebuild | 1 +
2 files changed, 28 insertions(+)
diff --git a/sys-apps/shadow/files/shadow-4.9-libcrack.patch b/sys-apps/shadow/files/shadow-4.9-libcrack.patch
new file mode 100644
index 00000000000..5c954feac1a
--- /dev/null
+++ b/sys-apps/shadow/files/shadow-4.9-libcrack.patch
@@ -0,0 +1,27 @@
+From 6becc82e262205f8a23bf9fe1127af57286826ee Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Mon, 2 Aug 2021 11:51:44 -0400
+Subject: [PATCH] libsubid: fix build with libcrack
+
+Fixes a link failure:
+
+ ../libsubid/.libs/libsubid.so: undefined reference to `FascistCheck'
+
+Bug: https://bugs.gentoo.org/806124
+Signed-off-by: Mike Gilbert <floppym@gentoo.org>
+---
+ libsubid/Makefile.am | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/libsubid/Makefile.am b/libsubid/Makefile.am
+index 8bba02ab..bfc982ef 100644
+--- a/libsubid/Makefile.am
++++ b/libsubid/Makefile.am
+@@ -11,6 +11,7 @@ MISCLIBS = \
+ $(LIBAUDIT) \
+ $(LIBSELINUX) \
+ $(LIBSEMANAGE) \
++ $(LIBCRACK) \
+ $(LIBCRYPT_NOPAM) \
+ $(LIBSKEY) \
+ $(LIBMD) \
diff --git a/sys-apps/shadow/shadow-4.9-r1.ebuild b/sys-apps/shadow/shadow-4.9-r1.ebuild
index 4e3c4cc53a2..545c8cb652b 100644
--- a/sys-apps/shadow/shadow-4.9-r1.ebuild
+++ b/sys-apps/shadow/shadow-4.9-r1.ebuild
@@ -56,6 +56,7 @@ PATCHES=(
"${FILESDIR}/${PN}-4.1.3-dots-in-usernames.patch"
"${FILESDIR}/${P}-libsubid_pam_linking.patch"
"${FILESDIR}/${P}-libsubid_oot_build.patch"
+ "${FILESDIR}/shadow-4.9-libcrack.patch"
)
src_prepare() {
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/shadow/, sys-apps/shadow/files/
@ 2021-11-14 9:26 Sam James
0 siblings, 0 replies; 8+ messages in thread
From: Sam James @ 2021-11-14 9:26 UTC (permalink / raw
To: gentoo-commits
commit: a2d21bec1e6e7b22806c3ff047c4626b8b72a1ff
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 14 09:26:29 2021 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Nov 14 09:26:29 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a2d21bec
sys-apps/shadow: backport upstream patch for crash
Also throw in a configure typo patch, given we're calling eautoreconf anyway.
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../shadow/files/shadow-4.9-configure-typo.patch | 19 ++
.../files/shadow-4.9-gpasswd-double-free.patch | 35 +++
sys-apps/shadow/shadow-4.9-r4.ebuild | 251 +++++++++++++++++++++
3 files changed, 305 insertions(+)
diff --git a/sys-apps/shadow/files/shadow-4.9-configure-typo.patch b/sys-apps/shadow/files/shadow-4.9-configure-typo.patch
new file mode 100644
index 000000000000..1a6db304a013
--- /dev/null
+++ b/sys-apps/shadow/files/shadow-4.9-configure-typo.patch
@@ -0,0 +1,19 @@
+https://github.com/shadow-maint/shadow/commit/049f9a7f6b320c728a6274299041e360381d7cd5
+
+From 049f9a7f6b320c728a6274299041e360381d7cd5 Mon Sep 17 00:00:00 2001
+From: Andy Zaugg <andy.zaugg@gmail.com>
+Date: Tue, 21 Sep 2021 21:51:10 -0700
+Subject: [PATCH] Fix parentheses in configure.ac
+
+Resolving issue https://github.com/shadow-maint/shadow/issues/419
+--- a/configure.ac
++++ b/configure.ac
+@@ -345,7 +345,7 @@ if test "$with_sssd" = "yes"; then
+ [AC_MSG_ERROR([posix_spawn is needed for sssd support])])
+ fi
+
+-AS_IF([test "$with_su" != "no"], AC_DEFINE(WITH_SU, 1, [Build with su])])
++AS_IF([test "$with_su" != "no"], AC_DEFINE(WITH_SU, 1, [Build with su]))
+ AM_CONDITIONAL([WITH_SU], [test "x$with_su" != "xno"])
+
+ dnl Check for some functions in libc first, only if not found check for
diff --git a/sys-apps/shadow/files/shadow-4.9-gpasswd-double-free.patch b/sys-apps/shadow/files/shadow-4.9-gpasswd-double-free.patch
new file mode 100644
index 000000000000..d7102ce03c32
--- /dev/null
+++ b/sys-apps/shadow/files/shadow-4.9-gpasswd-double-free.patch
@@ -0,0 +1,35 @@
+https://github.com/shadow-maint/shadow/commit/117bc66c6f95fa85ca75ecfdb8fbd3615deca0b6
+
+From 117bc66c6f95fa85ca75ecfdb8fbd3615deca0b6 Mon Sep 17 00:00:00 2001
+From: Michael Vetter <jubalh@iodoru.org>
+Date: Mon, 20 Sep 2021 11:04:50 +0200
+Subject: [PATCH] Only free sgent if it was initialized
+
+`sgent` is only initialized in `get_group()` if `is_shadowgrp` is true.
+So we should also only attempt to free it if this is actually the case.
+
+Can otherwise lead to:
+```
+free() double free detected in tcache 2 (gpasswd)
+```
+--- a/src/gpasswd.c
++++ b/src/gpasswd.c
+@@ -1207,11 +1207,13 @@ int main (int argc, char **argv)
+ sssd_flush_cache (SSSD_DB_GROUP);
+
+ #ifdef SHADOWGRP
+- if (sgent.sg_adm) {
+- xfree(sgent.sg_adm);
+- }
+- if (sgent.sg_mem) {
+- xfree(sgent.sg_mem);
++ if (is_shadowgrp) {
++ if (sgent.sg_adm) {
++ xfree(sgent.sg_adm);
++ }
++ if (sgent.sg_mem) {
++ xfree(sgent.sg_mem);
++ }
+ }
+ #endif
+ if (grent.gr_mem) {
diff --git a/sys-apps/shadow/shadow-4.9-r4.ebuild b/sys-apps/shadow/shadow-4.9-r4.ebuild
new file mode 100644
index 000000000000..044718eed4c1
--- /dev/null
+++ b/sys-apps/shadow/shadow-4.9-r4.ebuild
@@ -0,0 +1,251 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools pam
+
+DESCRIPTION="Utilities to deal with user accounts"
+HOMEPAGE="https://github.com/shadow-maint/shadow"
+SRC_URI="https://github.com/shadow-maint/shadow/releases/download/v${PV}/${P}.tar.xz"
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+IUSE="acl audit bcrypt cracklib nls pam selinux skey split-usr +su xattr"
+# Taken from the man/Makefile.am file.
+LANGS=( cs da de es fi fr hu id it ja ko pl pt_BR ru sv tr zh_CN zh_TW )
+
+REQUIRED_USE="?? ( cracklib pam )"
+
+BDEPEND="
+ app-arch/xz-utils
+ sys-devel/gettext
+"
+COMMON_DEPEND="
+ virtual/libcrypt:=
+ acl? ( sys-apps/acl:0= )
+ audit? ( >=sys-process/audit-2.6:0= )
+ cracklib? ( >=sys-libs/cracklib-2.7-r3:0= )
+ nls? ( virtual/libintl )
+ pam? ( sys-libs/pam:0= )
+ skey? ( sys-auth/skey:0= )
+ selinux? (
+ >=sys-libs/libselinux-1.28:0=
+ sys-libs/libsemanage:0=
+ )
+ xattr? ( sys-apps/attr:0= )
+"
+DEPEND="${COMMON_DEPEND}
+ >=sys-kernel/linux-headers-4.14
+"
+RDEPEND="${COMMON_DEPEND}
+ !<sys-apps/man-pages-5.11-r1
+ !=sys-apps/man-pages-5.12-r0
+ !=sys-apps/man-pages-5.12-r1
+ nls? (
+ !<app-i18n/man-pages-it-5.06-r1
+ !<app-i18n/man-pages-ja-20180315-r1
+ !<app-i18n/man-pages-ru-5.03.2390.2390.20191017-r1
+ )
+ pam? ( >=sys-auth/pambase-20150213 )
+ su? ( !sys-apps/util-linux[su(-)] )
+"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-4.1.3-dots-in-usernames.patch"
+ "${FILESDIR}/${P}-libsubid_pam_linking.patch"
+ "${FILESDIR}/${P}-libsubid_oot_build.patch"
+ "${FILESDIR}/shadow-4.9-libcrack.patch"
+ "${FILESDIR}/shadow-4.9-SHA-rounds.patch"
+ "${FILESDIR}/${P}-gpasswd-double-free.patch"
+ "${FILESDIR}/${P}-configure-typo.patch"
+)
+
+src_prepare() {
+ default
+ eautoreconf
+ #elibtoolize
+}
+
+src_configure() {
+ local myeconfargs=(
+ --disable-account-tools-setuid
+ --with-btrfs
+ --without-group-name-max-length
+ --without-tcb
+ $(use_enable nls)
+ $(use_with acl)
+ $(use_with audit)
+ $(use_with bcrypt)
+ $(use_with cracklib libcrack)
+ $(use_with elibc_glibc nscd)
+ $(use_with pam libpam)
+ $(use_with selinux)
+ $(use_with skey)
+ $(use_with su)
+ $(use_with xattr attr)
+ )
+ econf "${myeconfargs[@]}"
+
+ has_version 'sys-libs/uclibc[-rpc]' && sed -i '/RLOGIN/d' config.h #425052
+
+ if use nls ; then
+ local l langs="po" # These are the pot files.
+ for l in ${LANGS[*]} ; do
+ has ${l} ${LINGUAS-${l}} && langs+=" ${l}"
+ done
+ sed -i "/^SUBDIRS = /s:=.*:= ${langs}:" man/Makefile || die
+ fi
+}
+
+set_login_opt() {
+ local comment="" opt=${1} val=${2}
+ if [[ -z ${val} ]]; then
+ comment="#"
+ sed -i \
+ -e "/^${opt}\>/s:^:#:" \
+ "${ED}"/etc/login.defs || die
+ else
+ sed -i -r \
+ -e "/^#?${opt}\>/s:.*:${opt} ${val}:" \
+ "${ED}"/etc/login.defs
+ fi
+ local res=$(grep "^${comment}${opt}\>" "${ED}"/etc/login.defs)
+ einfo "${res:-Unable to find ${opt} in /etc/login.defs}"
+}
+
+src_install() {
+ emake DESTDIR="${D}" suidperms=4711 install
+
+ # 4.9 regression: https://github.com/shadow-maint/shadow/issues/389
+ emake DESTDIR="${D}" -C man install
+
+ find "${ED}" -name '*.la' -type f -delete || die
+
+ insinto /etc
+ if ! use pam ; then
+ insopts -m0600
+ doins etc/login.access etc/limits
+ fi
+
+ # needed for 'useradd -D'
+ insinto /etc/default
+ insopts -m0600
+ doins "${FILESDIR}"/default/useradd
+
+ if use split-usr ; then
+ # move passwd to / to help recover broke systems #64441
+ # We cannot simply remove this or else net-misc/scponly
+ # and other tools will break because of hardcoded passwd
+ # location
+ dodir /bin
+ mv "${ED}"/usr/bin/passwd "${ED}"/bin/ || die
+ dosym ../../bin/passwd /usr/bin/passwd
+ fi
+
+ cd "${S}" || die
+ insinto /etc
+ insopts -m0644
+ newins etc/login.defs login.defs
+
+ set_login_opt CREATE_HOME yes
+ if ! use pam ; then
+ set_login_opt MAIL_CHECK_ENAB no
+ set_login_opt SU_WHEEL_ONLY yes
+ set_login_opt CRACKLIB_DICTPATH /usr/lib/cracklib_dict
+ set_login_opt LOGIN_RETRIES 3
+ set_login_opt ENCRYPT_METHOD SHA512
+ set_login_opt CONSOLE
+ else
+ dopamd "${FILESDIR}"/pam.d-include/shadow
+
+ for x in chsh shfn ; do
+ newpamd "${FILESDIR}"/pam.d-include/passwd ${x}
+ done
+
+ for x in chpasswd newusers ; do
+ newpamd "${FILESDIR}"/pam.d-include/chpasswd ${x}
+ done
+
+ newpamd "${FILESDIR}"/pam.d-include/shadow-r1 groupmems
+
+ # comment out login.defs options that pam hates
+ local opt sed_args=()
+ for opt in \
+ CHFN_AUTH \
+ CONSOLE \
+ CRACKLIB_DICTPATH \
+ ENV_HZ \
+ ENVIRON_FILE \
+ FAILLOG_ENAB \
+ FTMP_FILE \
+ LASTLOG_ENAB \
+ MAIL_CHECK_ENAB \
+ MOTD_FILE \
+ NOLOGINS_FILE \
+ OBSCURE_CHECKS_ENAB \
+ PASS_ALWAYS_WARN \
+ PASS_CHANGE_TRIES \
+ PASS_MIN_LEN \
+ PORTTIME_CHECKS_ENAB \
+ QUOTAS_ENAB \
+ SU_WHEEL_ONLY
+ do
+ set_login_opt ${opt}
+ sed_args+=( -e "/^#${opt}\>/b pamnote" )
+ done
+ sed -i "${sed_args[@]}" \
+ -e 'b exit' \
+ -e ': pamnote; i# NOTE: This setting should be configured via /etc/pam.d/ and not in this file.' \
+ -e ': exit' \
+ "${ED}"/etc/login.defs || die
+
+ # remove manpages that pam will install for us
+ # and/or don't apply when using pam
+ find "${ED}"/usr/share/man -type f \
+ '(' -name 'limits.5*' -o -name 'suauth.5*' ')' \
+ -delete
+
+ # Remove pam.d files provided by pambase.
