From 482ae6ebc51c096b837c9d8f40c5c40a9d599e5f Mon Sep 17 00:00:00 2001 From: Marcin Krol Date: Mon, 16 Dec 2019 00:07:40 +0100 Subject: [PATCH] - updated to 4.8 --- pam-login-delay.patch | 28 +++++++-------- paths.patch | 28 +++++++++++++++ shadow-goodname.patch | 84 +++++++++++++++++++++---------------------- shadow-tld.patch | 63 ++++++++++++++++---------------- shadow.spec | 6 ++-- 5 files changed, 121 insertions(+), 88 deletions(-) create mode 100644 paths.patch diff --git a/pam-login-delay.patch b/pam-login-delay.patch index 550039c..153b30c 100644 --- a/pam-login-delay.patch +++ b/pam-login-delay.patch @@ -1,7 +1,7 @@ -diff -urpa shadow-4.6.orig/lib/getdef.c shadow-4.6/lib/getdef.c ---- shadow-4.6.orig/lib/getdef.c 2018-04-29 16:42:37.000000000 +0000 -+++ shadow-4.6/lib/getdef.c 2018-09-04 14:28:30.649949349 +0000 -@@ -86,7 +86,6 @@ static struct itemdef def_table[] = { +diff -urpa shadow-4.8.orig/lib/getdef.c shadow-4.8/lib/getdef.c +--- shadow-4.8.orig/lib/getdef.c 2019-12-01 18:02:43.000000000 +0100 ++++ shadow-4.8/lib/getdef.c 2019-12-15 23:52:32.683000000 +0100 +@@ -89,7 +89,6 @@ static struct itemdef def_table[] = { {"ENV_PATH", NULL}, {"ENV_SUPATH", NULL}, {"ERASECHAR", NULL}, @@ -9,10 +9,10 @@ diff -urpa shadow-4.6.orig/lib/getdef.c shadow-4.6/lib/getdef.c {"FAKE_SHELL", NULL}, {"GID_MAX", NULL}, {"GID_MIN", NULL}, -diff -urpa shadow-4.6.orig/src/login.c shadow-4.6/src/login.c ---- shadow-4.6.orig/src/login.c 2018-04-29 16:42:37.000000000 +0000 -+++ shadow-4.6/src/login.c 2018-09-04 14:27:39.281949927 +0000 -@@ -525,7 +525,6 @@ int main (int argc, char **argv) +diff -urpa shadow-4.8.orig/src/login.c shadow-4.8/src/login.c +--- shadow-4.8.orig/src/login.c 2019-07-23 17:26:08.000000000 +0200 ++++ shadow-4.8/src/login.c 2019-12-15 23:52:32.684000000 +0100 +@@ -536,7 +536,6 @@ int main (int argc, char **argv) #if defined(HAVE_STRFTIME) && !defined(USE_PAM) char ptime[80]; #endif @@ -20,7 +20,7 @@ diff -urpa shadow-4.6.orig/src/login.c shadow-4.6/src/login.c unsigned int retries; bool subroot = false; #ifndef USE_PAM -@@ -546,6 +545,7 @@ int main (int argc, char **argv) +@@ -561,6 +560,7 @@ int main (int argc, char **argv) pid_t child; char *pam_user = NULL; #else @@ -28,7 +28,7 @@ diff -urpa shadow-4.6.orig/src/login.c shadow-4.6/src/login.c struct spwd *spwd = NULL; #endif /* -@@ -708,7 +708,6 @@ int main (int argc, char **argv) +@@ -723,7 +723,6 @@ int main (int argc, char **argv) } environ = newenvp; /* make new environment active */ @@ -36,7 +36,7 @@ diff -urpa shadow-4.6.orig/src/login.c shadow-4.6/src/login.c retries = getdef_unum ("LOGIN_RETRIES", RETRIES); #ifdef USE_PAM -@@ -724,8 +723,7 @@ int main (int argc, char **argv) +@@ -739,8 +738,7 @@ int main (int argc, char **argv) /* * hostname & tty are either set to NULL or their correct values, @@ -46,7 +46,7 @@ diff -urpa shadow-4.6.orig/src/login.c shadow-4.6/src/login.c * * PAM_RHOST and PAM_TTY are used for authentication, only use * information coming from login or from the caller (e.g. no utmp) -@@ -734,10 +732,6 @@ int