+ rm "${ED}"/etc/pam.d/{login,passwd} || die
+ if use su ; then
+ rm "${ED}"/etc/pam.d/su || die
+ fi
+ fi
+
+ # Remove manpages that are handled by other packages
+ find "${ED}"/usr/share/man -type f \
+ '(' -name id.1 -o -name getspnam.3 ')' \
+ -delete
+
+ cd "${S}" || die
+ dodoc ChangeLog NEWS TODO
+ newdoc README README.download
+ cd doc || die
+ dodoc HOWTO README* WISHLIST *.txt
+}
+
+pkg_preinst() {
+ rm -f "${EROOT}"/etc/pam.d/system-auth.new \
+ "${EROOT}/etc/login.defs.new"
+}
+
+pkg_postinst() {
+ # Enable shadow groups.
+ if [ ! -f "${EROOT}"/etc/gshadow ] ; then
+ if grpck -r -R "${EROOT}" 2>/dev/null ; then
+ grpconv -R "${EROOT}"
+ else
+ ewarn "Running 'grpck' returned errors. Please run it by hand, and then"
+ ewarn "run 'grpconv' afterwards!"
+ fi
+ fi
+
+ [[ ! -f "${EROOT}"/etc/subgid ]] &&
+ touch "${EROOT}"/etc/subgid
+ [[ ! -f "${EROOT}"/etc/subuid ]] &&
+ touch "${EROOT}"/etc/subuid
+
+ einfo "The 'adduser' symlink to 'useradd' has been dropped."
+}
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/shadow/, sys-apps/shadow/files/
@ 2022-04-17 17:06 Sam James
0 siblings, 0 replies; 8+ messages in thread
From: Sam James @ 2022-04-17 17:06 UTC (permalink / raw
To: gentoo-commits
commit: 427d452b3e4335a3b7f1e2af8db4d427431765a6
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Apr 17 17:02:33 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Apr 17 17:06:04 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=427d452b
sys-apps/shadow: drop 4.8.1-r4, 4.9-r3, 4.9-r4, 4.10-r4
Signed-off-by: Sam James <sam <AT> gentoo.org>
sys-apps/shadow/Manifest | 3 -
.../shadow/files/shadow-4.10-libsubid-soname.patch | 38 ---
sys-apps/shadow/files/shadow-4.9-SHA-rounds.patch | 57 -----
.../shadow/files/shadow-4.9-configure-typo.patch | 19 --
.../files/shadow-4.9-gpasswd-double-free.patch | 35 ---
sys-apps/shadow/files/shadow-4.9-libcrack.patch | 27 ---
.../files/shadow-4.9-libsubid_oot_build.patch | 109 ---------
.../files/shadow-4.9-libsubid_pam_linking.patch | 28 ---
sys-apps/shadow/shadow-4.10-r4.ebuild | 257 ---------------------
sys-apps/shadow/shadow-4.8.1-r4.ebuild | 247 --------------------
sys-apps/shadow/shadow-4.9-r3.ebuild | 247 --------------------
sys-apps/shadow/shadow-4.9-r4.ebuild | 249 --------------------
12 files changed, 1316 deletions(-)
diff --git a/sys-apps/shadow/Manifest b/sys-apps/shadow/Manifest
index 1256ca7babdb..d6747cbe3bf3 100644
--- a/sys-apps/shadow/Manifest
+++ b/sys-apps/shadow/Manifest
@@ -1,4 +1 @@
-DIST shadow-4.10.tar.xz 1662364 BLAKE2B 80b5f0f6b8fbb3e2ca134e14e93a3f67e5baa34d793ace5b90690676634f4cc72dfb4b3d50dbd7626c1a144898c1c943f8acbc8121903f17519c981986c284ae SHA512 39ffc1863d1f84aa39a2983c08e5adb93642b09e3e5e65c1c4e8a342207a79201b199e518e3701726014c7cb736977ef275d2dc1c659b5776183ae73978357da
DIST shadow-4.11.1.tar.xz 1656584 BLAKE2B d459a1e0ffb342b6b455caf65e6af60b32eee72d4a9b1ab126485fb4632503a42061d3f0b960554c8155af6dc0564c585335b27aecca6538b394a0d58d927588 SHA512 12fbe4d6ac929ad3c21525ed0f1026b5b678ccec9762f2ec7e611d9c180934def506325f2835fb750dd30af035b592f827ff151cd6e4c805aaaf8e01425c279f
-DIST shadow-4.8.1.tar.xz 1611196 BLAKE2B 952707cdd55dc6c00dcbc60dbc3bf84ac618dbe916b36d993802b3ce42594de332a9bc22933a28881af3d317a340eab017ada55511b4e4fbc3ca6b422c4bc254 SHA512 780a983483d847ed3c91c82064a0fa902b6f4185225978241bc3bc03fcc3aa143975b46aee43151c6ba43efcfdb1819516b76ba7ad3d1d3c34fcc38ea42e917b
-DIST shadow-4.9.tar.xz 1627008 BLAKE2B 7a9a6a489115c7a20520cfec61f008fc0f70f7f50aaf539e94dfdcb20035d2de88ab3198e76812a4e3eb944b92c76c0ca2e85e35f4342537711c2c033248a72b SHA512 254cda49bb14505a7604821e7fa898bf4bf317d648e9ddc881ab80a6860d52053dfffacad6feab87c7d16608c35ed6b6cee99e7757eac930da3a7b31cdcd4b95
diff --git a/sys-apps/shadow/files/shadow-4.10-libsubid-soname.patch b/sys-apps/shadow/files/shadow-4.10-libsubid-soname.patch
deleted file mode 100644
index e2f8ddf466d9..000000000000
--- a/sys-apps/shadow/files/shadow-4.10-libsubid-soname.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-https://github.com/shadow-maint/shadow/pull/463
-
-From: Sam James <sam@gentoo.org>
-Date: Mon, 20 Dec 2021 01:37:23 +0000
-Subject: [PATCH] libsubid: fix defining SONAME version
-
-We were overriding this when --enable-shared was passed. We can actually
-just dump the conditional logic as libtool will do the right thing for
-us here anyway.
-
-Without this patch, libsubid is installed as .0.
-
-Signed-off-by: Sam James <sam@gentoo.org>
---- a/configure.ac
-+++ b/configure.ac
-@@ -321,8 +321,6 @@ if test "$with_sha_crypt" = "yes"; then
- AC_DEFINE(USE_SHA_CRYPT, 1, [Define to allow the SHA256 and SHA512 password encryption algorithms])
- fi
-
--AM_CONDITIONAL(ENABLE_SHARED, test "x$enable_shared" = "xyes")
--
- AM_CONDITIONAL(USE_BCRYPT, test "x$with_bcrypt" = "xyes")
- if test "$with_bcrypt" = "yes"; then
- AC_DEFINE(USE_BCRYPT, 1, [Define to allow the bcrypt password encryption algorithm])
---- a/libsubid/Makefile.am
-+++ b/libsubid/Makefile.am
-@@ -1,10 +1,6 @@
- lib_LTLIBRARIES = libsubid.la
--if ENABLE_SHARED
--libsubid_la_LDFLAGS = -Wl,-soname,libsubid.so.@LIBSUBID_ABI@ \
-- -shared -version-info @LIBSUBID_ABI_MAJOR@
--endif
- libsubid_la_SOURCES = api.c
--libsubid_la_LDFLAGS = -export-symbols-regex '^subid_'
-+libsubid_la_LDFLAGS = -version-info @LIBSUBID_ABI_MAJOR@ -export-symbols-regex '^subid_'
-
- pkginclude_HEADERS = subid.h
-
diff --git a/sys-apps/shadow/files/shadow-4.9-SHA-rounds.patch b/sys-apps/shadow/files/shadow-4.9-SHA-rounds.patch
deleted file mode 100644
index 05be7adc1b19..000000000000
--- a/sys-apps/shadow/files/shadow-4.9-SHA-rounds.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From 234e8fa7b134d1ebabfdad980a3ae5b63c046c62 Mon Sep 17 00:00:00 2001
-From: Mike Gilbert <floppym@gentoo.org>
-Date: Sat, 14 Aug 2021 13:24:34 -0400
-Subject: [PATCH] libmisc: fix default value in SHA_get_salt_rounds()
-
-If SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS are both unspecified,
-use SHA_ROUNDS_DEFAULT.
-
-Previously, the code fell through, calling shadow_random(-1, -1). This
-ultimately set rounds = (unsigned long) -1, which ends up being a very
-large number! This then got capped to SHA_ROUNDS_MAX later in the
-function.
-
-The new behavior matches BCRYPT_get_salt_rounds().
-
-Bug: https://bugs.gentoo.org/808195
-Fixes: https://github.com/shadow-maint/shadow/issues/393
----
- libmisc/salt.c | 21 +++++++++++----------
- 1 file changed, 11 insertions(+), 10 deletions(-)
-
-diff --git a/libmisc/salt.c b/libmisc/salt.c
-index 91d528fd..30eefb9c 100644
---- a/libmisc/salt.c
-+++ b/libmisc/salt.c
-@@ -223,20 +223,21 @@ static /*@observer@*/const unsigned long SHA_get_salt_rounds (/*@null@*/int *pre
- if ((-1 == min_rounds) && (-1 == max_rounds)) {
- rounds = SHA_ROUNDS_DEFAULT;
- }
-+ else {
-+ if (-1 == min_rounds) {
-+ min_rounds = max_rounds;
-+ }
-
-- if (-1 == min_rounds) {
-- min_rounds = max_rounds;
-- }
-+ if (-1 == max_rounds) {
-+ max_rounds = min_rounds;
-+ }
-
-- if (-1 == max_rounds) {
-- max_rounds = min_rounds;
-- }
-+ if (min_rounds > max_rounds) {
-+ max_rounds = min_rounds;
-+ }
-
-- if (min_rounds > max_rounds) {
-- max_rounds = min_rounds;
-+ rounds = (unsigned long) shadow_random (min_rounds, max_rounds);
- }
--
-- rounds = (unsigned long) shadow_random (min_rounds, max_rounds);
- } else if (0 == *prefered_rounds) {
- rounds = SHA_ROUNDS_DEFAULT;
- } else {
diff --git a/sys-apps/shadow/files/shadow-4.9-configure-typo.patch b/sys-apps/shadow/files/shadow-4.9-configure-typo.patch
deleted file mode 100644
index 1a6db304a013..000000000000
--- a/sys-apps/shadow/files/shadow-4.9-configure-typo.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-https://github.com/shadow-maint/shadow/commit/049f9a7f6b320c728a6274299041e360381d7cd5
-
-From 049f9a7f6b320c728a6274299041e360381d7cd5 Mon Sep 17 00:00:00 2001
-From: Andy Zaugg <andy.zaugg@gmail.com>
-Date: Tue, 21 Sep 2021 21:51:10 -0700
-Subject: [PATCH] Fix parentheses in configure.ac
-
-Resolving issue https://github.com/shadow-maint/shadow/issues/419
---- a/configure.ac
-+++ b/configure.ac
-@@ -345,7 +345,7 @@ if test "$with_sssd" = "yes"; then
- [AC_MSG_ERROR([posix_spawn is needed for sssd support])])
- fi
-
--AS_IF([test "$with_su" != "no"], AC_DEFINE(WITH_SU, 1, [Build with su])])
-+AS_IF([test "$with_su" != "no"], AC_DEFINE(WITH_SU, 1, [Build with su]))
- AM_CONDITIONAL([WITH_SU], [test "x$with_su" != "xno"])
-
- dnl Check for some functions in libc first, only if not found check for
diff --git a/sys-apps/shadow/files/shadow-4.9-gpasswd-double-free.patch b/sys-apps/shadow/files/shadow-4.9-gpasswd-double-free.patch
deleted file mode 100644
index d7102ce03c32..000000000000
--- a/sys-apps/shadow/files/shadow-4.9-gpasswd-double-free.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-https://github.com/shadow-maint/shadow/commit/117bc66c6f95fa85ca75ecfdb8fbd3615deca0b6
-
-From 117bc66c6f95fa85ca75ecfdb8fbd3615deca0b6 Mon Sep 17 00:00:00 2001
-From: Michael Vetter <jubalh@iodoru.org>
-Date: Mon, 20 Sep 2021 11:04:50 +0200
-Subject: [PATCH] Only free sgent if it was initialized
-
-`sgent` is only initialized in `get_group()` if `is_shadowgrp` is true.
-So we should also only attempt to free it if this is actually the case.
-
-Can otherwise lead to:
-```
-free() double free detected in tcache 2 (gpasswd)
-```
---- a/src/gpasswd.c
-+++ b/src/gpasswd.c
-@@ -1207,11 +1207,13 @@ int main (int argc, char **argv)
- sssd_flush_cache (SSSD_DB_GROUP);
-
- #ifdef SHADOWGRP
-- if (sgent.sg_adm) {
-- xfree(sgent.sg_adm);
-- }
-- if (sgent.sg_mem) {
-- xfree(sgent.sg_mem);
-+ if (is_shadowgrp) {
-+ if (sgent.sg_adm) {
-+ xfree(sgent.sg_adm);
-+ }
-+ if (sgent.sg_mem) {
-+ xfree(sgent.sg_mem);
-+ }
- }
- #endif
- if (grent.gr_mem) {
diff --git a/sys-apps/shadow/files/shadow-4.9-libcrack.patch b/sys-apps/shadow/files/shadow-4.9-libcrack.patch
deleted file mode 100644
index 5c954feac1ae..000000000000
--- a/sys-apps/shadow/files/shadow-4.9-libcrack.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 6becc82e262205f8a23bf9fe1127af57286826ee Mon Sep 17 00:00:00 2001
-From: Mike Gilbert <floppym@gentoo.org>
-Date: Mon, 2 Aug 2021 11:51:44 -0400
-Subject: [PATCH] libsubid: fix build with libcrack
-
-Fixes a link failure:
-
- ../libsubid/.libs/libsubid.so: undefined reference to `FascistCheck'
-
-Bug: https://bugs.gentoo.org/806124
-Signed-off-by: Mike Gilbert <floppym@gentoo.org>
----
- libsubid/Makefile.am | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/libsubid/Makefile.am b/libsubid/Makefile.am
-index 8bba02ab..bfc982ef 100644
---- a/libsubid/Makefile.am
-+++ b/libsubid/Makefile.am
-@@ -11,6 +11,7 @@ MISCLIBS = \
- $(LIBAUDIT) \
- $(LIBSELINUX) \
- $(LIBSEMANAGE) \
-+ $(LIBCRACK) \
- $(LIBCRYPT_NOPAM) \
- $(LIBSKEY) \
- $(LIBMD) \
diff --git a/sys-apps/shadow/files/shadow-4.9-libsubid_oot_build.patch b/sys-apps/shadow/files/shadow-4.9-libsubid_oot_build.patch
deleted file mode 100644
index 6609ccd6d3a5..000000000000
--- a/sys-apps/shadow/files/shadow-4.9-libsubid_oot_build.patch
+++ /dev/null
@@ -1,109 +0,0 @@
-From 537b8cd90be7b47b45c45cfd27765ef85eb0ebf1 Mon Sep 17 00:00:00 2001
-From: Serge Hallyn <serge@hallyn.com>
-Date: Fri, 23 Jul 2021 17:51:13 -0500
-Subject: [PATCH] Fix out of tree builds with respect to libsubid includes
-
-There's a better way to do this, and I hope to clean that up,
-but this fixes out of tree builds for me right now.
-
-Closes #386
-
-Signed-off-by: Serge Hallyn <serge@hallyn.com>
----
- lib/Makefile.am | 2 ++
- libmisc/Makefile.am | 2 +-
- libsubid/Makefile.am | 4 ++--
- src/Makefile.am | 6 ++++++
- 4 files changed, 11 insertions(+), 3 deletions(-)
-
-diff --git a/lib/Makefile.am b/lib/Makefile.am
-index ecf3ee25..5ac2e111 100644
---- a/lib/Makefile.am
-+++ b/lib/Makefile.am
-@@ -10,6 +10,8 @@ if HAVE_VENDORDIR
- libshadow_la_CPPFLAGS += -DVENDORDIR=\"$(VENDORDIR)\"
- endif
-
-+libshadow_la_CPPFLAGS += -I$(top_srcdir)
-+
- libshadow_la_SOURCES = \
- commonio.c \
- commonio.h \
-diff --git a/libmisc/Makefile.am b/libmisc/Makefile.am
-index 9766a7ec..9f237e0d 100644
---- a/libmisc/Makefile.am
-+++ b/libmisc/Makefile.am
-@@ -1,7 +1,7 @@
-
- EXTRA_DIST = .indent.pro xgetXXbyYY.c
-
--AM_CPPFLAGS = -I$(top_srcdir)/lib $(ECONF_CPPFLAGS)
-+AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_srcdir) $(ECONF_CPPFLAGS)
-
- noinst_LTLIBRARIES = libmisc.la
-
-diff --git a/libsubid/Makefile.am b/libsubid/Makefile.am
-index 83051560..99308c1f 100644
---- a/libsubid/Makefile.am
-+++ b/libsubid/Makefile.am
-@@ -20,8 +20,8 @@ MISCLIBS = \
- $(LIBPAM)
-
- libsubid_la_LIBADD = \
-- $(top_srcdir)/lib/libshadow.la \
-- $(top_srcdir)/libmisc/libmisc.la \
-+ $(top_builddir)/lib/libshadow.la \
-+ $(top_builddir)/libmisc/libmisc.la \
- $(MISCLIBS) -ldl
-
- AM_CPPFLAGS = \
-diff --git a/src/Makefile.am b/src/Makefile.am
-index 35027013..7c1a3491 100644
---- a/src/Makefile.am
-+++ b/src/Makefile.am
-@@ -10,6 +10,7 @@ sgidperms = 2755
- AM_CPPFLAGS = \
- -I${top_srcdir}/lib \
- -I$(top_srcdir)/libmisc \
-+ -I$(top_srcdir) \
- -DLOCALEDIR=\"$(datadir)/locale\"
-
- # XXX why are login and su in /bin anyway (other than for
-@@ -183,6 +184,7 @@ list_subid_ranges_LDADD = \
- list_subid_ranges_CPPFLAGS = \
- -I$(top_srcdir)/lib \
- -I$(top_srcdir)/libmisc \
-+ -I$(top_srcdir) \
- -I$(top_srcdir)/libsubid
-
- get_subid_owners_LDADD = \
-@@ -194,11 +196,13 @@ get_subid_owners_LDADD = \
- get_subid_owners_CPPFLAGS = \
- -I$(top_srcdir)/lib \
- -I$(top_srcdir)/libmisc \
-+ -I$(top_srcdir) \
- -I$(top_srcdir)/libsubid
-
- new_subid_range_CPPFLAGS = \
- -I$(top_srcdir)/lib \
- -I$(top_srcdir)/libmisc \
-+ -I$(top_srcdir) \
- -I$(top_srcdir)/libsubid
-
- new_subid_range_LDADD = \
-@@ -210,6 +214,7 @@ new_subid_range_LDADD = \
- free_subid_range_CPPFLAGS = \
- -I$(top_srcdir)/lib \
- -I$(top_srcdir)/libmisc \
-+ -I$(top_srcdir) \
- -I$(top_srcdir)/libsubid
-
- free_subid_range_LDADD = \
-@@ -220,6 +225,7 @@ free_subid_range_LDADD = \
-
- check_subid_range_CPPFLAGS = \
- -I$(top_srcdir)/lib \
-+ -I$(top_srcdir) \
- -I$(top_srcdir)/libmisc
-
- check_subid_range_LDADD = \
diff --git a/sys-apps/shadow/files/shadow-4.9-libsubid_pam_linking.patch b/sys-apps/shadow/files/shadow-4.9-libsubid_pam_linking.patch
deleted file mode 100644
index 7fb03f6ff429..000000000000
--- a/sys-apps/shadow/files/shadow-4.9-libsubid_pam_linking.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From f4a84efb468b8be21be124700ce35159c444e9d6 Mon Sep 17 00:00:00 2001
-From: Xi Ruoyao <xry111@mengyan1223.wang>
-Date: Fri, 23 Jul 2021 14:38:08 +0800
-Subject: [PATCH] libsubid: link to PAM libraries
-
-libsubid.so links to libmisc.a, which contains several routines referring to
-PAM functions.
----
- libsubid/Makefile.am | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/libsubid/Makefile.am b/libsubid/Makefile.am
-index 189165b0..83051560 100644
---- a/libsubid/Makefile.am
-+++ b/libsubid/Makefile.am
-@@ -16,7 +16,8 @@ MISCLIBS = \
- $(LIBCRYPT) \
- $(LIBACL) \
- $(LIBATTR) \
-- $(LIBTCB)
-+ $(LIBTCB) \
-+ $(LIBPAM)
-
- libsubid_la_LIBADD = \
- $(top_srcdir)/lib/libshadow.la \
---
-2.32.0
-
diff --git a/sys-apps/shadow/shadow-4.10-r4.ebuild b/sys-apps/shadow/shadow-4.10-r4.ebuild
deleted file mode 100644
index af2ce039df60..000000000000
--- a/sys-apps/shadow/shadow-4.10-r4.ebuild
+++ /dev/null
@@ -1,257 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit autotools pam
-
-DESCRIPTION="Utilities to deal with user accounts"
-HOMEPAGE="https://github.com/shadow-maint/shadow"
-SRC_URI="https://github.com/shadow-maint/shadow/releases/download/v${PV}/${P}.tar.xz"
-
-LICENSE="BSD GPL-2"
-# Subslot is for libsubid's SONAME.
-SLOT="0/4"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
-IUSE="acl audit bcrypt cracklib nls pam selinux skey split-usr su xattr"
-# Taken from the man/Makefile.am file.
-LANGS=( cs da de es fi fr hu id it ja ko pl pt_BR ru sv tr zh_CN zh_TW )
-
-REQUIRED_USE="?? ( cracklib pam )"
-
-BDEPEND="
- app-arch/xz-utils
- sys-devel/gettext
-"
-COMMON_DEPEND="
- virtual/libcrypt:=
- acl? ( sys-apps/acl:0= )
- audit? ( >=sys-process/audit-2.6:0= )
- cracklib? ( >=sys-libs/cracklib-2.7-r3:0= )
- nls? ( virtual/libintl )
- pam? ( sys-libs/pam:0= )
- skey? ( sys-auth/skey:0= )
- selinux? (
- >=sys-libs/libselinux-1.28:0=
- sys-libs/libsemanage:0=
- )
- xattr? ( sys-apps/attr:0= )
-"
-DEPEND="${COMMON_DEPEND}
- >=sys-kernel/linux-headers-4.14
-"
-RDEPEND="${COMMON_DEPEND}
- !<sys-apps/man-pages-5.11-r1
- !=sys-apps/man-pages-5.12-r0
- !=sys-apps/man-pages-5.12-r1
- nls? (
- !<app-i18n/man-pages-it-5.06-r1
- !<app-i18n/man-pages-ja-20180315-r1
- !<app-i18n/man-pages-ru-5.03.2390.2390.20191017-r1
- )
- pam? ( >=sys-auth/pambase-20150213 )
- su? ( !sys-apps/util-linux[su(-)] )
-"
-
-PATCHES=(
- "${FILESDIR}/${PN}-4.1.3-dots-in-usernames.patch"
- "${FILESDIR}/${PN}-4.10-libsubid-soname.patch"
-)
-
-src_prepare() {
- default
-
- eautoreconf
- #elibtoolize
-}
-
-src_configure() {
- local myeconfargs=(
- --disable-account-tools-setuid
- --disable-static
- --with-btrfs
- --without-group-name-max-length
- --without-tcb
- $(use_enable nls)
- $(use_with acl)
- $(use_with audit)
- $(use_with bcrypt)
- $(use_with cracklib libcrack)
- $(use_with elibc_glibc nscd)
- $(use_with pam libpam)
- $(use_with selinux)
- $(use_with skey)
- $(use_with su)
- $(use_with xattr attr)
- )
- econf "${myeconfargs[@]}"
-
- if use nls ; then
- local l langs="po" # These are the pot files.