main (int argc, char **argv) +@@ -749,10 +747,6 @@ int main (int argc, char **argv) PAM_FAIL_CHECK; retcode = pam_set_item (pamh, PAM_TTY, tty); PAM_FAIL_CHECK; @@ -57,7 +57,7 @@ diff -urpa shadow-4.6.orig/src/login.c shadow-4.6/src/login.c /* if fflg, then the user has already been authenticated */ if (!fflg) { unsigned int failcount = 0; -@@ -778,12 +772,6 @@ int main (int argc, char **argv) +@@ -793,12 +787,6 @@ int main (int argc, char **argv) bool failed = false; failcount++; @@ -70,7 +70,7 @@ diff -urpa shadow-4.6.orig/src/login.c shadow-4.6/src/login.c retcode = pam_authenticate (pamh, 0); -@@ -1073,14 +1061,17 @@ int main (int argc, char **argv) +@@ -1088,14 +1076,17 @@ int main (int argc, char **argv) free (username); username = NULL; diff --git a/paths.patch b/paths.patch new file mode 100644 index 0000000..014d353 --- /dev/null +++ b/paths.patch @@ -0,0 +1,28 @@ +diff -ur shadow-4.8.orig/src/Makefile.am shadow-4.8/src/Makefile.am +--- shadow-4.8.orig/src/Makefile.am 2019-12-01 17:52:32.000000000 +0100 ++++ shadow-4.8/src/Makefile.am 2019-12-16 00:05:04.509000000 +0100 +@@ -2,8 +2,8 @@ + EXTRA_DIST = \ + .indent.pro + +-ubindir = ${bindir} +-usbindir = ${sbindir} ++ubindir = ${prefix}/bin ++usbindir = ${prefix}/sbin + suidperms = 4755 + sgidperms = 2755 + +diff -ur shadow-4.8.orig/src/Makefile.in shadow-4.8/src/Makefile.in +--- shadow-4.8.orig/src/Makefile.in 2019-12-01 18:45:15.000000000 +0100 ++++ shadow-4.8/src/Makefile.in 2019-12-16 00:05:54.438000000 +0100 +@@ -555,8 +555,8 @@ + EXTRA_DIST = \ + .indent.pro + +-ubindir = ${bindir} +-usbindir = ${sbindir} ++ubindir = ${prefix}/bin ++usbindir = ${prefix}/sbin + suidperms = 4755 + sgidperms = 2755 + AM_CPPFLAGS = \ diff --git a/shadow-goodname.patch b/shadow-goodname.patch index 1fdd84f..b50ca6c 100644 --- a/shadow-goodname.patch +++ b/shadow-goodname.patch @@ -1,26 +1,26 @@ -diff -up shadow-4.1.5.1/libmisc/chkname.c.goodname shadow-4.1.5.1/libmisc/chkname.c ---- shadow-4.1.5.1/libmisc/chkname.c.goodname 2009-07-13 00:24:45.000000000 +0200 -+++ shadow-4.1.5.1/libmisc/chkname.c 2012-09-19 18:43:53.492160653 +0200 -@@ -49,20 +49,28 @@ - static bool is_valid_name (const char *name) - { +diff -urpa shadow-4.8.orig/libmisc/chkname.c shadow-4.8/libmisc/chkname.c +--- shadow-4.8.orig/libmisc/chkname.c 2019-10-05 03:23:58.000000000 +0200 ++++ shadow-4.8/libmisc/chkname.c 2019-12-15 23:50:06.137000000 +0100 +@@ -55,21 +55,28 @@ static bool is_valid_name (const char *n + } + /* - * User/group names must match [a-z_][a-z0-9_-]*[$] -- */ ++ * User/group names must match gnu e-regex: ++ * [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]? ++ * ++ * as a non-POSIX, extension, allow "$" as the last char for ++ * sake of Samba 3.x "add machine script" + */ +- - if (('\0' == *name) || - !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) { -+ * User/group names must match gnu e-regex: -+ * [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]? -+ * -+ * as a non-POSIX, extension, allow "$" as the last char for -+ * sake of Samba 3.x "add machine script" -+ */ + if ( ('\0' == *name) || -+ !