- for l in ${LANGS[*]} ; do
- has ${l} ${LINGUAS-${l}} && langs+=" ${l}"
- done
- sed -i "/^SUBDIRS = /s:=.*:= ${langs}:" man/Makefile || die
- fi
-}
-
-set_login_opt() {
- local comment="" opt=${1} val=${2}
- if [[ -z ${val} ]]; then
- comment="#"
- sed -i \
- -e "/^${opt}\>/s:^:#:" \
- "${ED}"/etc/login.defs || die
- else
- sed -i -r \
- -e "/^#?${opt}\>/s:.*:${opt} ${val}:" \
- "${ED}"/etc/login.defs
- fi
- local res=$(grep "^${comment}${opt}\>" "${ED}"/etc/login.defs)
- einfo "${res:-Unable to find ${opt} in /etc/login.defs}"
-}
-
-src_install() {
- emake DESTDIR="${D}" suidperms=4711 install
-
- # 4.9 regression: https://github.com/shadow-maint/shadow/issues/389
- emake DESTDIR="${D}" -C man install
-
- find "${ED}" -name '*.la' -type f -delete || die
-
- insinto /etc
- if ! use pam ; then
- insopts -m0600
- doins etc/login.access etc/limits
- fi
-
- # needed for 'useradd -D'
- insinto /etc/default
- insopts -m0600
- doins "${FILESDIR}"/default/useradd
-
- if use split-usr ; then
- # move passwd to / to help recover broke systems #64441
- # We cannot simply remove this or else net-misc/scponly
- # and other tools will break because of hardcoded passwd
- # location
- dodir /bin
- mv "${ED}"/usr/bin/passwd "${ED}"/bin/ || die
- dosym ../../bin/passwd /usr/bin/passwd
- fi
-
- cd "${S}" || die
- insinto /etc
- insopts -m0644
- newins etc/login.defs login.defs
-
- set_login_opt CREATE_HOME yes
- if ! use pam ; then
- set_login_opt MAIL_CHECK_ENAB no
- set_login_opt SU_WHEEL_ONLY yes
- set_login_opt CRACKLIB_DICTPATH /usr/lib/cracklib_dict
- set_login_opt LOGIN_RETRIES 3
- set_login_opt ENCRYPT_METHOD SHA512
- set_login_opt CONSOLE
- else
- dopamd "${FILESDIR}"/pam.d-include/shadow
-
- for x in chsh shfn ; do
- newpamd "${FILESDIR}"/pam.d-include/passwd ${x}
- done
-
- for x in chpasswd newusers ; do
- newpamd "${FILESDIR}"/pam.d-include/chpasswd ${x}
- done
-
- newpamd "${FILESDIR}"/pam.d-include/shadow-r1 groupmems
-
- # comment out login.defs options that pam hates
- local opt sed_args=()
- for opt in \
- CHFN_AUTH \
- CONSOLE \
- CRACKLIB_DICTPATH \
- ENV_HZ \
- ENVIRON_FILE \
- FAILLOG_ENAB \
- FTMP_FILE \
- LASTLOG_ENAB \
- MAIL_CHECK_ENAB \
- MOTD_FILE \
- NOLOGINS_FILE \
- OBSCURE_CHECKS_ENAB \
- PASS_ALWAYS_WARN \
- PASS_CHANGE_TRIES \
- PASS_MIN_LEN \
- PORTTIME_CHECKS_ENAB \
- QUOTAS_ENAB \
- SU_WHEEL_ONLY
- do
- set_login_opt ${opt}
- sed_args+=( -e "/^#${opt}\>/b pamnote" )
- done
- sed -i "${sed_args[@]}" \
- -e 'b exit' \
- -e ': pamnote; i# NOTE: This setting should be configured via /etc/pam.d/ and not in this file.' \
- -e ': exit' \
- "${ED}"/etc/login.defs || die
-
- # remove manpages that pam will install for us
- # and/or don't apply when using pam
- find "${ED}"/usr/share/man -type f \
- '(' -name 'limits.5*' -o -name 'suauth.5*' ')' \
- -delete
-
- # Remove pam.d files provided by pambase.
- rm "${ED}"/etc/pam.d/{login,passwd} || die
- if use su ; then
- rm "${ED}"/etc/pam.d/su || die
- fi
- fi
-
- # Remove manpages that are handled by other packages
- find "${ED}"/usr/share/man -type f \
- '(' -name id.1 -o -name getspnam.3 ')' \
- -delete || die
-
- if ! use su ; then
- find "${ED}"/usr/share/man -type f -name su.1 -delete || die
- fi
-
- cd "${S}" || die
- dodoc ChangeLog NEWS TODO
- newdoc README README.download
- cd doc || die
- dodoc HOWTO README* WISHLIST *.txt
-}
-
-pkg_preinst() {
- rm -f "${EROOT}"/etc/pam.d/system-auth.new \
- "${EROOT}/etc/login.defs.new"
-}
-
-pkg_postinst() {
- # Missing entries from /etc/passwd can cause odd system blips.
- # See bug #829872.
- if ! pwck -r -q -R "${EROOT:-/}" &>/dev/null ; then
- ewarn "Running 'pwck' returned errors. Please run it manually to fix any errors."
- fi
-
- # Enable shadow groups.
- if [ ! -f "${EROOT}"/etc/gshadow ] ; then
- if grpck -r -R "${EROOT:-/}" 2>/dev/null ; then
- grpconv -R "${EROOT:-/}"
- else
- ewarn "Running 'grpck' returned errors. Please run it by hand, and then"
- ewarn "run 'grpconv' afterwards!"
- fi
- fi
-
- [[ ! -f "${EROOT}"/etc/subgid ]] &&
- touch "${EROOT}"/etc/subgid
- [[ ! -f "${EROOT}"/etc/subuid ]] &&
- touch "${EROOT}"/etc/subuid
-
- einfo "The 'adduser' symlink to 'useradd' has been dropped."
-}
diff --git a/sys-apps/shadow/shadow-4.8.1-r4.ebuild b/sys-apps/shadow/shadow-4.8.1-r4.ebuild
deleted file mode 100644
index 8471d2236d9d..000000000000
--- a/sys-apps/shadow/shadow-4.8.1-r4.ebuild
+++ /dev/null
@@ -1,247 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit autotools pam
-
-DESCRIPTION="Utilities to deal with user accounts"
-HOMEPAGE="https://github.com/shadow-maint/shadow"
-SRC_URI="https://github.com/shadow-maint/shadow/releases/download/${PV}/${P}.tar.xz"
-
-LICENSE="BSD GPL-2"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86"
-IUSE="acl audit bcrypt cracklib nls pam selinux skey split-usr +su xattr"
-# Taken from the man/Makefile.am file.
-LANGS=( cs da de es fi fr hu id it ja ko pl pt_BR ru sv tr zh_CN zh_TW )
-
-REQUIRED_USE="?? ( cracklib pam )"
-
-BDEPEND="
- app-arch/xz-utils
- sys-devel/gettext
-"
-COMMON_DEPEND="
- virtual/libcrypt:=
- acl? ( sys-apps/acl:0= )
- audit? ( >=sys-process/audit-2.6:0= )
- cracklib? ( >=sys-libs/cracklib-2.7-r3:0= )
- nls? ( virtual/libintl )
- pam? ( sys-libs/pam:0= )
- skey? ( sys-auth/skey:0= )
- selinux? (
- >=sys-libs/libselinux-1.28:0=
- sys-libs/libsemanage:0=
- )
- xattr? ( sys-apps/attr:0= )
-"
-DEPEND="${COMMON_DEPEND}
- >=sys-kernel/linux-headers-4.14
-"
-RDEPEND="${COMMON_DEPEND}
- !<sys-apps/man-pages-5.11-r1
- !=sys-apps/man-pages-5.12-r0
- !=sys-apps/man-pages-5.12-r1
- nls? (
- !<app-i18n/man-pages-it-5.06-r1
- !<app-i18n/man-pages-ja-20180315-r1
- !<app-i18n/man-pages-ru-5.03.2390.2390.20191017-r1
- )
- pam? ( >=sys-auth/pambase-20150213 )
- su? ( !sys-apps/util-linux[su(-)] )
-"
-
-PATCHES=(
- "${FILESDIR}/${PN}-4.1.3-dots-in-usernames.patch"
-)
-
-src_prepare() {
- default
- eautoreconf
- #elibtoolize
-}
-
-src_configure() {
- local myeconfargs=(
- --disable-account-tools-setuid
- --enable-shared=no
- --enable-static=yes
- --with-btrfs
- --without-group-name-max-length
- --without-tcb
- $(use_enable nls)
- $(use_with acl)
- $(use_with audit)
- $(use_with bcrypt)
- $(use_with cracklib libcrack)
- $(use_with elibc_glibc nscd)
- $(use_with pam libpam)
- $(use_with selinux)
- $(use_with skey)
- $(use_with su)
- $(use_with xattr attr)
- )
- econf "${myeconfargs[@]}"
-
- if use nls ; then
- local l langs="po" # These are the pot files.
- for l in ${LANGS[*]} ; do
- has ${l} ${LINGUAS-${l}} && langs+=" ${l}"
- done
- sed -i "/^SUBDIRS = /s:=.*:= ${langs}:" man/Makefile || die
- fi
-}
-
-set_login_opt() {
- local comment="" opt=${1} val=${2}
- if [[ -z ${val} ]]; then
- comment="#"
- sed -i \
- -e "/^${opt}\>/s:^:#:" \
- "${ED}"/etc/login.defs || die
- else
- sed -i -r \
- -e "/^#?${opt}\>/s:.*:${opt} ${val}:" \
- "${ED}"/etc/login.defs
- fi
- local res=$(grep "^${comment}${opt}\>" "${ED}"/etc/login.defs)
- einfo "${res:-Unable to find ${opt} in /etc/login.defs}"
-}
-
-src_install() {
- emake DESTDIR="${D}" suidperms=4711 install
-
- # Remove libshadow and libmisc; see bug 37725 and the following
- # comment from shadow's README.linux:
- # Currently, libshadow.a is for internal use only, so if you see
- # -lshadow in a Makefile of some other package, it is safe to
- # remove it.
- rm -f "${ED}"/{,usr/}$(get_libdir)/lib{misc,shadow}.{a,la}
-
- insinto /etc
- if ! use pam ; then
- insopts -m0600
- doins etc/login.access etc/limits
- fi
-
- # needed for 'useradd -D'
- insinto /etc/default
- insopts -m0600
- doins "${FILESDIR}"/default/useradd
-
- if use split-usr ; then
- # move passwd to / to help recover broke systems #64441
- # We cannot simply remove this or else net-misc/scponly
- # and other tools will break because of hardcoded passwd
- # location
- dodir /bin
- mv "${ED}"/usr/bin/passwd "${ED}"/bin/ || die
- dosym ../../bin/passwd /usr/bin/passwd
- fi
-
- cd "${S}" || die
- insinto /etc
- insopts -m0644
- newins etc/login.defs login.defs
-
- set_login_opt CREATE_HOME yes
- if ! use pam ; then
- set_login_opt MAIL_CHECK_ENAB no
- set_login_opt SU_WHEEL_ONLY yes
- set_login_opt CRACKLIB_DICTPATH /usr/lib/cracklib_dict
- set_login_opt LOGIN_RETRIES 3
- set_login_opt ENCRYPT_METHOD SHA512
- set_login_opt CONSOLE
- else
- dopamd "${FILESDIR}"/pam.d-include/shadow
-
- for x in chsh shfn ; do
- newpamd "${FILESDIR}"/pam.d-include/passwd ${x}
- done
-
- for x in chpasswd newusers ; do
- newpamd "${FILESDIR}"/pam.d-include/chpasswd ${x}
- done
-
- newpamd "${FILESDIR}"/pam.d-include/shadow-r1 groupmems
-
- # comment out login.defs options that pam hates
- local opt sed_args=()
- for opt in \
- CHFN_AUTH \
- CONSOLE \
- CRACKLIB_DICTPATH \
- ENV_HZ \
- ENVIRON_FILE \
- FAILLOG_ENAB \
- FTMP_FILE \
- LASTLOG_ENAB \
- MAIL_CHECK_ENAB \
- MOTD_FILE \
- NOLOGINS_FILE \
- OBSCURE_CHECKS_ENAB \
- PASS_ALWAYS_WARN \
- PASS_CHANGE_TRIES \
- PASS_MIN_LEN \
- PORTTIME_CHECKS_ENAB \
- QUOTAS_ENAB \
- SU_WHEEL_ONLY
- do
- set_login_opt ${opt}
- sed_args+=( -e "/^#${opt}\>/b pamnote" )
- done
- sed -i "${sed_args[@]}" \
- -e 'b exit' \
- -e ': pamnote; i# NOTE: This setting should be configured via /etc/pam.d/ and not in this file.' \
- -e ': exit' \
- "${ED}"/etc/login.defs || die
-
- # remove manpages that pam will install for us
- # and/or don't apply when using pam
- find "${ED}"/usr/share/man -type f \
- '(' -name 'limits.5*' -o -name 'suauth.5*' ')' \
- -delete
-
- # Remove pam.d files provided by pambase.
- rm "${ED}"/etc/pam.d/{login,passwd} || die
- if use su ; then
- rm "${ED}"/etc/pam.d/su || die
- fi
- fi
-
- # Remove manpages that are handled by other packages
- find "${ED}"/usr/share/man -type f \
- '(' -name id.1 -o -name getspnam.3 ')' \
- -delete
-
- cd "${S}" || die
- dodoc ChangeLog NEWS TODO
- newdoc README README.download
- cd doc || die
- dodoc HOWTO README* WISHLIST *.txt
-}
-
-pkg_preinst() {
- rm -f "${EROOT}"/etc/pam.d/system-auth.new \
- "${EROOT}/etc/login.defs.new"
-}
-
-pkg_postinst() {
- # Enable shadow groups.
- if [ ! -f "${EROOT}"/etc/gshadow ] ; then
- if grpck -r -R "${EROOT}" 2>/dev/null ; then
- grpconv -R "${EROOT}"
- else
- ewarn "Running 'grpck' returned errors. Please run it by hand, and then"
- ewarn "run 'grpconv' afterwards!"
- fi
- fi
-
- [[ ! -f "${EROOT}"/etc/subgid ]] &&
- touch "${EROOT}"/etc/subgid
- [[ ! -f "${EROOT}"/etc/subuid ]] &&
- touch "${EROOT}"/etc/subuid
-
- einfo "The 'adduser' symlink to 'useradd' has been dropped."
-}
diff --git a/sys-apps/shadow/shadow-4.9-r3.ebuild b/sys-apps/shadow/shadow-4.9-r3.ebuild
deleted file mode 100644
index 6d6e13ab4822..000000000000
--- a/sys-apps/shadow/shadow-4.9-r3.ebuild
+++ /dev/null
@@ -1,247 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit autotools pam
-
-DESCRIPTION="Utilities to deal with user accounts"
-HOMEPAGE="https://github.com/shadow-maint/shadow"
-SRC_URI="https://github.com/shadow-maint/shadow/releases/download/v${PV}/${P}.tar.xz"
-
-LICENSE="BSD GPL-2"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86"
-IUSE="acl audit bcrypt cracklib nls pam selinux skey split-usr +su xattr"
-# Taken from the man/Makefile.am file.
-LANGS=( cs da de es fi fr hu id it ja ko pl pt_BR ru sv tr zh_CN zh_TW )
-
-REQUIRED_USE="?? ( cracklib pam )"
-
-BDEPEND="
- app-arch/xz-utils
- sys-devel/gettext
-"
-COMMON_DEPEND="
- virtual/libcrypt:=
- acl? ( sys-apps/acl:0= )
- audit? ( >=sys-process/audit-2.6:0= )
- cracklib? ( >=sys-libs/cracklib-2.7-r3:0= )
- nls? ( virtual/libintl )
- pam? ( sys-libs/pam:0= )
- skey? ( sys-auth/skey:0= )
- selinux? (
- >=sys-libs/libselinux-1.28:0=
- sys-libs/libsemanage:0=
- )
- xattr? ( sys-apps/attr:0= )
-"
-DEPEND="${COMMON_DEPEND}
- >=sys-kernel/linux-headers-4.14
-"
-RDEPEND="${COMMON_DEPEND}
- !<sys-apps/man-pages-5.11-r1
- !=sys-apps/man-pages-5.12-r0
- !=sys-apps/man-pages-5.12-r1
- nls? (
- !<app-i18n/man-pages-it-5.06-r1
- !<app-i18n/man-pages-ja-20180315-r1
- !<app-i18n/man-pages-ru-5.03.2390.2390.20191017-r1
- )
- pam? ( >=sys-auth/pambase-20150213 )
- su? ( !sys-apps/util-linux[su(-)] )
-"
-
-PATCHES=(
- "${FILESDIR}/${PN}-4.1.3-dots-in-usernames.patch"
- "${FILESDIR}/${P}-libsubid_pam_linking.patch"
- "${FILESDIR}/${P}-libsubid_oot_build.patch"
- "${FILESDIR}/shadow-4.9-libcrack.patch"
- "${FILESDIR}/shadow-4.9-SHA-rounds.patch"
-)
-
-src_prepare() {
- default
- eautoreconf
- #elibtoolize
-}
-
-src_configure() {
- local myeconfargs=(
- --disable-account-tools-setuid
- --with-btrfs
- --without-group-name-max-length
- --without-tcb
- $(use_enable nls)
- $(use_with acl)
- $(use_with audit)
- $(use_with bcrypt)
- $(use_with cracklib libcrack)
- $(use_with elibc_glibc nscd)
- $(use_with pam libpam)
- $(use_with selinux)
- $(use_with skey)
- $(use_with su)
- $(use_with xattr attr)
- )
- econf "${myeconfargs[@]}"
-
- if use nls ; then
- local l langs="po" # These are the pot files.
- for l in ${LANGS[*]} ; do
- has ${l} ${LINGUAS-${l}} && langs+=" ${l}"
- done
- sed -i "/^SUBDIRS = /s:=.*:= ${langs}:" man/Makefile || die
- fi
-}
-
-set_login_opt() {
- local comment="" opt=${1} val=${2}
- if [[ -z ${val} ]]; then
- comment="#"
- sed -i \
- -e "/^${opt}\>/s:^:#:" \
- "${ED}"/etc/login.defs || die
- else
- sed -i -r \
- -e "/^#?${opt}\>/s:.*:${opt} ${val}:" \
- "${ED}"/etc/login.defs
- fi
- local res=$(grep "^${comment}${opt}\>" "${ED}"/etc/login.defs)
- einfo "${res:-Unable to find ${opt} in /etc/login.defs}"
-}
-
-src_install() {
- emake DESTDIR="${D}" suidperms=4711 install
-
- # 4.9 regression: https://github.com/shadow-maint/shadow/issues/389
- emake DESTDIR="${D}" -C man install
-
- find "${ED}" -name '*.la' -type f -delete || die
-
- insinto /etc
- if ! use pam ; then
- insopts -m0600
- doins etc/login.access etc/limits
- fi
-
- # needed for 'useradd -D'
- insinto /etc/default
- insopts -m0600
- doins "${FILESDIR}"/default/useradd
-
- if use split-usr ; then
- # move passwd to / to help recover broke systems #64441
- # We cannot simply remove this or else net-misc/scponly
- # and other tools will break because of hardcoded passwd
- # location
- dodir /bin
- mv "${ED}"/usr/bin/passwd "${ED}"/bin/ || die
- dosym ../../bin/passwd /usr/bin/passwd
- fi
-
- cd "${S}" || die
- insinto /etc
- insopts -m0644
- newins etc/login.defs login.defs
-
- set_login_opt CREATE_HOME yes
- if ! use pam ; then
- set_login_opt MAIL_CHECK_ENAB no
- set_login_opt SU_WHEEL_ONLY yes
- set_login_opt CRACKLIB_DICTPATH /usr/lib/cracklib_dict
- set_login_opt LOGIN_RETRIES 3
- set_login_opt ENCRYPT_METHOD SHA512
- set_login_opt CONSOLE
- else
- dopamd "${FILESDIR}"/pam.d-include/shadow
-
- for x in chsh shfn ; do
- newpamd "${FILESDIR}"/pam.d-include/passwd ${x}
- done
-
- for x in chpasswd newusers ; do
- newpamd "${FILESDIR}"/pam.d-include/chpasswd ${x}
- done
-
- newpamd "${FILESDIR}"/pam.d-include/shadow-r1 groupmems
-
- # comment out login.defs options that pam hates
- local opt sed_args=()
- for opt in \
- CHFN_AUTH \
- CONSOLE \
- CRACKLIB_DICTPATH \
- ENV_HZ \
- ENVIRON_FILE \
- FAILLOG_ENAB \
- FTMP_FILE \
- LASTLOG_ENAB \
- MAIL_CHECK_ENAB \
- MOTD_FILE \
- NOLOGINS_FILE \
- OBSCURE_CHECKS_ENAB \
- PASS_ALWAYS_WARN \
- PASS_CHANGE_TRIES \
- PASS_MIN_LEN \
- PORTTIME_CHECKS_ENAB \
- QUOTAS_ENAB \
- SU_WHEEL_ONLY
- do
- set_login_opt ${opt}
- sed_args+=( -e "/^#${opt}\>/b pamnote" )
- done
- sed -i "${sed_args[@]}" \
- -e 'b exit' \
- -e ': pamnote; i# NOTE: This setting should be configured via /etc/pam.d/ and not in this file.' \
- -e ': exit' \
- "${ED}"/etc/login.defs || die
-
- # remove manpages that pam will install for us
- # and/or don't apply when using pam
- find "${ED}"/usr/share/man -type f \
- '(' -name 'limits.5*' -o -name 'suauth.5*' ')' \
- -delete
-
- # Remove pam.d files provided by pambase.
- rm "${ED}"/etc/pam.d/{login,passwd} || die
- if use su ; then
- rm "${ED}"/etc/pam.d/su || die
- fi
- fi
-
- # Remove manpages that are handled by other packages
- find "${ED}"/usr/share/man -type f \
- '(' -name id.1 -o -name getspnam.3 ')' \
- -delete
-
- cd "${S}" || die
- dodoc ChangeLog NEWS TODO
- newdoc README README.download
- cd doc || die
- dodoc HOWTO README* WISHLIST *.txt
-}
-
-pkg_preinst() {
- rm -f "${EROOT}"/etc/pam.d/system-auth.new \
- "${EROOT}/etc/login.defs.new"
-}
-
-pkg_postinst() {
- # Enable shadow groups.
- if [ ! -f "${EROOT}"/etc/gshadow ] ; then
- if grpck -r -R "${EROOT}" 2>/dev/null ; then
- grpconv -R "${EROOT}"
- else
- ewarn "Running 'grpck' returned errors. Please run it by hand, and then"
- ewarn "run 'grpconv' afterwards!"
- fi
- fi
-
- [[ ! -f "${EROOT}"/etc/subgid ]] &&
- touch "${EROOT}"/etc/subgid
- [[ ! -f "${EROOT}"/etc/subuid ]] &&
- touch "${EROOT}"/etc/subuid
-
- einfo "The 'adduser' symlink to 'useradd' has been dropped."
-}
diff --git a/sys-apps/shadow/shadow-4.9-r4.ebuild b/sys-apps/shadow/shadow-4.9-r4.ebuild
deleted file mode 100644
index b155bff5396e..000000000000
--- a/sys-apps/shadow/shadow-4.9-r4.ebuild
+++ /dev/null
@@ -1,249 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit autotools pam
-
-DESCRIPTION="Utilities to deal with user accounts"
-HOMEPAGE="https://github.com/shadow-maint/shadow"
-SRC_URI="https://github.com/shadow-maint/shadow/releases/download/v${PV}/${P}.tar.xz"
-
-LICENSE="BSD GPL-2"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86"
-IUSE="acl audit bcrypt cracklib nls pam selinux skey split-usr +su xattr"
-# Taken from the man/Makefile.am file.