((*name >= 'a' && *name <= 'z') || -+ (*name >= 'A' && *name <= 'Z') || -+ (*name >= '0' && *name <= '9') || -+ (*name == '_') || (*name == '.') -+ )) { ++ !((*name >= 'a' && *name <= 'z') || ++ (*name >= 'A' && *name <= 'Z') || ++ (*name >= '0' && *name <= '9') || ++ (*name == '_') || (*name == '.') ++ )) { return false; } @@ -31,19 +31,19 @@ diff -up shadow-4.1.5.1/libmisc/chkname.c.goodname shadow-4.1.5.1/libmisc/chknam - ('-' == *name) || - ( ('$' == *name) && ('\0' == *(name + 1)) ) - )) { -+ if (!( (*name >= 'a' && *name <= 'z') || -+ (*name >= 'A' && *name <= 'Z') || -+ (*name >= '0' && *name <= '9') || -+ (*name == '_') || (*name == '.') || (*name == '-') || -+ (*name == '$' && *(name + 1) == '\0') -+ )) { ++ if (!( (*name >= 'a' && *name <= 'z') || ++ (*name >= 'A' && *name <= 'Z') || ++ (*name >= '0' && *name <= '9') || ++ (*name == '_') || (*name == '.') || (*name == '-') || ++ (*name == '$' && *(name + 1) == '\0') ++ )) { return false; } } -diff -up shadow-4.1.5.1/man/groupadd.8.xml.goodname shadow-4.1.5.1/man/groupadd.8.xml ---- shadow-4.1.5.1/man/groupadd.8.xml.goodname 2012-05-25 13:45:27.000000000 +0200 -+++ shadow-4.1.5.1/man/groupadd.8.xml 2012-09-19 18:43:53.492160653 +0200 -@@ -259,12 +259,6 @@ +diff -urpa shadow-4.8.orig/man/groupadd.8.xml shadow-4.8/man/groupadd.8.xml +--- shadow-4.8.orig/man/groupadd.8.xml 2019-07-23 17:26:08.000000000 +0200 ++++ shadow-4.8/man/groupadd.8.xml 2019-12-15 23:41:44.562000000 +0100 +@@ -273,12 +273,6 @@ CAVEATS @@ -56,10 +56,10 @@ diff -up shadow-4.1.5.1/man/groupadd.8.xml.goodname shadow-4.1.5.1/man/groupadd. Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long. -diff -up shadow-4.1.5.1/man/man8/groupadd.8.goodname shadow-4.1.5.1/man/man8/groupadd.8 ---- shadow-4.1.5.1/man/man8/groupadd.8.goodname 2012-05-25 13:58:40.000000000 +0200 -+++ shadow-4.1.5.1/man/man8/groupadd.8 2012-09-19 18:44:42.175123079 +0200 -@@ -190,9 +190,7 @@ Shadow password suite configuration\&. +diff -urpa shadow-4.8.orig/man/man8/groupadd.8 shadow-4.8/man/man8/groupadd.8 +--- shadow-4.8.orig/man/man8/groupadd.8 2019-12-01 18:45:34.000000000 +0100 ++++ shadow-4.8/man/man8/groupadd.8 2019-12-15 23:41:44.563000000 +0100 +@@ -197,9 +197,7 @@ Shadow password suite configuration\&. .RE .SH "CAVEATS" .PP @@ -70,19 +70,19 @@ diff -up shadow-4.1.5.1/man/man8/groupadd.8.goodname shadow-4.1.5.1/man/man8/gro .PP You may not add a NIS or LDAP group\&. This must be performed on the corresponding server\&. .PP -diff -up shadow-4.1.5.1/man/man8/useradd.8.goodname shadow-4.1.5.1/man/man8/useradd.8 ---- shadow-4.1.5.1/man/man8/useradd.8.goodname 2012-05-25 13:59:28.000000000 +0200 -+++ shadow-4.1.5.1/man/man8/useradd.8 2012-09-19 18:46:09.249033949 +0200 -@@ -224,7 +224,7 @@ is not enabled, no home directories are +diff -urpa shadow-4.8.orig/man/man8/useradd.8 shadow-4.8/man/man8/useradd.8 +--- shadow-4.8.orig/man/man8/useradd.8 2019-12-01 18:45:38.000000000 +0100 ++++ shadow-4.8/man/man8/useradd.8 2019-12-15 23:41:44.563000000 +0100 +@@ -226,7 +226,7 @@ is not enabled, no home directories are .PP - \fB\-M\fR + \fB\-M\fR, \fB\-\-no\-create\-home\fR .RS 4 -Do no create the user\*(Aqs home directory, even if the system wide setting from +Do not create the user\*(Aqs home directory, even if the system wide setting from /etc/login\&.defs (\fBCREATE_HOME\fR) is set to \fIyes\fR\&. -@@ -430,8 +430,6 @@ Similarly, if the username already exist +@@ -440,8 +440,6 @@ Similarly, if the username already exist \fBuseradd\fR will deny the user account creation request\&. .PP @@ -91,9 +91,9 @@ diff -up shadow-4.1.5.1/man/man8/useradd.8.goodname shadow-4.1.5.1/man/man8/user Usernames may only be up to 32 characters long\&. .SH "CONFIGURATION" .PP -diff -up shadow-4.1.5.1/man/useradd.8.xml.goodname shadow-4.1.5.1/man/useradd.8.xml ---- shadow-4.1.5.1/man/useradd.8.xml.goodname 2012-05-25 13:45:29.000000000 +0200 -+++ shadow-4.1.5.1/man/useradd.8.xml 2012-09-19 18:43:53.493160675 +0200 +diff -urpa shadow-4.8.orig/man/useradd.8.xml shadow-4.8/man/useradd.8.xml +--- shadow-4.8.orig/man/useradd.8.xml 2019-10-05 03:23:58.000000000 +0200 ++++ shadow-4.8/man/useradd.8.xml 2019-12-15 23:41:44.563000000 +0100 @@ -366,7 +366,7 @@ @@ -103,7 +103,7 @@ diff -up shadow-4.1.5.1/man/useradd.8.xml.goodname shadow-4.1.5.1/man/useradd.8. wide setting from /etc/login.defs () is set to yes. -@@ -654,12 +654,6 @@ +@@ -661,12 +661,6 @@ diff --git a/shadow-tld.patch b/shadow-tld.patch index 69836c2..4fe5112 100644 --- a/shadow-tld.patch +++ b/shadow-tld.patch @@ -1,6 +1,35 @@ ---- shadow-4.0.6/src/useradd.c 2004-11-18 21:45:00.713398344 +0100 -+++ shadow-4.0.16/src/useradd.c 2006-06-08 01:17:05.580340031 +0300 -@@ -72,10 +72,10 @@ +diff -urpa shadow-4.8.orig/libmisc/find_new_gid.c shadow-4.8/libmisc/find_new_gid.c +--- shadow-4.8.orig/libmisc/find_new_gid.c 2019-10-13 04:52:08.000000000 +0200 ++++ shadow-4.8/libmisc/find_new_gid.c 2019-12-15 23:40:29.745000000 +0100 +@@ -61,8 +61,8 @@ static int get_ranges (bool sys_group, g + /* A requested ID is allowed to be below the autoselect range */ + *preferred_min = (gid_t) 1; + +- /* Get the minimum ID range from login.defs or default to 101 */ +- *min_id = (gid_t) getdef_ulong ("SYS_GID_MIN", 101UL); ++ /* Get the minimum ID range from login.defs or default to 10 */ ++ *min_id = (gid_t) getdef_ulong ("SYS_GID_MIN", 10UL); + + /* + * If SYS_GID_MAX is unspecified, we should assume it to be one +diff -urpa shadow-4.8.orig/libmisc/find_new_uid.c shadow-4.8/libmisc/find_new_uid.c +--- shadow-4.8.orig/libmisc/find_new_uid.c 2019-10-13 04:52:08.000000000 +0200 ++++ shadow-4.8/libmisc/find_new_uid.c 2019-12-15 23:40:29.746000000 +0100 +@@ -61,8 +61,8 @@ static int get_ranges (bool sys_user, ui + /* A requested ID is allowed to be below the autoselect range */ + *preferred_min = (uid_t) 1; + +- /* Get the minimum ID range from login.defs or default to 101 */ +- *min_id = (uid_t) getdef_ulong ("SYS_UID_MIN", 101UL); ++ /* Get the minimum ID range from login.defs or default to 1 */ ++ *min_id = (uid_t) getdef_ulong ("SYS_UID_MIN", 