-LANGS=( cs da de es fi fr hu id it ja ko pl pt_BR ru sv tr zh_CN zh_TW )
-
-REQUIRED_USE="?? ( cracklib pam )"
-
-BDEPEND="
- app-arch/xz-utils
- sys-devel/gettext
-"
-COMMON_DEPEND="
- virtual/libcrypt:=
- acl? ( sys-apps/acl:0= )
- audit? ( >=sys-process/audit-2.6:0= )
- cracklib? ( >=sys-libs/cracklib-2.7-r3:0= )
- nls? ( virtual/libintl )
- pam? ( sys-libs/pam:0= )
- skey? ( sys-auth/skey:0= )
- selinux? (
- >=sys-libs/libselinux-1.28:0=
- sys-libs/libsemanage:0=
- )
- xattr? ( sys-apps/attr:0= )
-"
-DEPEND="${COMMON_DEPEND}
- >=sys-kernel/linux-headers-4.14
-"
-RDEPEND="${COMMON_DEPEND}
- !<sys-apps/man-pages-5.11-r1
- !=sys-apps/man-pages-5.12-r0
- !=sys-apps/man-pages-5.12-r1
- nls? (
- !<app-i18n/man-pages-it-5.06-r1
- !<app-i18n/man-pages-ja-20180315-r1
- !<app-i18n/man-pages-ru-5.03.2390.2390.20191017-r1
- )
- pam? ( >=sys-auth/pambase-20150213 )
- su? ( !sys-apps/util-linux[su(-)] )
-"
-
-PATCHES=(
- "${FILESDIR}/${PN}-4.1.3-dots-in-usernames.patch"
- "${FILESDIR}/${P}-libsubid_pam_linking.patch"
- "${FILESDIR}/${P}-libsubid_oot_build.patch"
- "${FILESDIR}/shadow-4.9-libcrack.patch"
- "${FILESDIR}/shadow-4.9-SHA-rounds.patch"
- "${FILESDIR}/${P}-gpasswd-double-free.patch"
- "${FILESDIR}/${P}-configure-typo.patch"
-)
-
-src_prepare() {
- default
- eautoreconf
- #elibtoolize
-}
-
-src_configure() {
- local myeconfargs=(
- --disable-account-tools-setuid
- --with-btrfs
- --without-group-name-max-length
- --without-tcb
- $(use_enable nls)
- $(use_with acl)
- $(use_with audit)
- $(use_with bcrypt)
- $(use_with cracklib libcrack)
- $(use_with elibc_glibc nscd)
- $(use_with pam libpam)
- $(use_with selinux)
- $(use_with skey)
- $(use_with su)
- $(use_with xattr attr)
- )
- econf "${myeconfargs[@]}"
-
- if use nls ; then
- local l langs="po" # These are the pot files.
- for l in ${LANGS[*]} ; do
- has ${l} ${LINGUAS-${l}} && langs+=" ${l}"
- done
- sed -i "/^SUBDIRS = /s:=.*:= ${langs}:" man/Makefile || die
- fi
-}
-
-set_login_opt() {
- local comment="" opt=${1} val=${2}
- if [[ -z ${val} ]]; then
- comment="#"
- sed -i \
- -e "/^${opt}\>/s:^:#:" \
- "${ED}"/etc/login.defs || die
- else
- sed -i -r \
- -e "/^#?${opt}\>/s:.*:${opt} ${val}:" \
- "${ED}"/etc/login.defs
- fi
- local res=$(grep "^${comment}${opt}\>" "${ED}"/etc/login.defs)
- einfo "${res:-Unable to find ${opt} in /etc/login.defs}"
-}
-
-src_install() {
- emake DESTDIR="${D}" suidperms=4711 install
-
- # 4.9 regression: https://github.com/shadow-maint/shadow/issues/389
- emake DESTDIR="${D}" -C man install
-
- find "${ED}" -name '*.la' -type f -delete || die
-
- insinto /etc
- if ! use pam ; then
- insopts -m0600
- doins etc/login.access etc/limits
- fi
-
- # needed for 'useradd -D'
- insinto /etc/default
- insopts -m0600
- doins "${FILESDIR}"/default/useradd
-
- if use split-usr ; then
- # move passwd to / to help recover broke systems #64441
- # We cannot simply remove this or else net-misc/scponly
- # and other tools will break because of hardcoded passwd
- # location
- dodir /bin
- mv "${ED}"/usr/bin/passwd "${ED}"/bin/ || die
- dosym ../../bin/passwd /usr/bin/passwd
- fi
-
- cd "${S}" || die
- insinto /etc
- insopts -m0644
- newins etc/login.defs login.defs
-
- set_login_opt CREATE_HOME yes
- if ! use pam ; then
- set_login_opt MAIL_CHECK_ENAB no
- set_login_opt SU_WHEEL_ONLY yes
- set_login_opt CRACKLIB_DICTPATH /usr/lib/cracklib_dict
- set_login_opt LOGIN_RETRIES 3
- set_login_opt ENCRYPT_METHOD SHA512
- set_login_opt CONSOLE
- else
- dopamd "${FILESDIR}"/pam.d-include/shadow
-
- for x in chsh shfn ; do
- newpamd "${FILESDIR}"/pam.d-include/passwd ${x}
- done
-
- for x in chpasswd newusers ; do
- newpamd "${FILESDIR}"/pam.d-include/chpasswd ${x}
- done
-
- newpamd "${FILESDIR}"/pam.d-include/shadow-r1 groupmems
-
- # comment out login.defs options that pam hates
- local opt sed_args=()
- for opt in \
- CHFN_AUTH \
- CONSOLE \
- CRACKLIB_DICTPATH \
- ENV_HZ \
- ENVIRON_FILE \
- FAILLOG_ENAB \
- FTMP_FILE \
- LASTLOG_ENAB \
- MAIL_CHECK_ENAB \
- MOTD_FILE \
- NOLOGINS_FILE \
- OBSCURE_CHECKS_ENAB \
- PASS_ALWAYS_WARN \
- PASS_CHANGE_TRIES \
- PASS_MIN_LEN \
- PORTTIME_CHECKS_ENAB \
- QUOTAS_ENAB \
- SU_WHEEL_ONLY
- do
- set_login_opt ${opt}
- sed_args+=( -e "/^#${opt}\>/b pamnote" )
- done
- sed -i "${sed_args[@]}" \
- -e 'b exit' \
- -e ': pamnote; i# NOTE: This setting should be configured via /etc/pam.d/ and not in this file.' \
- -e ': exit' \
- "${ED}"/etc/login.defs || die
-
- # remove manpages that pam will install for us
- # and/or don't apply when using pam
- find "${ED}"/usr/share/man -type f \
- '(' -name 'limits.5*' -o -name 'suauth.5*' ')' \
- -delete
-
- # Remove pam.d files provided by pambase.
- rm "${ED}"/etc/pam.d/{login,passwd} || die
- if use su ; then
- rm "${ED}"/etc/pam.d/su || die
- fi
- fi
-
- # Remove manpages that are handled by other packages
- find "${ED}"/usr/share/man -type f \
- '(' -name id.1 -o -name getspnam.3 ')' \
- -delete
-
- cd "${S}" || die
- dodoc ChangeLog NEWS TODO
- newdoc README README.download
- cd doc || die
- dodoc HOWTO README* WISHLIST *.txt
-}
-
-pkg_preinst() {
- rm -f "${EROOT}"/etc/pam.d/system-auth.new \
- "${EROOT}/etc/login.defs.new"
-}
-
-pkg_postinst() {
- # Enable shadow groups.
- if [ ! -f "${EROOT}"/etc/gshadow ] ; then
- if grpck -r -R "${EROOT}" 2>/dev/null ; then
- grpconv -R "${EROOT}"
- else
- ewarn "Running 'grpck' returned errors. Please run it by hand, and then"
- ewarn "run 'grpconv' afterwards!"
- fi
- fi
-
- [[ ! -f "${EROOT}"/etc/subgid ]] &&
- touch "${EROOT}"/etc/subgid
- [[ ! -f "${EROOT}"/etc/subuid ]] &&
- touch "${EROOT}"/etc/subuid
-
- einfo "The 'adduser' symlink to 'useradd' has been dropped."
-}
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/shadow/, sys-apps/shadow/files/
@ 2022-11-22 20:16 Sam James
0 siblings, 0 replies; 8+ messages in thread
From: Sam James @ 2022-11-22 20:16 UTC (permalink / raw
To: gentoo-commits
commit: b12b10ffe10e090a9c84145095703ed565dff05b
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 22 19:20:37 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Nov 22 20:10:50 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b12b10ff
sys-apps/shadow: fix configure w/ clang 16
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../files/shadow-4.13-configure-clang16.patch | 38 ++++++++++++++++++++++
.../{shadow-4.13.ebuild => shadow-4.13-r1.ebuild} | 4 +++
2 files changed, 42 insertions(+)
diff --git a/sys-apps/shadow/files/shadow-4.13-configure-clang16.patch b/sys-apps/shadow/files/shadow-4.13-configure-clang16.patch
new file mode 100644
index 000000000000..4e703db93a6c
--- /dev/null
+++ b/sys-apps/shadow/files/shadow-4.13-configure-clang16.patch
@@ -0,0 +1,38 @@
+https://github.com/shadow-maint/shadow/commit/a281f241b592aec636d1b93a99e764499d68c7ef
+https://github.com/shadow-maint/shadow/pull/595
+
+From a281f241b592aec636d1b93a99e764499d68c7ef Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 21 Nov 2022 11:52:45 +0100
+Subject: [PATCH] Fix HAVE_SHADOWGRP configure check
+
+The missing #include <gshadow.h> causes the configure check to fail
+spuriously, resulting in HAVE_SHADOWGRP not being defined even
+on systems that actually have sgetsgent (such as current glibc).
+--- a/configure.ac
++++ b/configure.ac
+@@ -116,6 +116,10 @@ if test "$ac_cv_header_shadow_h" = "yes"; then
+ ac_cv_libc_shadowgrp,
+ AC_RUN_IFELSE([AC_LANG_SOURCE([
+ #include <shadow.h>
++ #ifdef HAVE_GSHADOW_H
++ #include <gshadow.h>
++ #endif
++ int
+ main()
+ {
+ struct sgrp *sg = sgetsgent("test:x::");
+
+--- a/configure
++++ b/configure
+@@ -15684,6 +15684,10 @@ else $as_nop
+ /* end confdefs.h. */
+
+ #include <shadow.h>
++ #ifdef HAVE_GSHADOW_H
++ #include <gshadow.h>
++ #endif
++ int
+ main()
+ {
+ struct sgrp *sg = sgetsgent("test:x::");
diff --git a/sys-apps/shadow/shadow-4.13.ebuild b/sys-apps/shadow/shadow-4.13-r1.ebuild
similarity index 99%
rename from sys-apps/shadow/shadow-4.13.ebuild
rename to sys-apps/shadow/shadow-4.13-r1.ebuild
index 49415126ddb3..16d90343c084 100644
--- a/sys-apps/shadow/shadow-4.13.ebuild
+++ b/sys-apps/shadow/shadow-4.13-r1.ebuild
@@ -60,6 +60,10 @@ BDEPEND="
verify-sig? ( sec-keys/openpgp-keys-sergehallyn )
"
+PATCHES=(
+ "${FILESDIR}"/${P}-configure-clang16.patch
+)
+
src_prepare() {
default
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/shadow/, sys-apps/shadow/files/
@ 2024-05-28 1:59 Sam James
0 siblings, 0 replies; 8+ messages in thread
From: Sam James @ 2024-05-28 1:59 UTC (permalink / raw
To: gentoo-commits
commit: c356f80263dd19e9bbe3379ee96afa8b0f8cc7e6
Author: Christopher Bayliss <cjbdev <AT> icloud <DOT> com>
AuthorDate: Fri May 24 00:55:35 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue May 28 01:52:34 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c356f802
sys-apps/shadow: drop 4.13-r4
Signed-off-by: Christopher Bayliss <cjbdev <AT> icloud.com>
Signed-off-by: Sam James <sam <AT> gentoo.org>
sys-apps/shadow/Manifest | 2 -
.../shadow/files/shadow-4.13-CVE-2023-29383.patch | 100 --------
.../files/shadow-4.13-configure-clang16.patch | 38 ---
.../shadow/files/shadow-4.13-password-leak.patch | 135 ----------
.../files/shadow-4.13-usermod-prefix-gid.patch | 33 ---
sys-apps/shadow/shadow-4.13-r4.ebuild | 272 ---------------------
6 files changed, 580 deletions(-)
diff --git a/sys-apps/shadow/Manifest b/sys-apps/shadow/Manifest
index 072a4174ec3d..bfea88df0e8c 100644
--- a/sys-apps/shadow/Manifest
+++ b/sys-apps/shadow/Manifest
@@ -1,5 +1,3 @@
-DIST shadow-4.13.tar.xz 1762908 BLAKE2B 315ab8a7e598aeefb50c11293e20cfa0982c3c3ae21c35ae243d09a4facf97a13c1d672990876e74ef94f5284402acf14997663743e2aaefa6cfc4369b7d24dc SHA512 2949a728c3312bef13d23138d6b79caf402781b1cb179e33b5be546c1790971ec20778d0e9cd3dbe09691d928ffcbe88e60da42fab58c69a90d5ebe5e3e2ab8e
-DIST shadow-4.13.tar.xz.asc 488 BLAKE2B de1f8285c5713a772343a2a7c638d1d13429dd4fa867d4f91d4922aa0d083b4a3110d38e8a8ab82137fdf4fecb12ba3677f3fb235401fc6438ae663fbd9bfbd2 SHA512 f8549c4e699c65721d53946d61b6127712572f7ad9ee13018ef3a25307002992aa727471c948d1bb22dcddf112715bed387d28f436123f30e153ae6bc0cd3648
DIST shadow-4.14.2.tar.xz 1799548 BLAKE2B 419f0a516753616ef691f71ec9002eef6fd7568c013ac71900d7481eff1bd9165c69d9587b7ca25800543a2eac58cfb7ce4224063e8af7b278f589640485c28f SHA512 b417dbe0fbbeced1022e64efe9dcd8b41d14779c45163e6de63891ac63f837d43f3e559f99f884099aa45282299ceb4dcb9fd29d21c9925687ff8462fe6ead2f
DIST shadow-4.14.2.tar.xz.asc 833 BLAKE2B 9e085c79ccd3aa77489eb92e947dd4875dea84be2dbcbd2b8443e70b3dc065d288171ee024f81c6c3bf44d0ebfcabbb69937a906fdb26b6622d5a369aa415e8e SHA512 47a2607fa782a48b0333e353343a32f358115bb40225ea962fab86d4a8dbed1df976eb6231baf5b95f34a13139b99d6b719521626e5d3e9c80fc4c685767d9b7
DIST shadow-4.14.6.tar.xz 1805900 BLAKE2B e910131eab6527c1222afadf02ebd7bd6a3460baf95c23cc9eefa7aa21ddb70c02e58e4f58db2cb24fa8e2996c82b11664420545a8b1af573e4e6a25ceb3f921 SHA512 994a81afbafb19622a1d0f84527f96a84b0955c4ffa5e826682ead82af7940b8e3a091514bd2075622ebdf7638643c9c6b6b7ac3e48d985278db896249d70ae6
diff --git a/sys-apps/shadow/files/shadow-4.13-CVE-2023-29383.patch b/sys-apps/shadow/files/shadow-4.13-CVE-2023-29383.patch
deleted file mode 100644
index 49868ba67c96..000000000000
--- a/sys-apps/shadow/files/shadow-4.13-CVE-2023-29383.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-From e5905c4b84d4fb90aefcd96ee618411ebfac663d Mon Sep 17 00:00:00 2001
-From: tomspiderlabs <128755403+tomspiderlabs@users.noreply.github.com>
-Date: Thu, 23 Mar 2023 23:39:38 +0000
-Subject: [PATCH] Added control character check
-
-Added control character check, returning -1 (to "err") if control characters are present.
----
- lib/fields.c | 11 +++++++----
- 1 file changed, 7 insertions(+), 4 deletions(-)
-
-diff --git a/lib/fields.c b/lib/fields.c
-index 640be931f..fb51b5829 100644
---- a/lib/fields.c
-+++ b/lib/fields.c
-@@ -21,9 +21,9 @@
- *
- * The supplied field is scanned for non-printable and other illegal
- * characters.
-- * + -1 is returned if an illegal character is present.
-- * + 1 is returned if no illegal characters are present, but the field
-- * contains a non-printable character.
-+ * + -1 is returned if an illegal or control character is present.
-+ * + 1 is returned if no illegal or control characters are present,
-+ * but the field contains a non-printable character.
- * + 0 is returned otherwise.
- */
- int valid_field (const char *field, const char *illegal)
-@@ -45,10 +45,13 @@ int valid_field (const char *field, const char *illegal)
- }
-
- if (0 == err) {
-- /* Search if there are some non-printable characters */
-+ /* Search if there are non-printable or control characters */
- for (cp = field; '\0' != *cp; cp++) {
- if (!isprint (*cp)) {
- err = 1;
-+ }
-+ if (!iscntrl (*cp)) {
-+ err = -1;
- break;
- }
- }
-From 2eaea70111f65b16d55998386e4ceb4273c19eb4 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
-Date: Fri, 31 Mar 2023 14:46:50 +0200
-Subject: [PATCH] Overhaul valid_field()
-
-e5905c4b ("Added control character check") introduced checking for
-control characters but had the logic inverted, so it rejects all
-characters that are not control ones.
-
-Cast the character to `unsigned char` before passing to the character
-checking functions to avoid UB.
-
-Use strpbrk(3) for the illegal character test and return early.
----
- lib/fields.c | 24 ++++++++++--------------
- 1 file changed, 10 insertions(+), 14 deletions(-)
-
-diff --git a/lib/fields.c b/lib/fields.c
-index fb51b5829..539292485 100644
---- a/lib/fields.c
-+++ b/lib/fields.c
-@@ -37,26 +37,22 @@ int valid_field (const char *field, const char *illegal)
-
- /* For each character of field, search if it appears in the list
- * of illegal characters. */
-+ if (illegal && NULL != strpbrk (field, illegal)) {
-+ return -1;
-+ }
-+
-+ /* Search if there are non-printable or control characters */
- for (cp = field; '\0' != *cp; cp++) {
-- if (strchr (illegal, *cp) != NULL) {
-+ unsigned char c = *cp;
-+ if (!isprint (c)) {
-+ err = 1;
-+ }
-+ if (iscntrl (c)) {
- err = -1;
- break;
- }
- }
-
-- if (0 == err) {
-- /* Search if there are non-printable or control characters */
-- for (cp = field; '\0' != *cp; cp++) {
-- if (!isprint (*cp)) {
-- err = 1;
-- }
-- if (!iscntrl (*cp)) {
-- err = -1;
-- break;
-- }
-- }
-- }
--
- return err;
- }
-
diff --git a/sys-apps/shadow/files/shadow-4.13-configure-clang16.patch b/sys-apps/shadow/files/shadow-4.13-configure-clang16.patch
deleted file mode 100644
index 4e703db93a6c..000000000000
--- a/sys-apps/shadow/files/shadow-4.13-configure-clang16.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-https://github.com/shadow-maint/shadow/commit/a281f241b592aec636d1b93a99e764499d68c7ef
-https://github.com/shadow-maint/shadow/pull/595
-
-From a281f241b592aec636d1b93a99e764499d68c7ef Mon Sep 17 00:00:00 2001
-From: Florian Weimer <fweimer@redhat.com>
-Date: Mon, 21 Nov 2022 11:52:45 +0100
-Subject: [PATCH] Fix HAVE_SHADOWGRP configure check
-
-The missing #include <gshadow.h> causes the configure check to fail
-spuriously, resulting in HAVE_SHADOWGRP not being defined even
-on systems that actually have sgetsgent (such as current glibc).
---- a/configure.ac
-+++ b/configure.ac
-@@ -116,6 +116,10 @@ if test "$ac_cv_header_shadow_h" = "yes"; then
- ac_cv_libc_shadowgrp,
- AC_RUN_IFELSE([AC_LANG_SOURCE([
- #include <shadow.h>
-+ #ifdef HAVE_GSHADOW_H
-+ #include <gshadow.h>
-+ #endif
-+ int
- main()
- {
- struct sgrp *sg = sgetsgent("test:x::");
-
---- a/configure
-+++ b/configure
-@@ -15684,6 +15684,10 @@ else $as_nop
- /* end confdefs.h. */
-
- #include <shadow.h>
-+ #ifdef HAVE_GSHADOW_H
-+ #include <gshadow.h>
-+ #endif
-+ int
- main()
- {
- struct sgrp *sg = sgetsgent("test:x::");
diff --git a/sys-apps/shadow/files/shadow-4.13-password-leak.patch b/sys-apps/shadow/files/shadow-4.13-password-leak.patch
deleted file mode 100644
index 25b5ec39c5f8..000000000000
--- a/sys-apps/shadow/files/shadow-4.13-password-leak.patch
+++ /dev/null
@@ -1,135 +0,0 @@
-https://github.com/shadow-maint/shadow/commit/65c88a43a23c2391dcc90c0abda3e839e9c57904
-
-From 65c88a43a23c2391dcc90c0abda3e839e9c57904 Mon Sep 17 00:00:00 2001
-From: Alejandro Colomar <alx@kernel.org>
-Date: Sat, 10 Jun 2023 16:20:05 +0200
-Subject: [PATCH] gpasswd(1): Fix password leak
-
-How to trigger this password leak?
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-When gpasswd(1) asks for the new password, it asks twice (as is usual
-for confirming the new password). Each of those 2 password prompts
-uses agetpass() to get the password. If the second agetpass() fails,
-the first password, which has been copied into the 'static' buffer
-'pass' via STRFCPY(), wasn't being zeroed.
-
-agetpass() is defined in <./libmisc/agetpass.c> (around line 91), and
-can fail for any of the following reasons:
-
-- malloc(3) or readpassphrase(3) failure.
-
- These are going to be difficult to trigger. Maybe getting the system
- to the limits of memory utilization at that exact point, so that the
- next malloc(3) gets ENOMEM, and possibly even the OOM is triggered.
- About readpassphrase(3), ENFILE and EINTR seem the only plausible
- ones, and EINTR probably requires privilege or being the same user;
- but I wouldn't discard ENFILE so easily, if a process starts opening
- files.
-
-- The password is longer than PASS_MAX.
-
- The is plausible with physical access. However, at that point, a
- keylogger will be a much simpler attack.
-
-And, the attacker must be able to know when the second password is being
-introduced, which is not going to be easy.
-
-How to read the password after the leak?
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Provoking the leak yourself at the right point by entering a very long
-password is easy, and inspecting the process stack at that point should
-be doable. Try to find some consistent patterns.
-
-Then, search for those patterns in free memory, right after the victim
-leaks their password.
-
-Once you get the leak, a program should read all the free memory
-searching for patterns that gpasswd(1) leaves nearby the leaked
-password.
-
-On 6/10/23 03:14, Seth Arnold wrote:
-> An attacker process wouldn't be able to use malloc(3) for this task.
-> There's a handful of tools available for userspace to allocate memory:
->
-> - brk / sbrk
-> - mmap MAP_ANONYMOUS
-> - mmap /dev/zero
-> - mmap some other file
-> - shm_open
-> - shmget
->
-> Most of these return only pages of zeros to a process. Using mmap of an
-> existing file, you can get some of the contents of the file demand-loaded
-> into the memory space on the first use.
->
-> The MAP_UNINITIALIZED flag only works if the kernel was compiled with
-> CONFIG_MMAP_ALLOW_UNINITIALIZED. This is rare.
->
-> malloc(3) doesn't zero memory, to our collective frustration, but all the
-> garbage in the allocations is from previous allocations in the current
-> process. It isn't leftover from other processes.
->
-> The avenues available for reading the memory:
-> - /dev/mem and /dev/kmem (requires root, not available with Secure Boot)
-> - /proc/pid/mem (requires ptrace privileges, mediated by YAMA)
-> - ptrace (requires ptrace privileges, mediated by YAMA)
-> - causing memory to be swapped to disk, and then inspecting the swap
->
-> These all require a certain amount of privileges.
-
-How to fix it?
-~~~~~~~~~~~~~
-
-memzero(), which internally calls explicit_bzero(3), or whatever
-alternative the system provides with a slightly different name, will
-make sure that the buffer is zeroed in memory, and optimizations are not
-allowed to impede this zeroing.
-
-This is not really 100% effective, since compilers may place copies of
-the string somewhere hidden in the stack. Those copies won't get zeroed
-by explicit_bzero(3). However, that's arguably a compiler bug, since
-compilers should make everything possible to avoid optimizing strings
-that are later passed to explicit_bzero(3). But we all know that
-sometimes it's impossible to have perfect knowledge in the compiler, so
-this is plausible. Nevertheless, there's nothing we can do against such
-issues, except minimizing the time such passwords are stored in plain
-text.
-
-Security concerns
-~~~~~~~~~~~~~~~~
-
-We believe this isn't easy to exploit. Nevertheless, and since the fix
-is trivial, this fix should probably be applied soon, and backported to
-all supported distributions, to prevent someone else having more
-imagination than us to find a way.
-
-Affected versions
-~~~~~~~~~~~~~~~~
-
-All. Bug introduced in shadow 19990709. That's the second commit in
-the git history.