1UL); + + /* + * If SYS_UID_MAX is unspecified, we should assume it to be one +diff -urpa shadow-4.8.orig/src/useradd.c shadow-4.8/src/useradd.c +--- shadow-4.8.orig/src/useradd.c 2019-12-01 17:52:32.000000000 +0100 ++++ shadow-4.8/src/useradd.c 2019-12-15 23:40:29.745000000 +0100 +@@ -96,10 +96,10 @@ const char *Prog; /* * These defaults are used if there is no defaults file. */ @@ -14,7 +43,7 @@ static const char *def_template = SKEL_DIR; static const char *def_create_mail_spool = "no"; -@@ -89,7 +89,7 @@ +@@ -109,7 +109,7 @@ static const char *def_expire = ""; #define VALID(s) (strcspn (s, ":\n") == strlen (s)) static const char *user_name = ""; @@ -23,29 +52,3 @@ static uid_t user_id; static gid_t user_gid; static const char *user_comment = ""; ---- shadow-4.5/libmisc/find_new_gid.c~ 2017-01-29 22:37:22.000000000 +0200 -+++ shadow-4.5/libmisc/find_new_gid.c 2017-05-17 23:13:32.785253060 +0300 -@@ -61,8 +61,8 @@ - /* A requested ID is allowed to be below the autoselect range */ - *preferred_min = (gid_t) 1; - -- /* Get the minimum ID range from login.defs or default to 101 */ -- *min_id = (gid_t) getdef_ulong ("SYS_GID_MIN", 101UL); -+ /* Get the minimum ID range from login.defs or default to 10 */ -+ *min_id = (gid_t) getdef_ulong ("SYS_GID_MIN", 10UL); - - /* - * If SYS_GID_MAX is unspecified, we should assume it to be one ---- shadow-4.5/libmisc/find_new_uid.c~ 2017-01-29 22:37:22.000000000 +0200 -+++ shadow-4.5/libmisc/find_new_uid.c 2017-05-17 23:10:38.366687971 +0300 -@@ -61,8 +61,8 @@ - /* A requested ID is allowed to be below the autoselect range */ - *preferred_min = (uid_t) 1; - -- /* Get the minimum ID range from login.defs or default to 101 */ -- *min_id = (uid_t) getdef_ulong ("SYS_UID_MIN", 101UL); -+ /* Get the minimum ID range from login.defs or default to 1 */ -+ *min_id = (uid_t) getdef_ulong ("SYS_UID_MIN", 1UL); - - /* - * If SYS_UID_MAX is unspecified, we should assume it to be one diff --git a/shadow.spec b/shadow.spec index 2a167bc..8031d8c 100644 --- a/shadow.spec +++ b/shadow.spec @@ -10,13 +10,13 @@ Summary(pl.UTF-8): Narzędzia do obsługi mechanizmu ukrytych haseł Summary(pt_BR.UTF-8): Utilitários para o arquivo de senhas Shadow Summary(tr.UTF-8): Gölge parola dosyası araçları Name: shadow -Version: 4.7 +Version: 4.8 Release: 1 Epoch: 1 License: BSD Group: Applications/System Source0: https://github.com/shadow-maint/shadow/releases/download/%{version}/%{name}-%{version}.tar.xz -# Source0-md5: f7ce18c8dfd05f1a009266cb604d58b7 +# Source0-md5: 723ebb19b06e2f52d9ed7f0653483851 Source2: %{name}-login.defs Source3: %{name}.useradd Source10: chage.pamd @@ -37,6 +37,7 @@ Patch0: %{name}-tld.patch # allow names with upper case letters or containing dot in the middle Patch1: %{name}-goodname.patch Patch2: pam-login-delay.patch +Patch3: paths.patch URL: https://github.com/shadow-maint/shadow BuildRequires: acl-devel BuildRequires: attr-devel @@ -123,6 +124,7 @@ utilitários e senhas shadow em geral. %patch0 -p1 %patch1 -p1 %patch2 -p1 +%patch3 -p1 %build # NOTE: -- 2.44.0