-
-Fixes: 45c6603cc86c ("[svn-upgrade] Integrating new upstream version, shadow (19990709)")
-Reported-by: Alejandro Colomar <alx@kernel.org>
-Cc: Serge Hallyn <serge@hallyn.com>
-Cc: Iker Pedrosa <ipedrosa@redhat.com>
-Cc: Seth Arnold <seth.arnold@canonical.com>
-Cc: Christian Brauner <christian@brauner.io>
-Cc: Balint Reczey <rbalint@debian.org>
-Cc: Sam James <sam@gentoo.org>
-Cc: David Runge <dvzrv@archlinux.org>
-Cc: Andreas Jaeger <aj@suse.de>
-Cc: <~hallyn/shadow@lists.sr.ht>
-Signed-off-by: Alejandro Colomar <alx@kernel.org>
---- a/src/gpasswd.c
-+++ b/src/gpasswd.c
-@@ -898,6 +898,7 @@ static void change_passwd (struct group *gr)
- erase_pass (cp);
- cp = agetpass (_("Re-enter new password: "));
- if (NULL == cp) {
-+ memzero (pass, sizeof pass);
- exit (1);
- }
-
diff --git a/sys-apps/shadow/files/shadow-4.13-usermod-prefix-gid.patch b/sys-apps/shadow/files/shadow-4.13-usermod-prefix-gid.patch
deleted file mode 100644
index 50cbe699d15e..000000000000
--- a/sys-apps/shadow/files/shadow-4.13-usermod-prefix-gid.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-https://bugs.gentoo.org/903083
-https://github.com/shadow-maint/shadow/pull/691
-https://github.com/shadow-maint/shadow/commit/bd2d0079c90241f24671a7946a3ad175dc1a3aeb
-
-From fcb04de38a0ddc263288a1c450b35bfb1503d523 Mon Sep 17 00:00:00 2001
-From: Mike Gilbert <floppym@gentoo.org>
-Date: Sat, 25 Mar 2023 21:16:55 -0400
-Subject: [PATCH] usermod: respect --prefix for --gid option
-
-The --gid option accepts a group name or id. When a name is provided, it
-is resolved to an id by looking up the name in the group database
-(/etc/group).
-
-The --prefix option overides the location of the passwd and group
-databases. I suspect the --gid option was overlooked when wiring up the
---prefix option.
-
-useradd --gid already respects --prefix; this change makes usermod
-behave the same way.
-
-Fixes: b6b2c756c91806b1c3e150ea0ee4721c6cdaf9d0
-Signed-off-by: Mike Gilbert <floppym@gentoo.org>
---- a/src/usermod.c
-+++ b/src/usermod.c
-@@ -1072,7 +1072,7 @@ static void process_flags (int argc, char **argv)
- fflg = true;
- break;
- case 'g':
-- grp = getgr_nam_gid (optarg);
-+ grp = prefix_getgr_nam_gid (optarg);
- if (NULL == grp) {
- fprintf (stderr,
- _("%s: group '%s' does not exist\n"),
diff --git a/sys-apps/shadow/shadow-4.13-r4.ebuild b/sys-apps/shadow/shadow-4.13-r4.ebuild
deleted file mode 100644
index b2cbba68a664..000000000000
--- a/sys-apps/shadow/shadow-4.13-r4.ebuild
+++ /dev/null
@@ -1,272 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-# Upstream sometimes pushes releases as pre-releases before marking them
-# official. Don't keyword the pre-releases!
-# Check https://github.com/shadow-maint/shadow/releases.
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/sergehallyn.asc
-inherit libtool pam verify-sig
-
-DESCRIPTION="Utilities to deal with user accounts"
-HOMEPAGE="https://github.com/shadow-maint/shadow"
-SRC_URI="https://github.com/shadow-maint/shadow/releases/download/${PV}/${P}.tar.xz"
-SRC_URI+=" verify-sig? ( https://github.com/shadow-maint/shadow/releases/download/${PV}/${P}.tar.xz.asc )"
-
-LICENSE="BSD GPL-2"
-# Subslot is for libsubid's SONAME.
-SLOT="0/4"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86"
-IUSE="acl audit bcrypt cracklib nls pam selinux skey split-usr su xattr"
-# Taken from the man/Makefile.am file.
-LANGS=( cs da de es fi fr hu id it ja ko pl pt_BR ru sv tr zh_CN zh_TW )
-
-REQUIRED_USE="?? ( cracklib pam )"
-
-COMMON_DEPEND="
- virtual/libcrypt:=
- acl? ( sys-apps/acl:= )
- audit? ( >=sys-process/audit-2.6:= )
- cracklib? ( >=sys-libs/cracklib-2.7-r3:= )
- nls? ( virtual/libintl )
- pam? ( sys-libs/pam:= )
- skey? ( sys-auth/skey:= )
- selinux? (
- >=sys-libs/libselinux-1.28:=
- sys-libs/libsemanage:=
- )
- xattr? ( sys-apps/attr:= )
-"
-DEPEND="
- ${COMMON_DEPEND}
- >=sys-kernel/linux-headers-4.14
-"
-RDEPEND="
- ${COMMON_DEPEND}
- !<sys-apps/man-pages-5.11-r1
- !=sys-apps/man-pages-5.12-r0
- !=sys-apps/man-pages-5.12-r1
- nls? (
- !<app-i18n/man-pages-it-5.06-r1
- !<app-i18n/man-pages-ja-20180315-r1
- !<app-i18n/man-pages-ru-5.03.2390.2390.20191017-r1
- )
- pam? ( >=sys-auth/pambase-20150213 )
- su? ( !sys-apps/util-linux[su(-)] )
-"
-BDEPEND="
- app-arch/xz-utils
- sys-devel/gettext
- verify-sig? ( sec-keys/openpgp-keys-sergehallyn )
-"
-
-PATCHES=(
- "${FILESDIR}"/${P}-configure-clang16.patch
- "${FILESDIR}"/${P}-CVE-2023-29383.patch
- "${FILESDIR}"/${P}-usermod-prefix-gid.patch
- "${FILESDIR}"/${P}-password-leak.patch
-)
-
-src_prepare() {
- default
-
- elibtoolize
-}
-
-src_configure() {
- local myeconfargs=(
- --disable-account-tools-setuid
- --disable-static
- --with-btrfs
- --without-group-name-max-length
- --without-tcb
- $(use_enable nls)
- $(use_with acl)
- $(use_with audit)
- $(use_with bcrypt)
- $(use_with cracklib libcrack)
- $(use_with elibc_glibc nscd)
- $(use_with pam libpam)
- $(use_with selinux)
- $(use_with skey)
- $(use_with su)
- $(use_with xattr attr)
- )
-
- econf "${myeconfargs[@]}"
-
- if use nls ; then
- local l langs="po" # These are the pot files.
- for l in ${LANGS[*]} ; do
- has ${l} ${LINGUAS-${l}} && langs+=" ${l}"
- done
- sed -i "/^SUBDIRS = /s:=.*:= ${langs}:" man/Makefile || die
- fi
-}
-
-set_login_opt() {
- local comment="" opt=${1} val=${2}
- if [[ -z ${val} ]]; then
- comment="#"
- sed -i \
- -e "/^${opt}\>/s:^:#:" \
- "${ED}"/etc/login.defs || die
- else
- sed -i -r \
- -e "/^#?${opt}\>/s:.*:${opt} ${val}:" \
- "${ED}"/etc/login.defs
- fi
- local res=$(grep "^${comment}${opt}\>" "${ED}"/etc/login.defs)
- einfo "${res:-Unable to find ${opt} in /etc/login.defs}"
-}
-
-src_install() {
- emake DESTDIR="${D}" suidperms=4711 install
-
- # 4.9 regression: https://github.com/shadow-maint/shadow/issues/389
- emake DESTDIR="${D}" -C man install
-
- find "${ED}" -name '*.la' -type f -delete || die
-
- insinto /etc
- if ! use pam ; then
- insopts -m0600
- doins etc/login.access etc/limits
- fi
-
- # needed for 'useradd -D'
- insinto /etc/default
- insopts -m0600
- doins "${FILESDIR}"/default/useradd
-
- if use split-usr ; then
- # move passwd to / to help recover broke systems #64441
- # We cannot simply remove this or else net-misc/scponly
- # and other tools will break because of hardcoded passwd
- # location
- dodir /bin
- mv "${ED}"/usr/bin/passwd "${ED}"/bin/ || die
- dosym ../../bin/passwd /usr/bin/passwd
- fi
-
- cd "${S}" || die
- insinto /etc
- insopts -m0644
- newins etc/login.defs login.defs
-
- set_login_opt CREATE_HOME yes
- if ! use pam ; then
- set_login_opt MAIL_CHECK_ENAB no
- set_login_opt SU_WHEEL_ONLY yes
- set_login_opt CRACKLIB_DICTPATH /usr/lib/cracklib_dict
- set_login_opt LOGIN_RETRIES 3
- set_login_opt ENCRYPT_METHOD SHA512
- set_login_opt CONSOLE
- else
- dopamd "${FILESDIR}"/pam.d-include/shadow
-
- for x in chsh chfn ; do
- newpamd "${FILESDIR}"/pam.d-include/passwd ${x}
- done
-
- for x in chpasswd newusers ; do
- newpamd "${FILESDIR}"/pam.d-include/chpasswd ${x}
- done
-
- newpamd "${FILESDIR}"/pam.d-include/shadow-r1 groupmems
-
- # Comment out login.defs options that pam hates
- local opt sed_args=()
- for opt in \
- CHFN_AUTH \
- CONSOLE \
- CRACKLIB_DICTPATH \
- ENV_HZ \
- ENVIRON_FILE \
- FAILLOG_ENAB \
- FTMP_FILE \
- LASTLOG_ENAB \
- MAIL_CHECK_ENAB \
- MOTD_FILE \
- NOLOGINS_FILE \
- OBSCURE_CHECKS_ENAB \
- PASS_ALWAYS_WARN \
- PASS_CHANGE_TRIES \
- PASS_MIN_LEN \
- PORTTIME_CHECKS_ENAB \
- QUOTAS_ENAB \
- SU_WHEEL_ONLY
- do
- set_login_opt ${opt}
- sed_args+=( -e "/^#${opt}\>/b pamnote" )
- done
- sed -i "${sed_args[@]}" \
- -e 'b exit' \
- -e ': pamnote; i# NOTE: This setting should be configured via /etc/pam.d/ and not in this file.' \
- -e ': exit' \
- "${ED}"/etc/login.defs || die
-
- # Remove manpages that pam will install for us
- # and/or don't apply when using pam
- find "${ED}"/usr/share/man -type f \
- '(' -name 'limits.5*' -o -name 'suauth.5*' ')' \
- -delete
-
- # Remove pam.d files provided by pambase.
- rm "${ED}"/etc/pam.d/{login,passwd} || die
- if use su ; then
- rm "${ED}"/etc/pam.d/su || die
- fi
- fi
-
- # Remove manpages that are handled by other packages
- find "${ED}"/usr/share/man -type f \
- '(' -name id.1 -o -name getspnam.3 ')' \
- -delete || die
-
- if ! use su ; then
- find "${ED}"/usr/share/man -type f -name su.1 -delete || die
- fi
-
- cd "${S}" || die
- dodoc ChangeLog NEWS TODO
- newdoc README README.download
- cd doc || die
- dodoc HOWTO README* WISHLIST *.txt
-
- if use elibc_musl; then
- QA_CONFIG_IMPL_DECL_SKIP+=( sgetsgent )
- fi
-}
-
-pkg_preinst() {
- rm -f "${EROOT}"/etc/pam.d/system-auth.new \
- "${EROOT}/etc/login.defs.new"
-}
-
-pkg_postinst() {
- # Missing entries from /etc/passwd can cause odd system blips.
- # See bug #829872.
- if ! pwck -r -q -R "${EROOT:-/}" &>/dev/null ; then
- ewarn "Running 'pwck' returned errors. Please run it manually to fix any errors."
- fi
-
- # Enable shadow groups.
- if [[ ! -f "${EROOT}"/etc/gshadow ]] ; then
- if grpck -r -R "${EROOT:-/}" 2>/dev/null ; then
- grpconv -R "${EROOT:-/}"
- else
- ewarn "Running 'grpck' returned errors. Please run it by hand, and then"
- ewarn "run 'grpconv' afterwards!"
- fi
- fi
-
- [[ ! -f "${EROOT}"/etc/subgid ]] &&
- touch "${EROOT}"/etc/subgid
- [[ ! -f "${EROOT}"/etc/subuid ]] &&
- touch "${EROOT}"/etc/subuid
-
- einfo "The 'adduser' symlink to 'useradd' has been dropped."
-}
^ permalink raw reply related [flat|nested] 8+ messages in thread
end of thread, other threads:[~2024-05-28 1:59 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-02-24 12:43 [gentoo-commits] repo/gentoo:master commit in: sys-apps/shadow/, sys-apps/shadow/files/ Lars Wendler
-- strict thread matches above, loose matches on Subject: below --
2024-05-28 1:59 Sam James
2022-11-22 20:16 Sam James
2022-04-17 17:06 Sam James
2021-11-14 9:26 Sam James
2021-08-04 16:00 Mike Gilbert
2017-03-13 12:38 Lars Wendler
2015-11-17 14:08 Patrice Clement
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox