Compare commits
173 Commits
shadow-uti
...
rawhide
Author | SHA1 | Date |
---|---|---|
Iker Pedrosa | 97547bc00a | |
Fedora Release Engineering | 71c99ba5b1 | |
Iker Pedrosa | 5ba2bc90cc | |
Iker Pedrosa | a986f4a036 | |
Iker Pedrosa | 2b851f7e96 | |
Fedora Release Engineering | bfa562aaf2 | |
Iker Pedrosa | 77cc4a7c14 | |
Iker Pedrosa | 957f0eb09e | |
Iker Pedrosa | a2d5d3dbda | |
Iker Pedrosa | 4a03ec740c | |
Iker Pedrosa | 11164c2c0a | |
Iker Pedrosa | 981bd7a093 | |
Iker Pedrosa | fbc8eba072 | |
Iker Pedrosa | 3a32832856 | |
Iker Pedrosa | 94f04f9e71 | |
Fedora Release Engineering | 58090e11f1 | |
Björn Esser | 0d2b677f8f | |
Iker Pedrosa | fbe143d1bd | |
Björn Esser | 08a62b5fa3 | |
Björn Esser | 90349359e4 | |
Björn Esser | a4f9def9dd | |
Björn Esser | a6d57fc8a3 | |
Iker Pedrosa | 2b6f713524 | |
Björn Esser | bace2f8c6b | |
Björn Esser | 1b6e097b0e | |
Björn Esser | 2615b08c31 | |
Björn Esser | c0e594d3c5 | |
Iker Pedrosa | c5fd8d4a0a | |
Björn Esser | e967948ce8 | |
Björn Esser | 0946f2a3b0 | |
Björn Esser | cb2f54a2c1 | |
Iker Pedrosa | cbc60528c3 | |
Iker Pedrosa | 1ec5088225 | |
Iker Pedrosa | 5292920d9b | |
Iker Pedrosa | 3e39e1d4e3 | |
Fedora Release Engineering | 4e14ecca65 | |
Tom Stellard | cc27294138 | |
Robert Scheck | 7abff5646c | |
ipedrosa | 4f395dd42d | |
Petr Lautrbach | b7aa9ac8ec | |
Ludwig Nussel | 9f643a3011 | |
Fedora Release Engineering | a222f7e825 | |
ipedrosa | 59585bb370 | |
ikerexxe | a66f10a891 | |
ikerexxe | b926b118d9 | |
ikerexxe | 7309a53c2a | |
ikerexxe | f5a51331fe | |
Fedora Release Engineering | c44360b6f9 | |
Tomas Mraz | a1cd6a4b05 | |
Tomas Mraz | fd2aa2917b | |
Tomas Mraz | 88156a4067 | |
Tomas Mraz | b76250c68a | |
Tomas Mraz | 36709cd2d7 | |
Petr Lautrbach | 3e9ca2fc33 | |
Fedora Release Engineering | 6065752fdc | |
Tomas Mraz | e17e2fa767 | |
Tomas Mraz | c2e806d82c | |
Tomas Mraz | c5ff8b2cd3 | |
Tomas Mraz | 713a388dfc | |
Tomas Mraz | 75c680d318 | |
Tim Landscheidt | 875723a30b | |
Tomas Mraz | 39afa9e9fb | |
Fedora Release Engineering | 6f7a2acd68 | |
Tomas Mraz | 1181911534 | |
Igor Gnatenko | a5c5d1f162 | |
Igor Gnatenko | aa9270652f | |
Björn Esser | 2fcf41cf88 | |
Tomas Mraz | 7eb46d2996 | |
Tomas Mraz | 6283287fd2 | |
Tomas Mraz | b9927e87e2 | |
Tomas Mraz | b41cff1956 | |
Tomas Mraz | 1a1e7474b6 | |
Tomas Mraz | f38d60a562 | |
Tomas Mraz | d80def3861 | |
Fedora Release Engineering | 8362f15341 | |
Jason Tibbitts | 0aa8060034 | |
Tomas Mraz | 38a12ac864 | |
Tomas Mraz | 4cb5077b68 | |
Tomas Mraz | 8d62f944dd | |
Igor Gnatenko | eb66bf0ca5 | |
Björn Esser | 41955fa9ab | |
Björn Esser | 2d4f6e1972 | |
esakaiev | a6650f241c | |
Tomas Mraz | 95d0ea6880 | |
Tomas Mraz | 8633999acf | |
Tomas Mraz | 9659143d38 | |
Tomas Mraz | b90f1c3912 | |
Tomas Mraz | 2c7fd6de84 | |
Fedora Release Engineering | 46349c33e5 | |
Fedora Release Engineering | 3a17ec0f47 | |
Tomas Mraz | ec99eade4e | |
Fedora Release Engineering | ba9340caf5 | |
Tomas Mraz | bb62fd7837 | |
Tomas Mraz | 457acab6b4 | |
Tomas Mraz | 86cbf7e19d | |
Tomas Mraz | 6c18d5356b | |
Tomas Mraz | f8ab516d30 | |
Tomas Mraz | c50e17082d | |
Tomas Mraz | abed79ee4e | |
Tomas Mraz | f884cd4c94 | |
Tomas Mraz | a359c84a6e | |
Tomas Mraz | 1bf254df98 | |
Tomas Mraz | b1dccbc445 | |
Tomas Mraz | 05ccc5cb0b | |
Tomas Mraz | 904910f545 | |
Tomas Mraz | 4e08f5dd0a | |
Tomas Mraz | c2f1a1c502 | |
Tomas Mraz | 25899fefb0 | |
Dennis Gilmore | 283bf24723 | |
Tomas Mraz | 8b4e03b994 | |
Tomas Mraz | 04260e2340 | |
Tomas Mraz | e77fc2805e | |
Tomas Mraz | e1ce821d45 | |
Tomas Mraz | af13db915f | |
Tomas Mraz | d29b2a8def | |
Tomas Mraz | 4c1ef1cd21 | |
Peter Robinson | 183c869703 | |
Tom Callaway | 972907741d | |
Tom Callaway | 9120a44c3f | |
Tom Callaway | 5ac7a63576 | |
Tom Callaway | 1e95b5b479 | |
Tomas Mraz | fd2973e24f | |
Tomas Mraz | 6a7e42e7e9 | |
Tomas Mraz | efff9fe79f | |
Tomas Mraz | dad42cc2f5 | |
Dennis Gilmore | c509d20844 | |
Tomas Mraz | a8136ba211 | |
Tomas Mraz | 8d1ef4078b | |
Tomas Mraz | 317fc748b3 | |
Tomas Mraz | 462b4b2f45 | |
Tomas Mraz | a451dc3d55 | |
Tomas Mraz | 047af921d9 | |
Tomas Mraz | 4eaf9cda61 | |
Tomas Mraz | 32f6a78157 | |
Tomas Mraz | a253a4a28b | |
Tomas Mraz | 0bdf7eb7a5 | |
Tomas Mraz | 257f1c1652 | |
Tomas Mraz | c85c93b88e | |
Tomas Mraz | 778c4c228d | |
Tomas Mraz | 6a8565830d | |
Tomas Mraz | 44a40b2f4e | |
Peter Vrabec | cae35b95ab | |
Dennis Gilmore | 3481ee2a8f | |
Peter Vrabec | 8cd7b2fcb7 | |
Peter Vrabec | 8994f4c05c | |
Peter Vrabec | 4c8c528414 | |
Peter Vrabec | c2e7e463a1 | |
Dennis Gilmore | f660173551 | |
Peter Vrabec | 5f231e7c37 | |
Peter Vrabec | 20341fa201 | |
Peter Vrabec | 22f8cbe3bf | |
Peter Vrabec | 4897d3d6b7 | |
Peter Vrabec | 3a49560688 | |
Peter Vrabec | 8e39d10d31 | |
Peter Vrabec | d410224971 | |
Peter Vrabec | 8c0da063a2 | |
Peter Vrabec | 46dd21926b | |
Peter Vrabec | f7bb2ec63f | |
Peter Vrabec | 4d00d71784 | |
Peter Vrabec | 6e8f608032 | |
Peter Vrabec | 5d7612da5b | |
Peter Vrabec | e997448056 | |
Peter Vrabec | ca4ecc57a6 | |
Peter Vrabec | b76f93c25b | |
Peter Vrabec | 8d9482059f | |
Fedora Release Engineering | 11d8bcbcab | |
Peter Vrabec | 30f3024f75 | |
Peter Vrabec | 59e397ee42 | |
Peter Vrabec | 6631e0269c | |
Peter Vrabec | 4f86795e64 | |
Peter Vrabec | d787a9d254 | |
Peter Vrabec | 0ffcb199d6 | |
Peter Vrabec | e772ed6ecf |
|
@ -1 +0,0 @@
|
|||
shadow-4.1.4.2.tar.bz2
|
|
@ -0,0 +1,20 @@
|
|||
shadow-4.1.4.2.tar.bz2
|
||||
/shadow-4.1.4.3.tar.bz2
|
||||
/shadow-4.1.5.tar.bz2
|
||||
/shadow-4.1.5.1.tar.bz2
|
||||
/shadow-4.1.5.1.tar.bz2.sig
|
||||
/shadow-4.2.1.tar.xz
|
||||
/shadow-4.2.1.tar.xz.sig
|
||||
/shadow-4.3.1.tar.gz
|
||||
/shadow-4.5.tar.xz
|
||||
/shadow-4.5.tar.xz.asc
|
||||
/shadow-4.6.tar.xz
|
||||
/shadow-4.6.tar.xz.asc
|
||||
/shadow-4.8.tar.xz
|
||||
/shadow-4.8.tar.xz.asc
|
||||
/shadow-4.8.1.tar.xz
|
||||
/shadow-4.8.1.tar.xz.asc
|
||||
/shadow-4.9.tar.xz
|
||||
/shadow-4.9.tar.xz.asc
|
||||
/shadow-4.11.1.tar.xz
|
||||
/shadow-4.11.1.tar.xz.asc
|
21
Makefile
21
Makefile
|
@ -1,21 +0,0 @@
|
|||
# Makefile for source rpm: shadow-utils
|
||||
# $Id: Makefile,v 1.4 2007/10/15 19:22:59 notting Exp $
|
||||
NAME := shadow-utils
|
||||
SPECFILE = $(firstword $(wildcard *.spec))
|
||||
|
||||
define find-makefile-common
|
||||
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
|
||||
endef
|
||||
|
||||
MAKEFILE_COMMON := $(shell $(find-makefile-common))
|
||||
|
||||
ifeq ($(MAKEFILE_COMMON),)
|
||||
# attempt a checkout
|
||||
define checkout-makefile-common
|
||||
test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
|
||||
endef
|
||||
|
||||
MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
|
||||
endif
|
||||
|
||||
include $(MAKEFILE_COMMON)
|
|
@ -0,0 +1,339 @@
|
|||
GNU GENERAL PUBLIC LICENSE
|
||||
Version 2, June 1991
|
||||
|
||||
Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
|
||||
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
Everyone is permitted to copy and distribute verbatim copies
|
||||
of this license document, but changing it is not allowed.
|
||||
|
||||
Preamble
|
||||
|
||||
The licenses for most software are designed to take away your
|
||||
freedom to share and change it. By contrast, the GNU General Public
|
||||
License is intended to guarantee your freedom to share and change free
|
||||
software--to make sure the software is free for all its users. This
|
||||
General Public License applies to most of the Free Software
|
||||
Foundation's software and to any other program whose authors commit to
|
||||
using it. (Some other Free Software Foundation software is covered by
|
||||
the GNU Lesser General Public License instead.) You can apply it to
|
||||
your programs, too.
|
||||
|
||||
When we speak of free software, we are referring to freedom, not
|
||||
price. Our General Public Licenses are designed to make sure that you
|
||||
have the freedom to distribute copies of free software (and charge for
|
||||
this service if you wish), that you receive source code or can get it
|
||||
if you want it, that you can change the software or use pieces of it
|
||||
in new free programs; and that you know you can do these things.
|
||||
|
||||
To protect your rights, we need to make restrictions that forbid
|
||||
anyone to deny you these rights or to ask you to surrender the rights.
|
||||
These restrictions translate to certain responsibilities for you if you
|
||||
distribute copies of the software, or if you modify it.
|
||||
|
||||
For example, if you distribute copies of such a program, whether
|
||||
gratis or for a fee, you must give the recipients all the rights that
|
||||
you have. You must make sure that they, too, receive or can get the
|
||||
source code. And you must show them these terms so they know their
|
||||
rights.
|
||||
|
||||
We protect your rights with two steps: (1) copyright the software, and
|
||||
(2) offer you this license which gives you legal permission to copy,
|
||||
distribute and/or modify the software.
|
||||
|
||||
Also, for each author's protection and ours, we want to make certain
|
||||
that everyone understands that there is no warranty for this free
|
||||
software. If the software is modified by someone else and passed on, we
|
||||
want its recipients to know that what they have is not the original, so
|
||||
that any problems introduced by others will not reflect on the original
|
||||
authors' reputations.
|
||||
|
||||
Finally, any free program is threatened constantly by software
|
||||
patents. We wish to avoid the danger that redistributors of a free
|
||||
program will individually obtain patent licenses, in effect making the
|
||||
program proprietary. To prevent this, we have made it clear that any
|
||||
patent must be licensed for everyone's free use or not licensed at all.
|
||||
|
||||
The precise terms and conditions for copying, distribution and
|
||||
modification follow.
|
||||
|
||||
GNU GENERAL PUBLIC LICENSE
|
||||
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
|
||||
|
||||
0. This License applies to any program or other work which contains
|
||||
a notice placed by the copyright holder saying it may be distributed
|
||||
under the terms of this General Public License. The "Program", below,
|
||||
refers to any such program or work, and a "work based on the Program"
|
||||
means either the Program or any derivative work under copyright law:
|
||||
that is to say, a work containing the Program or a portion of it,
|
||||
either verbatim or with modifications and/or translated into another
|
||||
language. (Hereinafter, translation is included without limitation in
|
||||
the term "modification".) Each licensee is addressed as "you".
|
||||
|
||||
Activities other than copying, distribution and modification are not
|
||||
covered by this License; they are outside its scope. The act of
|
||||
running the Program is not restricted, and the output from the Program
|
||||
is covered only if its contents constitute a work based on the
|
||||
Program (independent of having been made by running the Program).
|
||||
Whether that is true depends on what the Program does.
|
||||
|
||||
1. You may copy and distribute verbatim copies of the Program's
|
||||
source code as you receive it, in any medium, provided that you
|
||||
conspicuously and appropriately publish on each copy an appropriate
|
||||
copyright notice and disclaimer of warranty; keep intact all the
|
||||
notices that refer to this License and to the absence of any warranty;
|
||||
and give any other recipients of the Program a copy of this License
|
||||
along with the Program.
|
||||
|
||||
You may charge a fee for the physical act of transferring a copy, and
|
||||
you may at your option offer warranty protection in exchange for a fee.
|
||||
|
||||
2. You may modify your copy or copies of the Program or any portion
|
||||
of it, thus forming a work based on the Program, and copy and
|
||||
distribute such modifications or work under the terms of Section 1
|
||||
above, provided that you also meet all of these conditions:
|
||||
|
||||
a) You must cause the modified files to carry prominent notices
|
||||
stating that you changed the files and the date of any change.
|
||||
|
||||
b) You must cause any work that you distribute or publish, that in
|
||||
whole or in part contains or is derived from the Program or any
|
||||
part thereof, to be licensed as a whole at no charge to all third
|
||||
parties under the terms of this License.
|
||||
|
||||
c) If the modified program normally reads commands interactively
|
||||
when run, you must cause it, when started running for such
|
||||
interactive use in the most ordinary way, to print or display an
|
||||
announcement including an appropriate copyright notice and a
|
||||
notice that there is no warranty (or else, saying that you provide
|
||||
a warranty) and that users may redistribute the program under
|
||||
these conditions, and telling the user how to view a copy of this
|
||||
License. (Exception: if the Program itself is interactive but
|
||||
does not normally print such an announcement, your work based on
|
||||
the Program is not required to print an announcement.)
|
||||
|
||||
These requirements apply to the modified work as a whole. If
|
||||
identifiable sections of that work are not derived from the Program,
|
||||
and can be reasonably considered independent and separate works in
|
||||
themselves, then this License, and its terms, do not apply to those
|
||||
sections when you distribute them as separate works. But when you
|
||||
distribute the same sections as part of a whole which is a work based
|
||||
on the Program, the distribution of the whole must be on the terms of
|
||||
this License, whose permissions for other licensees extend to the
|
||||
entire whole, and thus to each and every part regardless of who wrote it.
|
||||
|
||||
Thus, it is not the intent of this section to claim rights or contest
|
||||
your rights to work written entirely by you; rather, the intent is to
|
||||
exercise the right to control the distribution of derivative or
|
||||
collective works based on the Program.
|
||||
|
||||
In addition, mere aggregation of another work not based on the Program
|
||||
with the Program (or with a work based on the Program) on a volume of
|
||||
a storage or distribution medium does not bring the other work under
|
||||
the scope of this License.
|
||||
|
||||
3. You may copy and distribute the Program (or a work based on it,
|
||||
under Section 2) in object code or executable form under the terms of
|
||||
Sections 1 and 2 above provided that you also do one of the following:
|
||||
|
||||
a) Accompany it with the complete corresponding machine-readable
|
||||
source code, which must be distributed under the terms of Sections
|
||||
1 and 2 above on a medium customarily used for software interchange; or,
|
||||
|
||||
b) Accompany it with a written offer, valid for at least three
|
||||
years, to give any third party, for a charge no more than your
|
||||
cost of physically performing source distribution, a complete
|
||||
machine-readable copy of the corresponding source code, to be
|
||||
distributed under the terms of Sections 1 and 2 above on a medium
|
||||
customarily used for software interchange; or,
|
||||
|
||||
c) Accompany it with the information you received as to the offer
|
||||
to distribute corresponding source code. (This alternative is
|
||||
allowed only for noncommercial distribution and only if you
|
||||
received the program in object code or executable form with such
|
||||
an offer, in accord with Subsection b above.)
|
||||
|
||||
The source code for a work means the preferred form of the work for
|
||||
making modifications to it. For an executable work, complete source
|
||||
code means all the source code for all modules it contains, plus any
|
||||
associated interface definition files, plus the scripts used to
|
||||
control compilation and installation of the executable. However, as a
|
||||
special exception, the source code distributed need not include
|
||||
anything that is normally distributed (in either source or binary
|
||||
form) with the major components (compiler, kernel, and so on) of the
|
||||
operating system on which the executable runs, unless that component
|
||||
itself accompanies the executable.
|
||||
|
||||
If distribution of executable or object code is made by offering
|
||||
access to copy from a designated place, then offering equivalent
|
||||
access to copy the source code from the same place counts as
|
||||
distribution of the source code, even though third parties are not
|
||||
compelled to copy the source along with the object code.
|
||||
|
||||
4. You may not copy, modify, sublicense, or distribute the Program
|
||||
except as expressly provided under this License. Any attempt
|
||||
otherwise to copy, modify, sublicense or distribute the Program is
|
||||
void, and will automatically terminate your rights under this License.
|
||||
However, parties who have received copies, or rights, from you under
|
||||
this License will not have their licenses terminated so long as such
|
||||
parties remain in full compliance.
|
||||
|
||||
5. You are not required to accept this License, since you have not
|
||||
signed it. However, nothing else grants you permission to modify or
|
||||
distribute the Program or its derivative works. These actions are
|
||||
prohibited by law if you do not accept this License. Therefore, by
|
||||
modifying or distributing the Program (or any work based on the
|
||||
Program), you indicate your acceptance of this License to do so, and
|
||||
all its terms and conditions for copying, distributing or modifying
|
||||
the Program or works based on it.
|
||||
|
||||
6. Each time you redistribute the Program (or any work based on the
|
||||
Program), the recipient automatically receives a license from the
|
||||
original licensor to copy, distribute or modify the Program subject to
|
||||
these terms and conditions. You may not impose any further
|
||||
restrictions on the recipients' exercise of the rights granted herein.
|
||||
You are not responsible for enforcing compliance by third parties to
|
||||
this License.
|
||||
|
||||
7. If, as a consequence of a court judgment or allegation of patent
|
||||
infringement or for any other reason (not limited to patent issues),
|
||||
conditions are imposed on you (whether by court order, agreement or
|
||||
otherwise) that contradict the conditions of this License, they do not
|
||||
excuse you from the conditions of this License. If you cannot
|
||||
distribute so as to satisfy simultaneously your obligations under this
|
||||
License and any other pertinent obligations, then as a consequence you
|
||||
may not distribute the Program at all. For example, if a patent
|
||||
license would not permit royalty-free redistribution of the Program by
|
||||
all those who receive copies directly or indirectly through you, then
|
||||
the only way you could satisfy both it and this License would be to
|
||||
refrain entirely from distribution of the Program.
|
||||
|
||||
If any portion of this section is held invalid or unenforceable under
|
||||
any particular circumstance, the balance of the section is intended to
|
||||
apply and the section as a whole is intended to apply in other
|
||||
circumstances.
|
||||
|
||||
It is not the purpose of this section to induce you to infringe any
|
||||
patents or other property right claims or to contest validity of any
|
||||
such claims; this section has the sole purpose of protecting the
|
||||
integrity of the free software distribution system, which is
|
||||
implemented by public license practices. Many people have made
|
||||
generous contributions to the wide range of software distributed
|
||||
through that system in reliance on consistent application of that
|
||||
system; it is up to the author/donor to decide if he or she is willing
|
||||
to distribute software through any other system and a licensee cannot
|
||||
impose that choice.
|
||||
|
||||
This section is intended to make thoroughly clear what is believed to
|
||||
be a consequence of the rest of this License.
|
||||
|
||||
8. If the distribution and/or use of the Program is restricted in
|
||||
certain countries either by patents or by copyrighted interfaces, the
|
||||
original copyright holder who places the Program under this License
|
||||
may add an explicit geographical distribution limitation excluding
|
||||
those countries, so that distribution is permitted only in or among
|
||||
countries not thus excluded. In such case, this License incorporates
|
||||
the limitation as if written in the body of this License.
|
||||
|
||||
9. The Free Software Foundation may publish revised and/or new versions
|
||||
of the General Public License from time to time. Such new versions will
|
||||
be similar in spirit to the present version, but may differ in detail to
|
||||
address new problems or concerns.
|
||||
|
||||
Each version is given a distinguishing version number. If the Program
|
||||
specifies a version number of this License which applies to it and "any
|
||||
later version", you have the option of following the terms and conditions
|
||||
either of that version or of any later version published by the Free
|
||||
Software Foundation. If the Program does not specify a version number of
|
||||
this License, you may choose any version ever published by the Free Software
|
||||
Foundation.
|
||||
|
||||
10. If you wish to incorporate parts of the Program into other free
|
||||
programs whose distribution conditions are different, write to the author
|
||||
to ask for permission. For software which is copyrighted by the Free
|
||||
Software Foundation, write to the Free Software Foundation; we sometimes
|
||||
make exceptions for this. Our decision will be guided by the two goals
|
||||
of preserving the free status of all derivatives of our free software and
|
||||
of promoting the sharing and reuse of software generally.
|
||||
|
||||
NO WARRANTY
|
||||
|
||||
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
|
||||
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
|
||||
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
|
||||
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
|
||||
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
|
||||
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
|
||||
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
|
||||
REPAIR OR CORRECTION.
|
||||
|
||||
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
|
||||
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
|
||||
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
|
||||
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
|
||||
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
|
||||
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
|
||||
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
|
||||
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
|
||||
POSSIBILITY OF SUCH DAMAGES.
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
||||
How to Apply These Terms to Your New Programs
|
||||
|
||||
If you develop a new program, and you want it to be of the greatest
|
||||
possible use to the public, the best way to achieve this is to make it
|
||||
free software which everyone can redistribute and change under these terms.
|
||||
|
||||
To do so, attach the following notices to the program. It is safest
|
||||
to attach them to the start of each source file to most effectively
|
||||
convey the exclusion of warranty; and each file should have at least
|
||||
the "copyright" line and a pointer to where the full notice is found.
|
||||
|
||||
<one line to give the program's name and a brief idea of what it does.>
|
||||
Copyright (C) <year> <name of author>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License along
|
||||
with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
|
||||
Also add information on how to contact you by electronic and paper mail.
|
||||
|
||||
If the program is interactive, make it output a short notice like this
|
||||
when it starts in an interactive mode:
|
||||
|
||||
Gnomovision version 69, Copyright (C) year name of author
|
||||
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
|
||||
This is free software, and you are welcome to redistribute it
|
||||
under certain conditions; type `show c' for details.
|
||||
|
||||
The hypothetical commands `show w' and `show c' should show the appropriate
|
||||
parts of the General Public License. Of course, the commands you use may
|
||||
be called something other than `show w' and `show c'; they could even be
|
||||
mouse-clicks or menu items--whatever suits your program.
|
||||
|
||||
You should also get your employer (if you work as a programmer) or your
|
||||
school, if any, to sign a "copyright disclaimer" for the program, if
|
||||
necessary. Here is a sample; alter the names:
|
||||
|
||||
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
|
||||
`Gnomovision' (which makes passes at compilers) written by James Hacker.
|
||||
|
||||
<signature of Ty Coon>, 1 April 1989
|
||||
Ty Coon, President of Vice
|
||||
|
||||
This General Public License does not permit incorporating your program into
|
||||
proprietary programs. If your program is a subroutine library, you may
|
||||
consider it more useful to permit linking proprietary applications with the
|
||||
library. If this is what you want to do, use the GNU Lesser General
|
||||
Public License instead of this License.
|
|
@ -1,68 +0,0 @@
|
|||
diff -up shadow-4.1.4.1/libmisc/chkname.c.goodname shadow-4.1.4.1/libmisc/chkname.c
|
||||
--- shadow-4.1.4.1/libmisc/chkname.c.goodname 2009-04-28 21:14:04.000000000 +0200
|
||||
+++ shadow-4.1.4.1/libmisc/chkname.c 2009-06-16 13:47:08.000000000 +0200
|
||||
@@ -49,20 +49,28 @@
|
||||
static bool is_valid_name (const char *name)
|
||||
{
|
||||
/*
|
||||
- * User/group names must match [a-z_][a-z0-9_-]*[$]
|
||||
- */
|
||||
- if (('\0' == *name) ||
|
||||
- !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) {
|
||||
+ * User/group names must match gnu e-regex:
|
||||
+ * [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]?
|
||||
+ *
|
||||
+ * as a non-POSIX, extension, allow "$" as the last char for
|
||||
+ * sake of Samba 3.x "add machine script"
|
||||
+ */
|
||||
+ if ( ('\0' == *name) ||
|
||||
+ !((*name >= 'a' && *name <= 'z') ||
|
||||
+ (*name >= 'A' && *name <= 'Z') ||
|
||||
+ (*name >= '0' && *name <= '9') ||
|
||||
+ (*name == '_') || (*name == '.')
|
||||
+ )) {
|
||||
return false;
|
||||
}
|
||||
|
||||
while ('\0' != *++name) {
|
||||
- if (!(( ('a' <= *name) && ('z' >= *name) ) ||
|
||||
- ( ('0' <= *name) && ('9' >= *name) ) ||
|
||||
- ('_' == *name) ||
|
||||
- ('-' == *name) ||
|
||||
- ( ('$' == *name) && ('\0' == *(name + 1)) )
|
||||
- )) {
|
||||
+ if (!( (*name >= 'a' && *name <= 'z') ||
|
||||
+ (*name >= 'A' && *name <= 'Z') ||
|
||||
+ (*name >= '0' && *name <= '9') ||
|
||||
+ (*name == '_') || (*name == '.') || (*name == '-') ||
|
||||
+ (*name == '$' && *(name + 1) == '\0')
|
||||
+ )) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
diff -up shadow-4.1.4.1/man/groupadd.8.goodname shadow-4.1.4.1/man/groupadd.8
|
||||
--- shadow-4.1.4.1/man/groupadd.8.goodname 2009-05-22 15:56:08.000000000 +0200
|
||||
+++ shadow-4.1.4.1/man/groupadd.8 2009-06-16 13:50:41.000000000 +0200
|
||||
@@ -153,9 +153,7 @@ Shadow password suite configuration\&.
|
||||
.RE
|
||||
.SH "CAVEATS"
|
||||
.PP
|
||||
-Groupnames must start with a lower case letter or an underscore, followed by lower case letters, digits, underscores, or dashes\&. They can end with a dollar sign\&. In regular expression terms: [a\-z_][a\-z0\-9_\-]*[$]?
|
||||
-.PP
|
||||
-Groupnames may only be up to 16 characters long\&.
|
||||
+Groupnames may only be up to 32 characters long\&.
|
||||
.PP
|
||||
You may not add a NIS or LDAP group\&. This must be performed on the corresponding server\&.
|
||||
.PP
|
||||
diff -up shadow-4.1.4.1/man/useradd.8.goodname shadow-4.1.4.1/man/useradd.8
|
||||
--- shadow-4.1.4.1/man/useradd.8.goodname 2009-05-22 15:56:28.000000000 +0200
|
||||
+++ shadow-4.1.4.1/man/useradd.8 2009-06-16 13:51:17.000000000 +0200
|
||||
@@ -405,8 +405,6 @@ Similarly, if the username already exist
|
||||
\fBuseradd\fR
|
||||
will deny the user account creation request\&.
|
||||
.PP
|
||||
-Usernames must start with a lower case letter or an underscore, followed by lower case letters, digits, underscores, or dashes\&. They can end with a dollar sign\&. In regular expression terms: [a\-z_][a\-z0\-9_\-]*[$]?
|
||||
-.PP
|
||||
Usernames may only be up to 32 characters long\&.
|
||||
.SH "CONFIGURATION"
|
||||
.PP
|
|
@ -1,65 +0,0 @@
|
|||
diff -up shadow-4.1.4.2/lib/commonio.c.fixes shadow-4.1.4.2/lib/commonio.c
|
||||
--- shadow-4.1.4.2/lib/commonio.c.fixes 2009-09-07 15:51:28.312139467 +0200
|
||||
+++ shadow-4.1.4.2/lib/commonio.c 2009-09-07 15:52:00.788140456 +0200
|
||||
@@ -710,7 +710,7 @@ commonio_sort (struct commonio_db *db, i
|
||||
db->tail->prev = entries[n - 1];
|
||||
db->tail->next = NULL;
|
||||
|
||||
- for (i = 1; i < n; i++) {
|
||||
+ for (i = 1; i < (n-1); i++) {
|
||||
entries[i]->prev = entries[i - 1];
|
||||
entries[i]->next = entries[i + 1];
|
||||
}
|
||||
diff -up shadow-4.1.4.2/libmisc/cleanup.c.fixes shadow-4.1.4.2/libmisc/cleanup.c
|
||||
--- shadow-4.1.4.2/libmisc/cleanup.c.fixes 2009-09-07 15:52:22.449035388 +0200
|
||||
+++ shadow-4.1.4.2/libmisc/cleanup.c 2009-09-07 15:55:06.632033653 +0200
|
||||
@@ -107,7 +107,7 @@ void del_cleanup (cleanup_function pcf)
|
||||
assert (i<CLEANUP_FUNCTIONS);
|
||||
|
||||
/* Move the rest of the cleanup functions */
|
||||
- for (; i<CLEANUP_FUNCTIONS; i++) {
|
||||
+ for (; i<(CLEANUP_FUNCTIONS - 1); i++) {
|
||||
/* Make sure the cleanup function was specified only once */
|
||||
assert (cleanup_functions[i+1] != pcf);
|
||||
|
||||
diff -up shadow-4.1.4.2/libmisc/limits.c.fixes shadow-4.1.4.2/libmisc/limits.c
|
||||
--- shadow-4.1.4.2/libmisc/limits.c.fixes 2009-09-07 15:55:38.734034494 +0200
|
||||
+++ shadow-4.1.4.2/libmisc/limits.c 2009-09-07 15:56:10.545044166 +0200
|
||||
@@ -167,7 +167,7 @@ static int check_logins (const char *nam
|
||||
* includes the user who is currently trying to log in.
|
||||
*/
|
||||
if (count > limit) {
|
||||
- SYSLOG ((LOG_WARN, "Too many logins (max %d) for %s\n",
|
||||
+ SYSLOG ((LOG_WARN, "Too many logins (max %lu) for %s\n",
|
||||
limit, name));
|
||||
return LOGIN_ERROR_LOGIN;
|
||||
}
|
||||
diff -up shadow-4.1.4.2/libmisc/utmp.c.fixes shadow-4.1.4.2/libmisc/utmp.c
|
||||
--- shadow-4.1.4.2/libmisc/utmp.c.fixes 2009-09-07 15:56:30.534033865 +0200
|
||||
+++ shadow-4.1.4.2/libmisc/utmp.c 2009-09-07 16:11:23.049069289 +0200
|
||||
@@ -56,7 +56,7 @@ static bool is_my_tty (const char *tty)
|
||||
/* full_tty shall be at least sizeof utmp.ut_line + 5 */
|
||||
char full_tty[200];
|
||||
/* tmptty shall be bigger than full_tty */
|
||||
- static char tmptty[sizeof (full_tty)+1];
|
||||
+ static char tmptty[sizeof (full_tty)+1] = "";
|
||||
|
||||
if ('/' != *tty) {
|
||||
(void) snprintf (full_tty, sizeof full_tty, "/dev/%s", tty);
|
||||
@@ -71,7 +71,7 @@ static bool is_my_tty (const char *tty)
|
||||
}
|
||||
}
|
||||
|
||||
- if (NULL == tmptty) {
|
||||
+ if ('\0' == tmptty[0]) {
|
||||
(void) puts (_("Unable to determine your tty name."));
|
||||
exit (EXIT_FAILURE);
|
||||
} else if (strncmp (tty, tmptty, sizeof (tmptty)) != 0) {
|
||||
@@ -200,7 +200,6 @@ static void updwtmpx (const char *filena
|
||||
strcpy (hostname, host);
|
||||
#ifdef HAVE_STRUCT_UTMP_UT_HOST
|
||||
} else if ( (NULL != ut)
|
||||
- && (NULL != ut->ut_host)
|
||||
&& ('\0' != ut->ut_host[0])) {
|
||||
hostname = (char *) xmalloc (sizeof (ut->ut_host) + 1);
|
||||
strncpy (hostname, ut->ut_host, sizeof (ut->ut_host));
|
|
@ -1,108 +0,0 @@
|
|||
diff -up shadow-4.1.4.2/lib/groupmem.c.leak shadow-4.1.4.2/lib/groupmem.c
|
||||
--- shadow-4.1.4.2/lib/groupmem.c.leak 2009-04-23 19:43:27.000000000 +0200
|
||||
+++ shadow-4.1.4.2/lib/groupmem.c 2009-09-07 15:43:23.314129427 +0200
|
||||
@@ -51,10 +51,13 @@
|
||||
*gr = *grent;
|
||||
gr->gr_name = strdup (grent->gr_name);
|
||||
if (NULL == gr->gr_name) {
|
||||
+ free(gr);
|
||||
return NULL;
|
||||
}
|
||||
gr->gr_passwd = strdup (grent->gr_passwd);
|
||||
if (NULL == gr->gr_passwd) {
|
||||
+ free(gr->gr_name);
|
||||
+ free(gr);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@@ -62,11 +65,21 @@
|
||||
|
||||
gr->gr_mem = (char **) malloc ((i + 1) * sizeof (char *));
|
||||
if (NULL == gr->gr_mem) {
|
||||
+ free(gr->gr_passwd);
|
||||
+ free(gr->gr_name);
|
||||
+ free(gr);
|
||||
return NULL;
|
||||
}
|
||||
for (i = 0; grent->gr_mem[i]; i++) {
|
||||
gr->gr_mem[i] = strdup (grent->gr_mem[i]);
|
||||
if (NULL == gr->gr_mem[i]) {
|
||||
+ int j;
|
||||
+ for (j=0; j<i; j++)
|
||||
+ free(gr->gr_mem[j]);
|
||||
+ free(gr->gr_mem);
|
||||
+ free(gr->gr_passwd);
|
||||
+ free(gr->gr_name);
|
||||
+ free(gr);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
diff -up shadow-4.1.4.2/libmisc/copydir.c.leak shadow-4.1.4.2/libmisc/copydir.c
|
||||
--- shadow-4.1.4.2/libmisc/copydir.c.leak 2009-05-22 12:16:14.000000000 +0200
|
||||
+++ shadow-4.1.4.2/libmisc/copydir.c 2009-09-07 15:41:49.217192095 +0200
|
||||
@@ -443,6 +443,7 @@ static char *readlink_malloc (const char
|
||||
nchars = readlink (filename, buffer, size);
|
||||
|
||||
if (nchars < 0) {
|
||||
+ free(buffer);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
diff -up shadow-4.1.4.2/lib/pwmem.c.leak shadow-4.1.4.2/lib/pwmem.c
|
||||
--- shadow-4.1.4.2/lib/pwmem.c.leak 2009-04-23 19:43:27.000000000 +0200
|
||||
+++ shadow-4.1.4.2/lib/pwmem.c 2009-09-07 15:41:49.218203063 +0200
|
||||
@@ -51,22 +51,37 @@
|
||||
*pw = *pwent;
|
||||
pw->pw_name = strdup (pwent->pw_name);
|
||||
if (NULL == pw->pw_name) {
|
||||
+ free(pw);
|
||||
return NULL;
|
||||
}
|
||||
pw->pw_passwd = strdup (pwent->pw_passwd);
|
||||
if (NULL == pw->pw_passwd) {
|
||||
+ free(pw->pw_name);
|
||||
+ free(pw);
|
||||
return NULL;
|
||||
}
|
||||
pw->pw_gecos = strdup (pwent->pw_gecos);
|
||||
if (NULL == pw->pw_gecos) {
|
||||
+ free(pw->pw_passwd);
|
||||
+ free(pw->pw_name);
|
||||
+ free(pw);
|
||||
return NULL;
|
||||
}
|
||||
pw->pw_dir = strdup (pwent->pw_dir);
|
||||
if (NULL == pw->pw_dir) {
|
||||
+ free(pw->pw_gecos);
|
||||
+ free(pw->pw_passwd);
|
||||
+ free(pw->pw_name);
|
||||
+ free(pw);
|
||||
return NULL;
|
||||
}
|
||||
pw->pw_shell = strdup (pwent->pw_shell);
|
||||
if (NULL == pw->pw_shell) {
|
||||
+ free(pw->pw_dir);
|
||||
+ free(pw->pw_gecos);
|
||||
+ free(pw->pw_passwd);
|
||||
+ free(pw->pw_name);
|
||||
+ free(pw);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
diff -up shadow-4.1.4.2/lib/shadowmem.c.leak shadow-4.1.4.2/lib/shadowmem.c
|
||||
--- shadow-4.1.4.2/lib/shadowmem.c.leak 2009-04-23 19:43:27.000000000 +0200
|
||||
+++ shadow-4.1.4.2/lib/shadowmem.c 2009-09-07 15:41:49.218203063 +0200
|
||||
@@ -52,10 +52,13 @@
|
||||
*sp = *spent;
|
||||
sp->sp_namp = strdup (spent->sp_namp);
|
||||
if (NULL == sp->sp_namp) {
|
||||
+ free(sp);
|
||||
return NULL;
|
||||
}
|
||||
sp->sp_pwdp = strdup (spent->sp_pwdp);
|
||||
if (NULL == sp->sp_pwdp) {
|
||||
+ free(sp->sp_namp);
|
||||
+ free(sp);
|
||||
return NULL;
|
||||
}
|
||||
|
|
@ -1,77 +0,0 @@
|
|||
diff -up shadow-4.1.4.2/libmisc/find_new_gid.c.redhat shadow-4.1.4.2/libmisc/find_new_gid.c
|
||||
--- shadow-4.1.4.2/libmisc/find_new_gid.c.redhat 2009-07-18 01:53:42.000000000 +0200
|
||||
+++ shadow-4.1.4.2/libmisc/find_new_gid.c 2009-09-07 16:34:26.640814090 +0200
|
||||
@@ -58,11 +58,11 @@ int find_new_gid (bool sys_group,
|
||||
assert (gid != NULL);
|
||||
|
||||
if (!sys_group) {
|
||||
- gid_min = (gid_t) getdef_ulong ("GID_MIN", 1000UL);
|
||||
+ gid_min = (gid_t) getdef_ulong ("GID_MIN", 500UL);
|
||||
gid_max = (gid_t) getdef_ulong ("GID_MAX", 60000UL);
|
||||
} else {
|
||||
- gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 101UL);
|
||||
- gid_max = (gid_t) getdef_ulong ("GID_MIN", 1000UL) - 1;
|
||||
+ gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 201UL);
|
||||
+ gid_max = (gid_t) getdef_ulong ("GID_MIN", 500UL) - 1;
|
||||
gid_max = (gid_t) getdef_ulong ("SYS_GID_MAX", (unsigned long) gid_max);
|
||||
}
|
||||
used_gids = alloca (sizeof (bool) * (gid_max +1));
|
||||
diff -up shadow-4.1.4.2/libmisc/find_new_uid.c.redhat shadow-4.1.4.2/libmisc/find_new_uid.c
|
||||
--- shadow-4.1.4.2/libmisc/find_new_uid.c.redhat 2009-07-18 01:53:43.000000000 +0200
|
||||
+++ shadow-4.1.4.2/libmisc/find_new_uid.c 2009-09-07 16:34:19.695877000 +0200
|
||||
@@ -58,11 +58,11 @@ int find_new_uid (bool sys_user,
|
||||
assert (uid != NULL);
|
||||
|
||||
if (!sys_user) {
|
||||
- uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
|
||||
+ uid_min = (uid_t) getdef_ulong ("UID_MIN", 500UL);
|
||||
uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
|
||||
} else {
|
||||
- uid_min = (uid_t) getdef_ulong ("SYS_UID_MIN", 101UL);
|
||||
- uid_max = (uid_t) getdef_ulong ("UID_MIN", 1000UL) - 1;
|
||||
+ uid_min = (uid_t) getdef_ulong ("SYS_UID_MIN", 201UL);
|
||||
+ uid_max = (uid_t) getdef_ulong ("UID_MIN", 500UL) - 1;
|
||||
uid_max = (uid_t) getdef_ulong ("SYS_UID_MAX", (unsigned long) uid_max);
|
||||
}
|
||||
used_uids = alloca (sizeof (bool) * (uid_max +1));
|
||||
diff -up shadow-4.1.4.2/src/useradd.c.redhat shadow-4.1.4.2/src/useradd.c
|
||||
--- shadow-4.1.4.2/src/useradd.c.redhat 2009-06-06 00:16:58.000000000 +0200
|
||||
+++ shadow-4.1.4.2/src/useradd.c 2009-09-07 16:34:01.402878101 +0200
|
||||
@@ -90,7 +90,7 @@ char *Prog;
|
||||
static gid_t def_group = 100;
|
||||
static const char *def_gname = "other";
|
||||
static const char *def_home = "/home";
|
||||
-static const char *def_shell = "";
|
||||
+static const char *def_shell = "/sbin/nologin";
|
||||
static const char *def_template = SKEL_DIR;
|
||||
static const char *def_create_mail_spool = "no";
|
||||
|
||||
@@ -102,7 +102,7 @@ static char def_file[] = USER_DEFAULTS_F
|
||||
#define VALID(s) (strcspn (s, ":\n") == strlen (s))
|
||||
|
||||
static const char *user_name = "";
|
||||
-static const char *user_pass = "!";
|
||||
+static const char *user_pass = "!!";
|
||||
static uid_t user_id;
|
||||
static gid_t user_gid;
|
||||
static const char *user_comment = "";
|
||||
@@ -989,9 +989,9 @@ static void process_flags (int argc, cha
|
||||
};
|
||||
while ((c = getopt_long (argc, argv,
|
||||
#ifdef WITH_SELINUX
|
||||
- "b:c:d:De:f:g:G:k:K:lmMNop:rs:u:UZ:",
|
||||
+ "b:c:d:De:f:g:G:k:K:lmMnNop:rs:u:UZ:",
|
||||
#else
|
||||
- "b:c:d:De:f:g:G:k:K:lmMNop:rs:u:U",
|
||||
+ "b:c:d:De:f:g:G:k:K:lmMnNop:rs:u:U",
|
||||
#endif
|
||||
long_options, NULL)) != -1) {
|
||||
switch (c) {
|
||||
@@ -1141,6 +1141,7 @@ static void process_flags (int argc, cha
|
||||
case 'M':
|
||||
Mflg = true;
|
||||
break;
|
||||
+ case 'n':
|
||||
case 'N':
|
||||
Nflg = true;
|
||||
break;
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,22 @@
|
|||
diff -up shadow-4.11.1/src/chage.c.null-tm shadow-4.11.1/src/chage.c
|
||||
diff -up shadow-4.11.1/src/lastlog.c.null-tm shadow-4.11.1/src/lastlog.c
|
||||
--- shadow-4.11.1/src/lastlog.c.null-tm 2022-01-03 15:31:56.348555620 +0100
|
||||
+++ shadow-4.11.1/src/lastlog.c 2022-01-03 15:38:41.262229024 +0100
|
||||
@@ -151,9 +151,12 @@ static void print_one (/*@null@*/const s
|
||||
|
||||
ll_time = ll.ll_time;
|
||||
tm = localtime (&ll_time);
|
||||
- strftime (ptime, sizeof (ptime), "%a %b %e %H:%M:%S %z %Y", tm);
|
||||
- cp = ptime;
|
||||
-
|
||||
+ if (tm == NULL) {
|
||||
+ cp = "(unknown)";
|
||||
+ } else {
|
||||
+ strftime (ptime, sizeof (ptime), "%a %b %e %H:%M:%S %z %Y", tm);
|
||||
+ cp = ptime;
|
||||
+ }
|
||||
if (ll.ll_time == (time_t) 0) {
|
||||
cp = _("**Never logged in**\0");
|
||||
}
|
||||
diff -up shadow-4.11.1/src/passwd.c.null-tm shadow-4.11.1/src/passwd.c
|
||||
diff -up shadow-4.11.1/src/usermod.c.null-tm shadow-4.11.1/src/usermod.c
|
|
@ -0,0 +1,41 @@
|
|||
diff -up shadow-4.11.1/src/useradd.c.redhat shadow-4.11.1/src/useradd.c
|
||||
--- shadow-4.11.1/src/useradd.c.redhat 2022-01-03 01:46:53.000000000 +0100
|
||||
+++ shadow-4.11.1/src/useradd.c 2022-01-03 14:53:12.988484829 +0100
|
||||
@@ -82,7 +82,7 @@ const char *Prog;
|
||||
static gid_t def_group = 1000;
|
||||
static const char *def_gname = "other";
|
||||
static const char *def_home = "/home";
|
||||
-static const char *def_shell = "/bin/bash";
|
||||
+static const char *def_shell = "/sbin/nologin";
|
||||
static const char *def_template = SKEL_DIR;
|
||||
static const char *def_create_mail_spool = "yes";
|
||||
static const char *def_log_init = "yes";
|
||||
@@ -93,7 +93,7 @@ static const char *def_expire = "";
|
||||
#define VALID(s) (strcspn (s, ":\n") == strlen (s))
|
||||
|
||||
static const char *user_name = "";
|
||||
-static const char *user_pass = "!";
|
||||
+static const char *user_pass = "!!";
|
||||
static uid_t user_id;
|
||||
static gid_t user_gid;
|
||||
static const char *user_comment = "";
|
||||
@@ -1219,9 +1219,9 @@ static void process_flags (int argc, cha
|
||||
};
|
||||
while ((c = getopt_long (argc, argv,
|
||||
#ifdef WITH_SELINUX
|
||||
- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:UZ:",
|
||||
+ "b:c:d:De:f:g:G:hk:K:lmMnNop:rR:P:s:u:UZ:",
|
||||
#else /* !WITH_SELINUX */
|
||||
- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:U",
|
||||
+ "b:c:d:De:f:g:G:hk:K:lmMnNop:rR:P:s:u:U",
|
||||
#endif /* !WITH_SELINUX */
|
||||
long_options, NULL)) != -1) {
|
||||
switch (c) {
|
||||
@@ -1378,6 +1378,7 @@ static void process_flags (int argc, cha
|
||||
case 'M':
|
||||
Mflg = true;
|
||||
break;
|
||||
+ case 'n':
|
||||
case 'N':
|
||||
Nflg = true;
|
||||
break;
|
|
@ -0,0 +1,40 @@
|
|||
From f1f1678e13aa3ae49bdb139efaa2c5bc53dcfe92 Mon Sep 17 00:00:00 2001
|
||||
From: Iker Pedrosa <ipedrosa@redhat.com>
|
||||
Date: Tue, 4 Jan 2022 13:06:00 +0100
|
||||
Subject: [PATCH] useradd: modify check ID range for system users
|
||||
|
||||
useradd warns that a system user ID less than SYS_UID_MIN is outside the
|
||||
expected range, even though that ID has been specifically selected with
|
||||
the "-u" option.
|
||||
|
||||
In my opinion all the user ID's below SYS_UID_MAX are for the system,
|
||||
thus I change the condition to take that into account.
|
||||
|
||||
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2004911
|
||||
|
||||
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
||||
---
|
||||
src/useradd.c | 6 ++----
|
||||
1 file changed, 2 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/useradd.c b/src/useradd.c
|
||||
index 34376fa5..4c71c38a 100644
|
||||
--- a/src/useradd.c
|
||||
+++ b/src/useradd.c
|
||||
@@ -2409,11 +2409,9 @@ static void check_uid_range(int rflg, uid_t user_id)
|
||||
uid_t uid_min ;
|
||||
uid_t uid_max ;
|
||||
if (rflg) {
|
||||
- uid_min = (uid_t)getdef_ulong("SYS_UID_MIN",101UL);
|
||||
uid_max = (uid_t)getdef_ulong("SYS_UID_MAX",getdef_ulong("UID_MIN",1000UL)-1);
|
||||
- if (uid_min <= uid_max) {
|
||||
- if (user_id < uid_min || user_id >uid_max)
|
||||
- fprintf(stderr, _("%s warning: %s's uid %d outside of the SYS_UID_MIN %d and SYS_UID_MAX %d range.\n"), Prog, user_name, user_id, uid_min, uid_max);
|
||||
+ if (user_id > uid_max) {
|
||||
+ fprintf(stderr, _("%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"), Prog, user_name, user_id, uid_max);
|
||||
}
|
||||
}else{
|
||||
uid_min = (uid_t)getdef_ulong("UID_MIN", 1000UL);
|
||||
--
|
||||
2.37.1
|
||||
|
|
@ -0,0 +1,69 @@
|
|||
Index: shadow-4.5/libmisc/getdate.y
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/libmisc/getdate.y
|
||||
+++ shadow-4.5/libmisc/getdate.y
|
||||
@@ -152,6 +152,7 @@ static int yyHaveDay;
|
||||
static int yyHaveRel;
|
||||
static int yyHaveTime;
|
||||
static int yyHaveZone;
|
||||
+static int yyHaveYear;
|
||||
static int yyTimezone;
|
||||
static int yyDay;
|
||||
static int yyHour;
|
||||
@@ -293,18 +294,21 @@ date : tUNUMBER '/' tUNUMBER {
|
||||
yyDay = $3;
|
||||
yyYear = $5;
|
||||
}
|
||||
+ yyHaveYear++;
|
||||
}
|
||||
| tUNUMBER tSNUMBER tSNUMBER {
|
||||
/* ISO 8601 format. yyyy-mm-dd. */
|
||||
yyYear = $1;
|
||||
yyMonth = -$2;
|
||||
yyDay = -$3;
|
||||
+ yyHaveYear++;
|
||||
}
|
||||
| tUNUMBER tMONTH tSNUMBER {
|
||||
/* e.g. 17-JUN-1992. */
|
||||
yyDay = $1;
|
||||
yyMonth = $2;
|
||||
yyYear = -$3;
|
||||
+ yyHaveYear++;
|
||||
}
|
||||
| tMONTH tUNUMBER {
|
||||
yyMonth = $1;
|
||||
@@ -314,6 +318,7 @@ date : tUNUMBER '/' tUNUMBER {
|
||||
yyMonth = $1;
|
||||
yyDay = $2;
|
||||
yyYear = $4;
|
||||
+ yyHaveYear++;
|
||||
}
|
||||
| tUNUMBER tMONTH {
|
||||
yyMonth = $2;
|
||||
@@ -323,6 +328,7 @@ date : tUNUMBER '/' tUNUMBER {
|
||||
yyMonth = $2;
|
||||
yyDay = $1;
|
||||
yyYear = $3;
|
||||
+ yyHaveYear++;
|
||||
}
|
||||
;
|
||||
|
||||
@@ -395,7 +401,8 @@ relunit : tUNUMBER tYEAR_UNIT {
|
||||
|
||||
number : tUNUMBER
|
||||
{
|
||||
- if ((yyHaveTime != 0) && (yyHaveDate != 0) && (yyHaveRel == 0))
|
||||
+ if ((yyHaveTime != 0 || $1 >= 100) && !yyHaveYear
|
||||
+ && (yyHaveDate != 0) && (yyHaveRel == 0))
|
||||
yyYear = $1;
|
||||
else
|
||||
{
|
||||
@@ -802,7 +809,7 @@ yylex (void)
|
||||
return LookupWord (buff);
|
||||
}
|
||||
if (c != '(')
|
||||
- return *yyInput++;
|
||||
+ return (unsigned char)*yyInput++;
|
||||
Count = 0;
|
||||
do
|
||||
{
|
|
@ -0,0 +1,64 @@
|
|||
Index: shadow-4.5/src/usermod.c
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/src/usermod.c
|
||||
+++ shadow-4.5/src/usermod.c
|
||||
@@ -455,14 +455,17 @@ static char *new_pw_passwd (char *pw_pas
|
||||
strcat (buf, pw_pass);
|
||||
pw_pass = buf;
|
||||
} else if (Uflg && pw_pass[0] == '!') {
|
||||
- char *s;
|
||||
+ char *s = pw_pass;
|
||||
|
||||
- if (pw_pass[1] == '\0') {
|
||||
+ while ('!' == *s)
|
||||
+ ++s;
|
||||
+
|
||||
+ if (*s == '\0') {
|
||||
fprintf (stderr,
|
||||
_("%s: unlocking the user's password would result in a passwordless account.\n"
|
||||
"You should set a password with usermod -p to unlock this user's password.\n"),
|
||||
Prog);
|
||||
- return pw_pass;
|
||||
+ return NULL;
|
||||
}
|
||||
|
||||
#ifdef WITH_AUDIT
|
||||
@@ -471,12 +474,15 @@ static char *new_pw_passwd (char *pw_pas
|
||||
user_newname, (unsigned int) user_newid, 1);
|
||||
#endif
|
||||
SYSLOG ((LOG_INFO, "unlock user '%s' password", user_newname));
|
||||
- s = pw_pass;
|
||||
- while ('\0' != *s) {
|
||||
- *s = *(s + 1);
|
||||
- s++;
|
||||
- }
|
||||
+ memmove (pw_pass, s, strlen (s) + 1);
|
||||
} else if (pflg) {
|
||||
+ if (strchr (user_pass, ':') != NULL) {
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: The password field cannot contain a colon character.\n"),
|
||||
+ Prog);
|
||||
+ return NULL;
|
||||
+
|
||||
+ }
|
||||
#ifdef WITH_AUDIT
|
||||
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||
"updating-password",
|
||||
@@ -525,6 +531,8 @@ static void new_pwent (struct passwd *pw
|
||||
if ( (!is_shadow_pwd)
|
||||
|| (strcmp (pwent->pw_passwd, SHADOW_PASSWD_STRING) != 0)) {
|
||||
pwent->pw_passwd = new_pw_passwd (pwent->pw_passwd);
|
||||
+ if (pwent->pw_passwd == NULL)
|
||||
+ fail_exit (E_PW_UPDATE);
|
||||
}
|
||||
|
||||
if (uflg) {
|
||||
@@ -639,6 +647,8 @@ static void new_spent (struct spwd *spen
|
||||
* + aging has been requested
|
||||
*/
|
||||
spent->sp_pwdp = new_pw_passwd (spent->sp_pwdp);
|
||||
+ if (spent->sp_pwdp == NULL)
|
||||
+ fail_exit(E_PW_UPDATE);
|
||||
|
||||
if (pflg) {
|
||||
spent->sp_lstchg = (long) gettime () / SCALE;
|
|
@ -0,0 +1,15 @@
|
|||
diff -up shadow-4.6/src/usermod.c.move-home shadow-4.6/src/usermod.c
|
||||
--- shadow-4.6/src/usermod.c.move-home 2018-05-28 14:59:05.594076665 +0200
|
||||
+++ shadow-4.6/src/usermod.c 2018-05-28 15:00:28.479837392 +0200
|
||||
@@ -1845,6 +1845,11 @@ static void move_home (void)
|
||||
Prog, prefix_user_home, prefix_user_newhome);
|
||||
fail_exit (E_HOMEDIR);
|
||||
}
|
||||
+ } else {
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: The previous home directory (%s) does "
|
||||
+ "not exist or is inaccessible. Move cannot be completed.\n"),
|
||||
+ Prog, prefix_user_home);
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,34 @@
|
|||
diff -up shadow-4.6/libmisc/find_new_gid.c.min-limit shadow-4.6/libmisc/find_new_gid.c
|
||||
--- shadow-4.6/libmisc/find_new_gid.c.min-limit 2018-04-29 18:42:37.000000001 +0200
|
||||
+++ shadow-4.6/libmisc/find_new_gid.c 2018-11-06 10:51:20.554963292 +0100
|
||||
@@ -82,6 +82,13 @@ static int get_ranges (bool sys_group, g
|
||||
(unsigned long) *max_id);
|
||||
return EINVAL;
|
||||
}
|
||||
+ /*
|
||||
+ * Zero is reserved for root and the allocation algorithm does not
|
||||
+ * work right with it.
|
||||
+ */
|
||||
+ if (*min_id == 0) {
|
||||
+ *min_id = (gid_t) 1;
|
||||
+ }
|
||||
} else {
|
||||
/* Non-system groups */
|
||||
|
||||
diff -up shadow-4.6/libmisc/find_new_uid.c.min-limit shadow-4.6/libmisc/find_new_uid.c
|
||||
--- shadow-4.6/libmisc/find_new_uid.c.min-limit 2018-04-29 18:42:37.000000001 +0200
|
||||
+++ shadow-4.6/libmisc/find_new_uid.c 2018-11-06 10:51:39.341399569 +0100
|
||||
@@ -82,6 +82,13 @@ static int get_ranges (bool sys_user, ui
|
||||
(unsigned long) *max_id);
|
||||
return EINVAL;
|
||||
}
|
||||
+ /*
|
||||
+ * Zero is reserved for root and the allocation algorithm does not
|
||||
+ * work right with it.
|
||||
+ */
|
||||
+ if (*min_id == 0) {
|
||||
+ *min_id = (uid_t) 1;
|
||||
+ }
|
||||
} else {
|
||||
/* Non-system users */
|
||||
|
|
@ -0,0 +1,100 @@
|
|||
diff -up shadow-4.8/libmisc/chkname.c.goodname shadow-4.8/libmisc/chkname.c
|
||||
--- shadow-4.8/libmisc/chkname.c.goodname 2020-01-13 09:44:41.968507996 +0100
|
||||
+++ shadow-4.8/libmisc/chkname.c 2020-01-13 09:46:27.863727732 +0100
|
||||
@@ -55,26 +55,44 @@ static bool is_valid_name (const char *n
|
||||
}
|
||||
|
||||
/*
|
||||
- * User/group names must match [a-z_][a-z0-9_-]*[$]
|
||||
- */
|
||||
+ * User/group names must match gnu e-regex:
|
||||
+ * [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]?
|
||||
+ *
|
||||
+ * as a non-POSIX, extension, allow "$" as the last char for
|
||||
+ * sake of Samba 3.x "add machine script"
|
||||
+ *
|
||||
+ * Also do not allow fully numeric names or just "." or "..".
|
||||
+ */
|
||||
+ int numeric;
|
||||
|
||||
- if (('\0' == *name) ||
|
||||
- !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) {
|
||||
+ if ('\0' == *name ||
|
||||
+ ('.' == *name && (('.' == name[1] && '\0' == name[2]) ||
|
||||
+ '\0' == name[1])) ||
|
||||
+ !((*name >= 'a' && *name <= 'z') ||
|
||||
+ (*name >= 'A' && *name <= 'Z') ||
|
||||
+ (*name >= '0' && *name <= '9') ||
|
||||
+ *name == '_' ||
|
||||
+ *name == '.')) {
|
||||
return false;
|
||||
}
|
||||
|
||||
+ numeric = isdigit(*name);
|
||||
+
|
||||
while ('\0' != *++name) {
|
||||
- if (!(( ('a' <= *name) && ('z' >= *name) ) ||
|
||||
- ( ('0' <= *name) && ('9' >= *name) ) ||
|
||||
- ('_' == *name) ||
|
||||
- ('-' == *name) ||
|
||||
- ( ('$' == *name) && ('\0' == *(name + 1)) )
|
||||
+ if (!((*name >= 'a' && *name <= 'z') ||
|
||||
+ (*name >= 'A' && *name <= 'Z') ||
|
||||
+ (*name >= '0' && *name <= '9') ||
|
||||
+ *name == '_' ||
|
||||
+ *name == '.' ||
|
||||
+ *name == '-' ||
|
||||
+ (*name == '$' && name[1] == '\0')
|
||||
)) {
|
||||
return false;
|
||||
}
|
||||
+ numeric &= isdigit(*name);
|
||||
}
|
||||
|
||||
- return true;
|
||||
+ return !numeric;
|
||||
}
|
||||
|
||||
bool is_valid_user_name (const char *name)
|
||||
diff -up shadow-4.8/man/groupadd.8.xml.goodname shadow-4.8/man/groupadd.8.xml
|
||||
--- shadow-4.8/man/groupadd.8.xml.goodname 2019-07-23 17:26:08.000000000 +0200
|
||||
+++ shadow-4.8/man/groupadd.8.xml 2020-01-13 09:44:41.968507996 +0100
|
||||
@@ -273,10 +273,12 @@
|
||||
<refsect1 id='caveats'>
|
||||
<title>CAVEATS</title>
|
||||
<para>
|
||||
- Groupnames must start with a lower case letter or an underscore,
|
||||
- followed by lower case letters, digits, underscores, or dashes.
|
||||
- They can end with a dollar sign.
|
||||
- In regular expression terms: [a-z_][a-z0-9_-]*[$]?
|
||||
+ Groupnames may contain only lower and upper case letters, digits,
|
||||
+ underscores, or dashes. They can end with a dollar sign.
|
||||
+
|
||||
+ Dashes are not allowed at the beginning of the groupname.
|
||||
+ Fully numeric groupnames and groupnames . or .. are
|
||||
+ also disallowed.
|
||||
</para>
|
||||
<para>
|
||||
Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long.
|
||||
diff -up shadow-4.8/man/useradd.8.xml.goodname shadow-4.8/man/useradd.8.xml
|
||||
--- shadow-4.8/man/useradd.8.xml.goodname 2019-10-05 03:23:58.000000000 +0200
|
||||
+++ shadow-4.8/man/useradd.8.xml 2020-01-13 09:44:41.968507996 +0100
|
||||
@@ -661,10 +661,14 @@
|
||||
</para>
|
||||
|
||||
<para>
|
||||
- Usernames must start with a lower case letter or an underscore,
|
||||
- followed by lower case letters, digits, underscores, or dashes.
|
||||
- They can end with a dollar sign.
|
||||
- In regular expression terms: [a-z_][a-z0-9_-]*[$]?
|
||||
+ Usernames may contain only lower and upper case letters, digits,
|
||||
+ underscores, or dashes. They can end with a dollar sign.
|
||||
+
|
||||
+ Dashes are not allowed at the beginning of the username.
|
||||
+ Fully numeric usernames and usernames . or .. are
|
||||
+ also disallowed. It is not recommended to use usernames beginning
|
||||
+ with . character as their home directories will be hidden in
|
||||
+ the <command>ls</command> output.
|
||||
</para>
|
||||
<para>
|
||||
Usernames may only be up to 32 characters long.
|
|
@ -0,0 +1,11 @@
|
|||
diff -up shadow-4.8/lib/getdef.c.login-prompt shadow-4.8/lib/getdef.c
|
||||
--- shadow-4.8/lib/getdef.c.login-prompt 2020-01-13 10:38:44.852796681 +0100
|
||||
+++ shadow-4.8/lib/getdef.c 2020-01-13 10:39:54.472612511 +0100
|
||||
@@ -98,6 +98,7 @@ static struct itemdef def_table[] = {
|
||||
{"LASTLOG_UID_MAX", NULL},
|
||||
{"LOGIN_RETRIES", NULL},
|
||||
{"LOGIN_TIMEOUT", NULL},
|
||||
+ {"LOGIN_PLAIN_PROMPT", NULL},
|
||||
{"LOG_OK_LOGINS", NULL},
|
||||
{"LOG_UNKFAIL_ENAB", NULL},
|
||||
{"MAIL_DIR", NULL},
|
|
@ -0,0 +1,86 @@
|
|||
diff -up shadow-4.8/lib/defines.h.long-entry shadow-4.8/lib/defines.h
|
||||
--- shadow-4.8/lib/defines.h.long-entry 2020-01-13 10:29:45.288957339 +0100
|
||||
+++ shadow-4.8/lib/defines.h 2020-01-13 10:30:47.482902954 +0100
|
||||
@@ -388,6 +388,9 @@ extern char *strerror ();
|
||||
# endif
|
||||
#endif
|
||||
|
||||
+/* Maximum length of passwd entry */
|
||||
+#define PASSWD_ENTRY_MAX_LENGTH 32768
|
||||
+
|
||||
#ifdef HAVE_SECURE_GETENV
|
||||
# define shadow_getenv(name) secure_getenv(name)
|
||||
# else
|
||||
diff -up shadow-4.8/lib/pwio.c.long-entry shadow-4.8/lib/pwio.c
|
||||
--- shadow-4.8/lib/pwio.c.long-entry 2019-07-23 17:26:08.000000000 +0200
|
||||
+++ shadow-4.8/lib/pwio.c 2020-01-13 10:29:45.288957339 +0100
|
||||
@@ -79,7 +79,10 @@ static int passwd_put (const void *ent,
|
||||
|| (pw->pw_gid == (gid_t)-1)
|
||||
|| (valid_field (pw->pw_gecos, ":\n") == -1)
|
||||
|| (valid_field (pw->pw_dir, ":\n") == -1)
|
||||
- || (valid_field (pw->pw_shell, ":\n") == -1)) {
|
||||
+ || (valid_field (pw->pw_shell, ":\n") == -1)
|
||||
+ || (strlen (pw->pw_name) + strlen (pw->pw_passwd) +
|
||||
+ strlen (pw->pw_gecos) + strlen (pw->pw_dir) +
|
||||
+ strlen (pw->pw_shell) + 100 > PASSWD_ENTRY_MAX_LENGTH)) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
diff -up shadow-4.8/lib/sgetpwent.c.long-entry shadow-4.8/lib/sgetpwent.c
|
||||
--- shadow-4.8/lib/sgetpwent.c.long-entry 2019-10-05 03:23:58.000000000 +0200
|
||||
+++ shadow-4.8/lib/sgetpwent.c 2020-01-13 10:29:45.288957339 +0100
|
||||
@@ -57,7 +57,7 @@
|
||||
struct passwd *sgetpwent (const char *buf)
|
||||
{
|
||||
static struct passwd pwent;
|
||||
- static char pwdbuf[1024];
|
||||
+ static char pwdbuf[PASSWD_ENTRY_MAX_LENGTH];
|
||||
register int i;
|
||||
register char *cp;
|
||||
char *fields[NFIELDS];
|
||||
@@ -67,8 +67,10 @@ struct passwd *sgetpwent (const char *bu
|
||||
* the password structure remain valid.
|
||||
*/
|
||||
|
||||
- if (strlen (buf) >= sizeof pwdbuf)
|
||||
+ if (strlen (buf) >= sizeof pwdbuf) {
|
||||
+ fprintf (stderr, "Too long passwd entry encountered, file corruption?\n");
|
||||
return 0; /* fail if too long */
|
||||
+ }
|
||||
strcpy (pwdbuf, buf);
|
||||
|
||||
/*
|
||||
diff -up shadow-4.8/lib/sgetspent.c.long-entry shadow-4.8/lib/sgetspent.c
|
||||
--- shadow-4.8/lib/sgetspent.c.long-entry 2019-07-23 17:26:08.000000000 +0200
|
||||
+++ shadow-4.8/lib/sgetspent.c 2020-01-13 10:29:45.289957322 +0100
|
||||
@@ -48,7 +48,7 @@
|
||||
*/
|
||||
struct spwd *sgetspent (const char *string)
|
||||
{
|
||||
- static char spwbuf[1024];
|
||||
+ static char spwbuf[PASSWD_ENTRY_MAX_LENGTH];
|
||||
static struct spwd spwd;
|
||||
char *fields[FIELDS];
|
||||
char *cp;
|
||||
@@ -61,6 +61,7 @@ struct spwd *sgetspent (const char *stri
|
||||
*/
|
||||
|
||||
if (strlen (string) >= sizeof spwbuf) {
|
||||
+ fprintf (stderr, "Too long shadow entry encountered, file corruption?\n");
|
||||
return 0; /* fail if too long */
|
||||
}
|
||||
strcpy (spwbuf, string);
|
||||
diff -up shadow-4.8/lib/shadowio.c.long-entry shadow-4.8/lib/shadowio.c
|
||||
--- shadow-4.8/lib/shadowio.c.long-entry 2019-07-23 17:26:08.000000000 +0200
|
||||
+++ shadow-4.8/lib/shadowio.c 2020-01-13 10:29:45.289957322 +0100
|
||||
@@ -79,7 +79,9 @@ static int shadow_put (const void *ent,
|
||||
|
||||
if ( (NULL == sp)
|
||||
|| (valid_field (sp->sp_namp, ":\n") == -1)
|
||||
- || (valid_field (sp->sp_pwdp, ":\n") == -1)) {
|
||||
+ || (valid_field (sp->sp_pwdp, ":\n") == -1)
|
||||
+ || (strlen (sp->sp_namp) + strlen (sp->sp_pwdp) +
|
||||
+ 1000 > PASSWD_ENTRY_MAX_LENGTH)) {
|
||||
return -1;
|
||||
}
|
||||
|
|
@ -0,0 +1,240 @@
|
|||
diff -up shadow-4.8/src/chgpasswd.c.selinux-perms shadow-4.8/src/chgpasswd.c
|
||||
--- shadow-4.8/src/chgpasswd.c.selinux-perms 2019-12-01 18:02:43.000000000 +0100
|
||||
+++ shadow-4.8/src/chgpasswd.c 2020-01-13 10:21:44.558107260 +0100
|
||||
@@ -39,6 +39,13 @@
|
||||
#include <pwd.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
+#ifdef WITH_SELINUX
|
||||
+#include <selinux/selinux.h>
|
||||
+#include <selinux/avc.h>
|
||||
+#endif
|
||||
+#ifdef WITH_LIBAUDIT
|
||||
+#include <libaudit.h>
|
||||
+#endif
|
||||
#ifdef ACCT_TOOLS_SETUID
|
||||
#ifdef USE_PAM
|
||||
#include "pam_defs.h"
|
||||
@@ -80,6 +87,9 @@ static bool sgr_locked = false;
|
||||
#endif
|
||||
static bool gr_locked = false;
|
||||
|
||||
+/* The name of the caller */
|
||||
+static char *myname = NULL;
|
||||
+
|
||||
/* local function prototypes */
|
||||
static void fail_exit (int code);
|
||||
static /*@noreturn@*/void usage (int status);
|
||||
@@ -334,6 +344,63 @@ static void check_perms (void)
|
||||
#endif /* ACCT_TOOLS_SETUID */
|
||||
}
|
||||
|
||||
+#ifdef WITH_SELINUX
|
||||
+static int
|
||||
+log_callback (int type, const char *fmt, ...)
|
||||
+{
|
||||
+ int audit_fd;
|
||||
+ va_list ap;
|
||||
+
|
||||
+ va_start(ap, fmt);
|
||||
+#ifdef WITH_AUDIT
|
||||
+ audit_fd = audit_open();
|
||||
+
|
||||
+ if (audit_fd >= 0) {
|
||||
+ char *buf;
|
||||
+
|
||||
+ if (vasprintf (&buf, fmt, ap) < 0)
|
||||
+ goto ret;
|
||||
+ audit_log_user_avc_message(audit_fd, AUDIT_USER_AVC, buf, NULL, NULL,
|
||||
+ NULL, 0);
|
||||
+ audit_close(audit_fd);
|
||||
+ free(buf);
|
||||
+ goto ret;
|
||||
+ }
|
||||
+
|
||||
+#endif
|
||||
+ vsyslog (LOG_USER | LOG_INFO, fmt, ap);
|
||||
+ret:
|
||||
+ va_end(ap);
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+static void
|
||||
+selinux_check_root (void)
|
||||
+{
|
||||
+ int status = -1;
|
||||
+ security_context_t user_context;
|
||||
+ union selinux_callback old_callback;
|
||||
+
|
||||
+ if (is_selinux_enabled() < 1)
|
||||
+ return;
|
||||
+
|
||||
+ old_callback = selinux_get_callback(SELINUX_CB_LOG);
|
||||
+ /* setup callbacks */
|
||||
+ selinux_set_callback(SELINUX_CB_LOG, (union selinux_callback) &log_callback);
|
||||
+ if ((status = getprevcon(&user_context)) < 0) {
|
||||
+ selinux_set_callback(SELINUX_CB_LOG, old_callback);
|
||||
+ exit(1);
|
||||
+ }
|
||||
+
|
||||
+ status = selinux_check_access(user_context, user_context, "passwd", "passwd", NULL);
|
||||
+
|
||||
+ selinux_set_callback(SELINUX_CB_LOG, old_callback);
|
||||
+ freecon(user_context);
|
||||
+ if (status != 0 && security_getenforce() != 0)
|
||||
+ exit(1);
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
/*
|
||||
* open_files - lock and open the group databases
|
||||
*/
|
||||
@@ -427,6 +494,7 @@ int main (int argc, char **argv)
|
||||
|
||||
const struct group *gr;
|
||||
struct group newgr;
|
||||
+ struct passwd *pw = NULL;
|
||||
int errors = 0;
|
||||
int line = 0;
|
||||
|
||||
@@ -436,12 +504,37 @@ int main (int argc, char **argv)
|
||||
(void) bindtextdomain (PACKAGE, LOCALEDIR);
|
||||
(void) textdomain (PACKAGE);
|
||||
|
||||
+#ifdef WITH_SELINUX
|
||||
+ selinux_check_root ();
|
||||
+#endif
|
||||
+
|
||||
process_root_flag ("-R", argc, argv);
|
||||
|
||||
process_flags (argc, argv);
|
||||
|
||||
OPENLOG ("chgpasswd");
|
||||
|
||||
+#ifdef WITH_AUDIT
|
||||
+ audit_help_open ();
|
||||
+#endif
|
||||
+
|
||||
+ /*
|
||||
+ * Determine the name of the user that invoked this command. This
|
||||
+ * is really hit or miss because there are so many ways that command
|
||||
+ * can be executed and so many ways to trip up the routines that
|
||||
+ * report the user name.
|
||||
+ */
|
||||
+ pw = get_my_pwent ();
|
||||
+ if (NULL == pw) {
|
||||
+ fprintf (stderr, _("%s: Cannot determine your user name.\n"),
|
||||
+ Prog);
|
||||
+ SYSLOG ((LOG_WARN,
|
||||
+ "Cannot determine the user name of the caller (UID %lu)",
|
||||
+ (unsigned long) getuid ()));
|
||||
+ exit (E_NOPERM);
|
||||
+ }
|
||||
+ myname = xstrdup (pw->pw_name);
|
||||
+
|
||||
check_perms ();
|
||||
|
||||
#ifdef SHADOWGRP
|
||||
diff -up shadow-4.8/src/chpasswd.c.selinux-perms shadow-4.8/src/chpasswd.c
|
||||
--- shadow-4.8/src/chpasswd.c.selinux-perms 2019-12-01 18:02:43.000000000 +0100
|
||||
+++ shadow-4.8/src/chpasswd.c 2020-01-13 10:21:44.558107260 +0100
|
||||
@@ -39,6 +39,13 @@
|
||||
#include <pwd.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
+#ifdef WITH_SELINUX
|
||||
+#include <selinux/selinux.h>
|
||||
+#include <selinux/avc.h>
|
||||
+#endif
|
||||
+#ifdef WITH_LIBAUDIT
|
||||
+#include <libaudit.h>
|
||||
+#endif
|
||||
#ifdef USE_PAM
|
||||
#include "pam_defs.h"
|
||||
#endif /* USE_PAM */
|
||||
@@ -332,6 +339,63 @@ static void check_perms (void)
|
||||
#endif /* USE_PAM */
|
||||
}
|
||||
|
||||
+#ifdef WITH_SELINUX
|
||||
+static int
|
||||
+log_callback (int type, const char *fmt, ...)
|
||||
+{
|
||||
+ int audit_fd;
|
||||
+ va_list ap;
|
||||
+
|
||||
+ va_start(ap, fmt);
|
||||
+#ifdef WITH_AUDIT
|
||||
+ audit_fd = audit_open();
|
||||
+
|
||||
+ if (audit_fd >= 0) {
|
||||
+ char *buf;
|
||||
+
|
||||
+ if (vasprintf (&buf, fmt, ap) < 0)
|
||||
+ goto ret;
|
||||
+ audit_log_user_avc_message(audit_fd, AUDIT_USER_AVC, buf, NULL, NULL,
|
||||
+ NULL, 0);
|
||||
+ audit_close(audit_fd);
|
||||
+ free(buf);
|
||||
+ goto ret;
|
||||
+ }
|
||||
+
|
||||
+#endif
|
||||
+ vsyslog (LOG_USER | LOG_INFO, fmt, ap);
|
||||
+ret:
|
||||
+ va_end(ap);
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+static void
|
||||
+selinux_check_root (void)
|
||||
+{
|
||||
+ int status = -1;
|
||||
+ security_context_t user_context;
|
||||
+ union selinux_callback old_callback;
|
||||
+
|
||||
+ if (is_selinux_enabled() < 1)
|
||||
+ return;
|
||||
+
|
||||
+ old_callback = selinux_get_callback(SELINUX_CB_LOG);
|
||||
+ /* setup callbacks */
|
||||
+ selinux_set_callback(SELINUX_CB_LOG, (union selinux_callback) &log_callback);
|
||||
+ if ((status = getprevcon(&user_context)) < 0) {
|
||||
+ selinux_set_callback(SELINUX_CB_LOG, old_callback);
|
||||
+ exit(1);
|
||||
+ }
|
||||
+
|
||||
+ status = selinux_check_access(user_context, user_context, "passwd", "passwd", NULL);
|
||||
+
|
||||
+ selinux_set_callback(SELINUX_CB_LOG, old_callback);
|
||||
+ freecon(user_context);
|
||||
+ if (status != 0 && security_getenforce() != 0)
|
||||
+ exit(1);
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
/*
|
||||
* open_files - lock and open the password databases
|
||||
*/
|
||||
@@ -428,6 +492,10 @@ int main (int argc, char **argv)
|
||||
(void) bindtextdomain (PACKAGE, LOCALEDIR);
|
||||
(void) textdomain (PACKAGE);
|
||||
|
||||
+#ifdef WITH_SELINUX
|
||||
+ selinux_check_root ();
|
||||
+#endif
|
||||
+
|
||||
process_root_flag ("-R", argc, argv);
|
||||
|
||||
process_flags (argc, argv);
|
||||
@@ -440,6 +508,10 @@ int main (int argc, char **argv)
|
||||
|
||||
OPENLOG ("chpasswd");
|
||||
|
||||
+#ifdef WITH_AUDIT
|
||||
+ audit_help_open ();
|
||||
+#endif
|
||||
+
|
||||
check_perms ();
|
||||
|
||||
#ifdef USE_PAM
|
|
@ -0,0 +1,35 @@
|
|||
diff -up shadow-4.9/lib/semanage.c.default-range shadow-4.9/lib/semanage.c
|
||||
--- shadow-4.9/lib/semanage.c.default-range 2021-07-22 23:55:35.000000000 +0200
|
||||
+++ shadow-4.9/lib/semanage.c 2021-08-02 12:43:16.822817392 +0200
|
||||
@@ -143,6 +143,7 @@ static int semanage_user_mod (semanage_h
|
||||
goto done;
|
||||
}
|
||||
|
||||
+#if 0
|
||||
ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
|
||||
if (ret != 0) {
|
||||
fprintf (shadow_logfd,
|
||||
@@ -150,6 +151,7 @@ static int semanage_user_mod (semanage_h
|
||||
ret = 1;
|
||||
goto done;
|
||||
}
|
||||
+#endif
|
||||
|
||||
ret = semanage_seuser_set_sename (handle, seuser, seuser_name);
|
||||
if (ret != 0) {
|
||||
@@ -200,6 +202,7 @@ static int semanage_user_add (semanage_h
|
||||
goto done;
|
||||
}
|
||||
|
||||
+#if 0
|
||||
ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
|
||||
if (ret != 0) {
|
||||
fprintf (shadow_logfd,
|
||||
@@ -208,6 +211,7 @@ static int semanage_user_add (semanage_h
|
||||
ret = 1;
|
||||
goto done;
|
||||
}
|
||||
+#endif
|
||||
|
||||
ret = semanage_seuser_set_sename (handle, seuser, seuser_name);
|
||||
if (ret != 0) {
|
|
@ -0,0 +1,180 @@
|
|||
diff -up shadow-4.8.1/man/groupmems.8.xml.manfix shadow-4.8.1/man/groupmems.8.xml
|
||||
--- shadow-4.8.1/man/groupmems.8.xml.manfix 2020-03-17 15:34:48.750414984 +0100
|
||||
+++ shadow-4.8.1/man/groupmems.8.xml 2020-03-17 15:41:13.383588722 +0100
|
||||
@@ -179,20 +179,10 @@
|
||||
<refsect1 id='setup'>
|
||||
<title>SETUP</title>
|
||||
<para>
|
||||
- The <command>groupmems</command> executable should be in mode
|
||||
- <literal>2710</literal> as user <emphasis>root</emphasis> and in group
|
||||
- <emphasis>groups</emphasis>. The system administrator can add users to
|
||||
- group <emphasis>groups</emphasis> to allow or disallow them using the
|
||||
- <command>groupmems</command> utility to manage their own group
|
||||
- membership list.
|
||||
+ In this operating system the <command>groupmems</command> executable
|
||||
+ is not setuid and regular users cannot use it to manipulate
|
||||
+ the membership of their own group.
|
||||
</para>
|
||||
-
|
||||
- <programlisting>
|
||||
- $ groupadd -r groups
|
||||
- $ chmod 2710 groupmems
|
||||
- $ chown root.groups groupmems
|
||||
- $ groupmems -g groups -a gk4
|
||||
- </programlisting>
|
||||
</refsect1>
|
||||
|
||||
<refsect1 id='configuration'>
|
||||
diff -up shadow-4.8.1/man/ja/man5/login.defs.5.manfix shadow-4.8.1/man/ja/man5/login.defs.5
|
||||
--- shadow-4.8.1/man/ja/man5/login.defs.5.manfix 2019-07-23 17:26:08.000000000 +0200
|
||||
+++ shadow-4.8.1/man/ja/man5/login.defs.5 2020-03-17 15:34:48.750414984 +0100
|
||||
@@ -147,10 +147,6 @@ 以下の参照表は、
|
||||
shadow パスワード機能のどのプログラムが
|
||||
どのパラメータを使用するかを示したものである。
|
||||
.na
|
||||
-.IP chfn 12
|
||||
-CHFN_AUTH CHFN_RESTRICT
|
||||
-.IP chsh 12
|
||||
-CHFN_AUTH
|
||||
.IP groupadd 12
|
||||
GID_MAX GID_MIN
|
||||
.IP newusers 12
|
||||
diff -up shadow-4.8.1/man/login.defs.5.xml.manfix shadow-4.8.1/man/login.defs.5.xml
|
||||
--- shadow-4.8.1/man/login.defs.5.xml.manfix 2020-01-17 16:47:56.000000000 +0100
|
||||
+++ shadow-4.8.1/man/login.defs.5.xml 2020-03-17 15:34:48.750414984 +0100
|
||||
@@ -164,6 +164,17 @@
|
||||
long numeric parameters is machine-dependent.
|
||||
</para>
|
||||
|
||||
+ <para>
|
||||
+ Please note that the parameters in this configuration file control the
|
||||
+ behavior of the tools from the shadow-utils component. None of these
|
||||
+ tools uses the PAM mechanism, and the utilities that use PAM (such as the
|
||||
+ passwd command) should be configured elsewhere. The only values that
|
||||
+ affect PAM modules are <emphasis>ENCRYPT_METHOD</emphasis> and <emphasis>SHA_CRYPT_MAX_ROUNDS</emphasis>
|
||||
+ for pam_unix module, <emphasis>FAIL_DELAY</emphasis> for pam_faildelay module,
|
||||
+ and <emphasis>UMASK</emphasis> for pam_umask module. Refer to
|
||||
+ pam(8) for more information.
|
||||
+ </para>
|
||||
+
|
||||
<para>The following configuration items are provided:</para>
|
||||
|
||||
<variablelist remap='IP'>
|
||||
@@ -256,16 +267,6 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
- <term>chfn</term>
|
||||
- <listitem>
|
||||
- <para>
|
||||
- <phrase condition="no_pam">CHFN_AUTH</phrase>
|
||||
- CHFN_RESTRICT
|
||||
- <phrase condition="no_pam">LOGIN_STRING</phrase>
|
||||
- </para>
|
||||
- </listitem>
|
||||
- </varlistentry>
|
||||
- <varlistentry>
|
||||
<term>chgpasswd</term>
|
||||
<listitem>
|
||||
<para>
|
||||
@@ -286,14 +287,6 @@
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
- <varlistentry condition="no_pam">
|
||||
- <term>chsh</term>
|
||||
- <listitem>
|
||||
- <para>
|
||||
- CHSH_AUTH LOGIN_STRING
|
||||
- </para>
|
||||
- </listitem>
|
||||
- </varlistentry>
|
||||
<!-- expiry: no variables (CONSOLE_GROUPS linked, but not used) -->
|
||||
<!-- faillog: no variables -->
|
||||
<varlistentry>
|
||||
@@ -359,34 +352,6 @@
|
||||
<para>LASTLOG_UID_MAX</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
- <varlistentry>
|
||||
- <term>login</term>
|
||||
- <listitem>
|
||||
- <para>
|
||||
- <phrase condition="no_pam">CONSOLE</phrase>
|
||||
- CONSOLE_GROUPS DEFAULT_HOME
|
||||
- <phrase condition="no_pam">ENV_HZ ENV_PATH ENV_SUPATH
|
||||
- ENV_TZ ENVIRON_FILE</phrase>
|
||||
- ERASECHAR FAIL_DELAY
|
||||
- <phrase condition="no_pam">FAILLOG_ENAB</phrase>
|
||||
- FAKE_SHELL
|
||||
- <phrase condition="no_pam">FTMP_FILE</phrase>
|
||||
- HUSHLOGIN_FILE
|
||||
- <phrase condition="no_pam">ISSUE_FILE</phrase>
|
||||
- KILLCHAR
|
||||
- <phrase condition="no_pam">LASTLOG_ENAB LASTLOG_UID_MAX</phrase>
|
||||
- LOGIN_RETRIES
|
||||
- <phrase condition="no_pam">LOGIN_STRING</phrase>
|
||||
- LOGIN_TIMEOUT LOG_OK_LOGINS LOG_UNKFAIL_ENAB
|
||||
- <phrase condition="no_pam">MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE
|
||||
- MOTD_FILE NOLOGINS_FILE PORTTIME_CHECKS_ENAB
|
||||
- QUOTAS_ENAB</phrase>
|
||||
- TTYGROUP TTYPERM TTYTYPE_FILE
|
||||
- <phrase condition="no_pam">ULIMIT UMASK</phrase>
|
||||
- USERGROUPS_ENAB
|
||||
- </para>
|
||||
- </listitem>
|
||||
- </varlistentry>
|
||||
<!-- logoutd: no variables -->
|
||||
<varlistentry>
|
||||
<term>newgrp / sg</term>
|
||||
@@ -415,17 +380,6 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<!-- nologin: no variables -->
|
||||
- <varlistentry condition="no_pam">
|
||||
- <term>passwd</term>
|
||||
- <listitem>
|
||||
- <para>
|
||||
- ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB
|
||||
- PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN
|
||||
- <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
|
||||
- SHA_CRYPT_MIN_ROUNDS</phrase>
|
||||
- </para>
|
||||
- </listitem>
|
||||
- </varlistentry>
|
||||
<varlistentry>
|
||||
<term>pwck</term>
|
||||
<listitem>
|
||||
@@ -452,32 +406,6 @@
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
- <varlistentry>
|
||||
- <term>su</term>
|
||||
- <listitem>
|
||||
- <para>
|
||||
- <phrase condition="no_pam">CONSOLE</phrase>
|
||||
- CONSOLE_GROUPS DEFAULT_HOME
|
||||
- <phrase condition="no_pam">ENV_HZ ENVIRON_FILE</phrase>
|
||||
- ENV_PATH ENV_SUPATH
|
||||
- <phrase condition="no_pam">ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB
|
||||
- MAIL_DIR MAIL_FILE QUOTAS_ENAB</phrase>
|
||||
- SULOG_FILE SU_NAME
|
||||
- <phrase condition="no_pam">SU_WHEEL_ONLY</phrase>
|
||||
- SYSLOG_SU_ENAB
|
||||
- <phrase condition="no_pam">USERGROUPS_ENAB</phrase>
|
||||
- </para>
|
||||
- </listitem>
|
||||
- </varlistentry>
|
||||
- <varlistentry>
|
||||
- <term>sulogin</term>
|
||||
- <listitem>
|
||||
- <para>
|
||||
- ENV_HZ
|
||||
- <phrase condition="no_pam">ENV_TZ</phrase>
|
||||
- </para>
|
||||
- </listitem>
|
||||
- </varlistentry>
|
||||
<varlistentry>
|
||||
<term>useradd</term>
|
||||
<listitem>
|
|
@ -0,0 +1,48 @@
|
|||
From e101219ad71de11da3fdd1b3ec2620fd1a97b92c Mon Sep 17 00:00:00 2001
|
||||
From: Iker Pedrosa <ipedrosa@redhat.com>
|
||||
Date: Mon, 10 Jan 2022 15:30:28 +0100
|
||||
Subject: [PATCH] nss: get shadow_logfd with log_get_logfd()
|
||||
|
||||
If /etc/nsswitch.conf doesn't exist podman crashes because shadow_logfd
|
||||
is NULL. In order to avoid that load the log file descriptor with the
|
||||
log_get_logfd() helper function.
|
||||
|
||||
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2038811
|
||||
|
||||
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
||||
---
|
||||
lib/nss.c | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/nss.c b/lib/nss.c
|
||||
index 02742902..06fa48e5 100644
|
||||
--- a/lib/nss.c
|
||||
+++ b/lib/nss.c
|
||||
@@ -9,6 +9,7 @@
|
||||
#include "prototypes.h"
|
||||
#include "../libsubid/subid.h"
|
||||
#include "shadowlog_internal.h"
|
||||
+#include "shadowlog.h"
|
||||
|
||||
#define NSSWITCH "/etc/nsswitch.conf"
|
||||
|
||||
@@ -42,6 +43,7 @@ void nss_init(const char *nsswitch_path) {
|
||||
FILE *nssfp = NULL;
|
||||
char *line = NULL, *p, *token, *saveptr;
|
||||
size_t len = 0;
|
||||
+ FILE *shadow_logfd = log_get_logfd();
|
||||
|
||||
if (atomic_flag_test_and_set(&nss_init_started)) {
|
||||
// Another thread has started nss_init, wait for it to complete
|
||||
@@ -57,7 +59,7 @@ void nss_init(const char *nsswitch_path) {
|
||||
// subid: files
|
||||
nssfp = fopen(nsswitch_path, "r");
|
||||
if (!nssfp) {
|
||||
- fprintf(shadow_logfd, "Failed opening %s: %m", nsswitch_path);
|
||||
+ fprintf(shadow_logfd, "Failed opening %s: %m\n", nsswitch_path);
|
||||
atomic_store(&nss_init_completed, true);
|
||||
return;
|
||||
}
|
||||
--
|
||||
2.34.1
|
||||
|
|
@ -0,0 +1,32 @@
|
|||
/*
|
||||
* Copyright (c) 1990 - 1994, Julianne Frances Haugh
|
||||
* Copyright (c) 1996 - 2000, Marek Michałkiewicz
|
||||
* Copyright (c) 2000 - 2006, Tomasz Kłoczko
|
||||
* Copyright (c) 2007 - 2011, Nicolas François
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. The name of the copyright holders or contributors may not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
|
||||
* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
* HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
|
@ -0,0 +1,43 @@
|
|||
<!--
|
||||
Copyright (c) 1991 - 1993, Julianne Frances Haugh
|
||||
Copyright (c) 1991 - 1993, Chip Rosenthal
|
||||
Copyright (c) 2007 - 2009, Nicolas François
|
||||
All rights reserved.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions
|
||||
are met:
|
||||
1. Redistributions of source code must retain the above copyright
|
||||
notice, this list of conditions and the following disclaimer.
|
||||
2. Redistributions in binary form must reproduce the above copyright
|
||||
notice, this list of conditions and the following disclaimer in the
|
||||
documentation and/or other materials provided with the distribution.
|
||||
3. The name of the copyright holders or contributors may not be used to
|
||||
endorse or promote products derived from this software without
|
||||
specific prior written permission.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
|
||||
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
-->
|
||||
<varlistentry>
|
||||
<term><option>HOME_MODE</option> (number)</term>
|
||||
<listitem>
|
||||
<para>
|
||||
The mode for new home directories. If not specified,
|
||||
the <option>UMASK</option> is used to create the mode.
|
||||
</para>
|
||||
<para>
|
||||
<command>useradd</command> and <command>newusers</command> use this
|
||||
to set the mode of the home directory they create.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
|
@ -1,12 +1,126 @@
|
|||
#
|
||||
# Please note that the parameters in this configuration file control the
|
||||
# behavior of the tools from the shadow-utils component. None of these
|
||||
# tools uses the PAM mechanism, and the utilities that use PAM (such as the
|
||||
# passwd command) should therefore be configured elsewhere. Refer to
|
||||
# /etc/pam.d/system-auth for more information.
|
||||
#
|
||||
|
||||
#
|
||||
# Delay in seconds before being allowed another attempt after a login failure
|
||||
# Note: When PAM is used, some modules may enforce a minimum delay (e.g.
|
||||
# pam_unix(8) enforces a 2s delay)
|
||||
#
|
||||
#FAIL_DELAY 3
|
||||
|
||||
# Currently FAILLOG_ENAB is not supported
|
||||
|
||||
#
|
||||
# Enable display of unknown usernames when login(1) failures are recorded.
|
||||
#
|
||||
#LOG_UNKFAIL_ENAB no
|
||||
|
||||
# Currently LOG_OK_LOGINS is not supported
|
||||
|
||||
# Currently LASTLOG_ENAB is not supported
|
||||
|
||||
#
|
||||
# Limit the highest user ID number for which the lastlog entries should
|
||||
# be updated.
|
||||
#
|
||||
# No LASTLOG_UID_MAX means that there is no user ID limit for writing
|
||||
# lastlog entries.
|
||||
#
|
||||
#LASTLOG_UID_MAX
|
||||
|
||||
# Currently MAIL_CHECK_ENAB is not supported
|
||||
|
||||
# Currently OBSCURE_CHECKS_ENAB is not supported
|
||||
|
||||
# Currently PORTTIME_CHECKS_ENAB is not supported
|
||||
|
||||
# Currently QUOTAS_ENAB is not supported
|
||||
|
||||
# Currently SYSLOG_SU_ENAB is not supported
|
||||
|
||||
#
|
||||
# Enable "syslog" logging of newgrp(1) and sg(1) activity.
|
||||
#
|
||||
#SYSLOG_SG_ENAB yes
|
||||
|
||||
# Currently CONSOLE is not supported
|
||||
|
||||
# Currently SULOG_FILE is not supported
|
||||
|
||||
# Currently MOTD_FILE is not supported
|
||||
|
||||
# Currently ISSUE_FILE is not supported
|
||||
|
||||
# Currently TTYTYPE_FILE is not supported
|
||||
|
||||
# Currently FTMP_FILE is not supported
|
||||
|
||||
# Currently NOLOGINS_FILE is not supported
|
||||
|
||||
# Currently SU_NAME is not supported
|
||||
|
||||
# *REQUIRED*
|
||||
# Directory where mailboxes reside, _or_ name of file, relative to the
|
||||
# home directory. If you _do_ define both, MAIL_DIR takes precedence.
|
||||
# QMAIL_DIR is for Qmail
|
||||
#
|
||||
#QMAIL_DIR Maildir
|
||||
MAIL_DIR /var/spool/mail
|
||||
#MAIL_FILE .mail
|
||||
|
||||
#
|
||||
# If defined, file which inhibits all the usual chatter during the login
|
||||
# sequence. If a full pathname, then hushed mode will be enabled if the
|
||||
# user's name or shell are found in the file. If not a full pathname, then
|
||||
# hushed mode will be enabled if the file exists in the user's home directory.
|
||||
#
|
||||
#HUSHLOGIN_FILE .hushlogin
|
||||
#HUSHLOGIN_FILE /etc/hushlogins
|
||||
|
||||
# Currently ENV_TZ is not supported
|
||||
|
||||
# Currently ENV_HZ is not supported
|
||||
|
||||
#
|
||||
# The default PATH settings, for superuser and normal users.
|
||||
#
|
||||
# (they are minimal, add the rest in the shell startup files)
|
||||
#ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin
|
||||
#ENV_PATH PATH=/bin:/usr/bin
|
||||
|
||||
#
|
||||
# Terminal permissions
|
||||
#
|
||||
# TTYGROUP Login tty will be assigned this group ownership.
|
||||
# TTYPERM Login tty will be set to this permission.
|
||||
#
|
||||
# If you have a write(1) program which is "setgid" to a special group
|
||||
# which owns the terminals, define TTYGROUP as the number of such group
|
||||
# and TTYPERM as 0620. Otherwise leave TTYGROUP commented out and
|
||||
# set TTYPERM to either 622 or 600.
|
||||
#
|
||||
#TTYGROUP tty
|
||||
#TTYPERM 0600
|
||||
|
||||
# Currently ERASECHAR, KILLCHAR and ULIMIT are not supported
|
||||
|
||||
# Default initial "umask" value used by login(1) on non-PAM enabled systems.
|
||||
# Default "umask" value for pam_umask(8) on PAM enabled systems.
|
||||
# UMASK is also used by useradd(8) and newusers(8) to set the mode for new
|
||||
# home directories if HOME_MODE is not set.
|
||||
# 022 is the default value, but 027, or even 077, could be considered
|
||||
# for increased privacy. There is no One True Answer here: each sysadmin
|
||||
# must make up their mind.
|
||||
UMASK 022
|
||||
|
||||
# HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
|
||||
# home directories.
|
||||
# If HOME_MODE is not set, the value of UMASK is used to create the mode.
|
||||
HOME_MODE 0700
|
||||
|
||||
# Password aging controls:
|
||||
#
|
||||
# PASS_MAX_DAYS Maximum number of days a password may be used.
|
||||
|
@ -16,20 +130,132 @@ MAIL_DIR /var/spool/mail
|
|||
#
|
||||
PASS_MAX_DAYS 99999
|
||||
PASS_MIN_DAYS 0
|
||||
PASS_MIN_LEN 5
|
||||
PASS_WARN_AGE 7
|
||||
|
||||
#
|
||||
# Min/max values for automatic uid selection in useradd
|
||||
#
|
||||
UID_MIN 500
|
||||
UID_MAX 60000
|
||||
# Currently PASS_MIN_LEN is not supported
|
||||
|
||||
# Currently SU_WHEEL_ONLY is not supported
|
||||
|
||||
# Currently CRACKLIB_DICTPATH is not supported
|
||||
|
||||
#
|
||||
# Min/max values for automatic gid selection in groupadd
|
||||
# Min/max values for automatic uid selection in useradd(8)
|
||||
#
|
||||
GID_MIN 500
|
||||
GID_MAX 60000
|
||||
UID_MIN 1000
|
||||
UID_MAX 60000
|
||||
# System accounts
|
||||
SYS_UID_MIN 201
|
||||
SYS_UID_MAX 999
|
||||
# Extra per user uids
|
||||
SUB_UID_MIN 100000
|
||||
SUB_UID_MAX 600100000
|
||||
SUB_UID_COUNT 65536
|
||||
|
||||
#
|
||||
# Min/max values for automatic gid selection in groupadd(8)
|
||||
#
|
||||
GID_MIN 1000
|
||||
GID_MAX 60000
|
||||
# System accounts
|
||||
SYS_GID_MIN 201
|
||||
SYS_GID_MAX 999
|
||||
# Extra per user group ids
|
||||
SUB_GID_MIN 100000
|
||||
SUB_GID_MAX 600100000
|
||||
SUB_GID_COUNT 65536
|
||||
|
||||
#
|
||||
# Max number of login(1) retries if password is bad
|
||||
#
|
||||
#LOGIN_RETRIES 3
|
||||
|
||||
#
|
||||
# Max time in seconds for login(1)
|
||||
#
|
||||
#LOGIN_TIMEOUT 60
|
||||
|
||||
# Currently PASS_CHANGE_TRIES is not supported
|
||||
|
||||
# Currently PASS_ALWAYS_WARN is not supported
|
||||
|
||||
# Currently PASS_MAX_LEN is not supported
|
||||
|
||||
# Currently CHFN_AUTH is not supported
|
||||
|
||||
#
|
||||
# Which fields may be changed by regular users using chfn(1) - use
|
||||
# any combination of letters "frwh" (full name, room number, work
|
||||
# phone, home phone). If not defined, no changes are allowed.
|
||||
# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
|
||||
#
|
||||
#CHFN_RESTRICT rwh
|
||||
|
||||
# Currently LOGIN_STRING is not supported
|
||||
|
||||
# Currently MD5_CRYPT_ENAB is not supported
|
||||
|
||||
#
|
||||
# If set to MD5, MD5-based algorithm will be used for encrypting password
|
||||
# If set to SHA256, SHA256-based algorithm will be used for encrypting password
|
||||
# If set to SHA512, SHA512-based algorithm will be used for encrypting password
|
||||
# If set to BCRYPT, BCRYPT-based algorithm will be used for encrypting password
|
||||
# If set to YESCRYPT, YESCRYPT-based algorithm will be used for encrypting password
|
||||
# If set to DES, DES-based algorithm will be used for encrypting password (default)
|
||||
#
|
||||
ENCRYPT_METHOD YESCRYPT
|
||||
|
||||
#
|
||||
# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
|
||||
#
|
||||
# Define the number of SHA rounds.
|
||||
# With a lot of rounds, it is more difficult to brute-force the password.
|
||||
# However, more CPU resources will be needed to authenticate users if
|
||||
# this value is increased.
|
||||
#
|
||||
# If not specified, the libc will choose the default number of rounds (5000).
|
||||
# The values must be within the 1000-999999999 range.
|
||||
#
|
||||
#SHA_CRYPT_MAX_ROUNDS 5000
|
||||
|
||||
# Currently SHA_CRYPT_MIN_ROUNDS is not supported
|
||||
|
||||
#
|
||||
# Only works if ENCRYPT_METHOD is set to BCRYPT.
|
||||
#
|
||||
# Define the number of BCRYPT rounds.
|
||||
# With a lot of rounds, it is more difficult to brute-force the password.
|
||||
# However, more CPU resources will be needed to authenticate users if
|
||||
# this value is increased.
|
||||
#
|
||||
# If not specified, 13 rounds will be attempted.
|
||||
# If only one of the MIN or MAX values is set, then this value will be used.
|
||||
# If MIN > MAX, the highest value will be used.
|
||||
#
|
||||
#BCRYPT_MIN_ROUNDS 13
|
||||
#BCRYPT_MAX_ROUNDS 31
|
||||
|
||||
#
|
||||
# Only works if ENCRYPT_METHOD is set to YESCRYPT.
|
||||
#
|
||||
# Define the YESCRYPT cost factor.
|
||||
# With a higher cost factor, it is more difficult to brute-force the password.
|
||||
# However, more CPU time and more memory will be needed to authenticate users
|
||||
# if this value is increased.
|
||||
#
|
||||
# If not specified, a cost factor of 5 will be used.
|
||||
# The value must be within the 1-11 range.
|
||||
#
|
||||
#YESCRYPT_COST_FACTOR 5
|
||||
|
||||
# Currently CONSOLE_GROUPS is not supported
|
||||
|
||||
#
|
||||
# Should login be allowed if we can't cd to the home directory?
|
||||
# Default is yes.
|
||||
#
|
||||
#DEFAULT_HOME yes
|
||||
|
||||
# Currently ENVIRON_FILE is not supported
|
||||
|
||||
#
|
||||
# If defined, this command is run when removing a user.
|
||||
|
@ -39,20 +265,41 @@ GID_MAX 60000
|
|||
#USERDEL_CMD /usr/sbin/userdel_local
|
||||
|
||||
#
|
||||
# If useradd should create home directories for users by default
|
||||
# On RH systems, we do. This option is overridden with the -m flag on
|
||||
# useradd command line.
|
||||
#
|
||||
CREATE_HOME yes
|
||||
|
||||
# The permission mask is initialized to this value. If not specified,
|
||||
# the permission mask will be initialized to 022.
|
||||
UMASK 077
|
||||
|
||||
# This enables userdel to remove user groups if no members exist.
|
||||
# Enables userdel(8) to remove user groups if no members exist.
|
||||
#
|
||||
USERGROUPS_ENAB yes
|
||||
|
||||
# Use SHA512 to encrypt password.
|
||||
ENCRYPT_METHOD SHA512
|
||||
#
|
||||
# If set to a non-zero number, the shadow utilities will make sure that
|
||||
# groups never have more than this number of users on one line.
|
||||
# This permits to support split groups (groups split into multiple lines,
|
||||
# with the same group ID, to avoid limitation of the line length in the
|
||||
# group file).
|
||||
#
|
||||
# 0 is the default value and disables this feature.
|
||||
#
|
||||
#MAX_MEMBERS_PER_GROUP 0
|
||||
|
||||
#
|
||||
# If useradd(8) should create home directories for users by default (non
|
||||
# system users only).
|
||||
# This option is overridden with the -M or -m flags on the useradd(8)
|
||||
# command-line.
|
||||
#
|
||||
CREATE_HOME yes
|
||||
|
||||
#
|
||||
# Force use shadow, even if shadow passwd & shadow group files are
|
||||
# missing.
|
||||
#
|
||||
#FORCE_SHADOW yes
|
||||
|
||||
#
|
||||
# Select the HMAC cryptography algorithm.
|
||||
# Used in pam_timestamp module to calculate the keyed-hash message
|
||||
# authentication code.
|
||||
#
|
||||
# Note: It is recommended to check hmac(3) to see the possible algorithms
|
||||
# that are available in your system.
|
||||
#
|
||||
HMAC_CRYPTO_ALGO SHA512
|
||||
|
|
|
@ -1,159 +1,262 @@
|
|||
Summary: Utilities for managing accounts and shadow password files
|
||||
Name: shadow-utils
|
||||
Version: 4.1.4.2
|
||||
Release: 2%{?dist}
|
||||
Version: 4.11.1
|
||||
Release: 4%{?dist}
|
||||
Epoch: 2
|
||||
URL: http://pkg-shadow.alioth.debian.org/
|
||||
Source0: ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-%{version}.tar.bz2
|
||||
Source1: shadow-utils.login.defs
|
||||
Source2: shadow-utils.useradd
|
||||
Patch0: shadow-4.1.4.2-redhat.patch
|
||||
Patch1: shadow-4.1.4.1-goodname.patch
|
||||
Patch2: shadow-4.1.4.2-leak.patch
|
||||
Patch3: shadow-4.1.4.2-fixes.patch
|
||||
License: BSD and GPLv2+
|
||||
Group: System Environment/Base
|
||||
BuildRequires: libselinux-devel >= 1.25.2-1
|
||||
BuildRequires: audit-libs-devel >= 1.6.5
|
||||
#BuildRequires: autoconf, automake, libtool, gettext-devel
|
||||
Requires: libselinux >= 1.25.2-1
|
||||
URL: https://github.com/shadow-maint/shadow
|
||||
Source0: https://github.com/shadow-maint/shadow/releases/download/v%{version}/shadow-%{version}.tar.xz
|
||||
Source1: https://github.com/shadow-maint/shadow/releases/download/v%{version}/shadow-%{version}.tar.xz.asc
|
||||
Source2: shadow-utils.useradd
|
||||
Source3: shadow-utils.login.defs
|
||||
Source4: shadow-bsd.txt
|
||||
Source5: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
|
||||
Source6: shadow-utils.HOME_MODE.xml
|
||||
|
||||
### Globals ###
|
||||
%global includesubiddir %{_includedir}/shadow
|
||||
|
||||
### Patches ###
|
||||
# Misc small changes - most probably non-upstreamable
|
||||
Patch0: shadow-4.11.1-redhat.patch
|
||||
# Be more lenient with acceptable user/group names - non upstreamable
|
||||
Patch1: shadow-4.8-goodname.patch
|
||||
# SElinux related - upstreamability unknown
|
||||
Patch3: shadow-4.9-default-range.patch
|
||||
# Misc manual page changes - non-upstreamable
|
||||
Patch4: shadow-4.9-manfix.patch
|
||||
# Date parsing improvement - could be upstreamed
|
||||
Patch5: shadow-4.2.1-date-parsing.patch
|
||||
# Additional error message - could be upstreamed
|
||||
Patch6: shadow-4.6-move-home.patch
|
||||
# Audit message changes - upstreamability unknown
|
||||
Patch7: shadow-4.11.1-audit-update.patch
|
||||
# Changes related to password unlocking - could be upstreamed
|
||||
Patch8: shadow-4.5-usermod-unlock.patch
|
||||
# Additional SElinux related changes - upstreamability unknown
|
||||
Patch9: shadow-4.8-selinux-perms.patch
|
||||
# Handle NULL return from *time funcs - upstreamable
|
||||
Patch10: shadow-4.11.1-null-tm.patch
|
||||
# Handle /etc/passwd corruption - could be upstreamed
|
||||
Patch11: shadow-4.8-long-entry.patch
|
||||
# Limit uid/gid allocation to non-zero - could be upstreamed
|
||||
Patch12: shadow-4.6-sysugid-min-limit.patch
|
||||
# Ignore LOGIN_PLAIN_PROMPT in login.defs - upstreamability unknown
|
||||
Patch13: shadow-4.8-ignore-login-prompt.patch
|
||||
# https://github.com/shadow-maint/shadow/commit/e101219ad71de11da3fdd1b3ec2620fd1a97b92c
|
||||
Patch14: shadow-4.9-nss-get-shadow-logfd-with-log-get-logfd.patch
|
||||
# https://github.com/shadow-maint/shadow/commit/f1f1678e13aa3ae49bdb139efaa2c5bc53dcfe92
|
||||
Patch15: shadow-4.11.1-useradd-modify-check-ID-range-for-system-users.patch
|
||||
|
||||
### Dependencies ###
|
||||
Requires: audit-libs >= 1.6.5
|
||||
Requires: libselinux >= 1.25.2-1
|
||||
Requires: setup
|
||||
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
|
||||
### Build Dependencies ###
|
||||
BuildRequires: audit-libs-devel >= 1.6.5
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
BuildRequires: bison
|
||||
BuildRequires: docbook-dtds
|
||||
BuildRequires: docbook-style-xsl
|
||||
BuildRequires: flex
|
||||
BuildRequires: gcc
|
||||
BuildRequires: gettext-devel
|
||||
BuildRequires: itstool
|
||||
BuildRequires: libacl-devel
|
||||
BuildRequires: libattr-devel
|
||||
BuildRequires: libselinux-devel >= 1.25.2-1
|
||||
BuildRequires: libsemanage-devel
|
||||
BuildRequires: libtool
|
||||
BuildRequires: libxslt
|
||||
BuildRequires: make
|
||||
|
||||
### Provides ###
|
||||
Provides: shadow = %{epoch}:%{version}-%{release}
|
||||
|
||||
%description
|
||||
The shadow-utils package includes the necessary programs for
|
||||
converting UNIX password files to the shadow password format, plus
|
||||
programs for managing user and group accounts. The pwconv command
|
||||
converts passwords to the shadow password format. The pwunconv command
|
||||
unconverts shadow passwords and generates an npasswd file (a standard
|
||||
unconverts shadow passwords and generates a passwd file (a standard
|
||||
UNIX password file). The pwck command checks the integrity of password
|
||||
and shadow files. The lastlog command prints out the last login times
|
||||
for all users. The useradd, userdel, and usermod commands are used for
|
||||
managing user accounts. The groupadd, groupdel, and groupmod commands
|
||||
are used for managing group accounts.
|
||||
|
||||
|
||||
### Subpackages ###
|
||||
%package subid
|
||||
Summary: A library to manage subordinate uid and gid ranges
|
||||
License: BSD and GPLv2+
|
||||
|
||||
%description subid
|
||||
Utility library that provides a way to manage subid ranges.
|
||||
|
||||
|
||||
%package subid-devel
|
||||
Summary: Development package for shadow-utils-subid
|
||||
License: BSD and GPLv2+
|
||||
Requires: shadow-utils-subid = %{epoch}:%{version}-%{release}
|
||||
|
||||
%description subid-devel
|
||||
Development files for shadow-utils-subid.
|
||||
|
||||
%prep
|
||||
%setup -q -n shadow-%{version}
|
||||
%patch0 -p1 -b .redhat
|
||||
%patch1 -p1 -b .goodname
|
||||
%patch2 -p1 -b .leak
|
||||
%patch3 -p1 -b .fixes
|
||||
%patch3 -p1 -b .default-range
|
||||
%patch4 -p1 -b .manfix
|
||||
%patch5 -p1 -b .date-parsing
|
||||
%patch6 -p1 -b .move-home
|
||||
%patch7 -p1 -b .audit-update
|
||||
%patch8 -p1 -b .unlock
|
||||
%patch9 -p1 -b .selinux-perms
|
||||
%patch10 -p1 -b .null-tm
|
||||
%patch11 -p1 -b .long-entry
|
||||
%patch12 -p1 -b .sysugid-min-limit
|
||||
%patch13 -p1 -b .login-prompt
|
||||
%patch14 -p1 -b .nss-get-shadow-logfd-with-log-get-logfd
|
||||
%patch15 -p1 -b .useradd-modify-check-ID-range-for-system-users
|
||||
|
||||
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
|
||||
cp -f doc/HOWTO.utf8 doc/HOWTO
|
||||
|
||||
#rm po/*.gmo
|
||||
#rm po/stamp-po
|
||||
#aclocal
|
||||
#libtoolize --force
|
||||
#automake -a
|
||||
#autoconf
|
||||
cp -a %{SOURCE4} %{SOURCE5} .
|
||||
cp -a %{SOURCE6} man/login.defs.d/HOME_MODE.xml
|
||||
|
||||
# Force regeneration of getdate.c
|
||||
rm libmisc/getdate.c
|
||||
|
||||
%build
|
||||
%ifarch sparc64
|
||||
#sparc64 need big PIE
|
||||
export CFLAGS="$RPM_OPT_FLAGS -fPIE"
|
||||
export LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
|
||||
%else
|
||||
export CFLAGS="$RPM_OPT_FLAGS -fpie"
|
||||
export LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
|
||||
%endif
|
||||
|
||||
autoreconf
|
||||
%configure \
|
||||
--enable-shadowgrp \
|
||||
--enable-man \
|
||||
--with-audit \
|
||||
--with-sha-crypt \
|
||||
--with-bcrypt \
|
||||
--with-yescrypt \
|
||||
--with-selinux \
|
||||
--without-libcrack \
|
||||
--without-libpam \
|
||||
--disable-shared
|
||||
make
|
||||
--enable-shared \
|
||||
--with-group-name-max-length=32
|
||||
%make_build
|
||||
|
||||
%install
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
make install DESTDIR=$RPM_BUILD_ROOT gnulocaledir=$RPM_BUILD_ROOT/%{_datadir}/locale MKINSTALLDIRS=`pwd`/mkinstalldirs
|
||||
install -d -m 755 $RPM_BUILD_ROOT/%{_sysconfdir}/default
|
||||
install -p -c -m 0644 %{SOURCE1} $RPM_BUILD_ROOT/%{_sysconfdir}/login.defs
|
||||
install -p -c -m 0600 %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/default/useradd
|
||||
%make_install gnulocaledir=$RPM_BUILD_ROOT%{_datadir}/locale MKINSTALLDIRS=`pwd`/mkinstalldirs
|
||||
install -d -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/default
|
||||
install -p -c -m 0644 %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/login.defs
|
||||
install -p -c -m 0600 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/default/useradd
|
||||
|
||||
|
||||
ln -s useradd $RPM_BUILD_ROOT%{_sbindir}/adduser
|
||||
#ln -s %{_mandir}/man8/useradd.8 $RPM_BUILD_ROOT/%{_mandir}/man8/adduser.8
|
||||
ln -s useradd.8 $RPM_BUILD_ROOT/%{_mandir}/man8/adduser.8
|
||||
for subdir in $RPM_BUILD_ROOT/%{_mandir}/{??,??_??,??_??.*}/man* ; do
|
||||
ln -s useradd.8 $RPM_BUILD_ROOT%{_mandir}/man8/adduser.8
|
||||
for subdir in $RPM_BUILD_ROOT%{_mandir}/{??,??_??,??_??.*}/man* ; do
|
||||
test -d $subdir && test -e $subdir/useradd.8 && echo ".so man8/useradd.8" > $subdir/adduser.8
|
||||
done
|
||||
|
||||
# Remove binaries we don't use.
|
||||
rm $RPM_BUILD_ROOT/%{_bindir}/chfn
|
||||
rm $RPM_BUILD_ROOT/%{_bindir}/chsh
|
||||
rm $RPM_BUILD_ROOT/%{_bindir}/expiry
|
||||
rm $RPM_BUILD_ROOT/%{_bindir}/groups
|
||||
rm $RPM_BUILD_ROOT/%{_bindir}/login
|
||||
rm $RPM_BUILD_ROOT/%{_bindir}/passwd
|
||||
rm $RPM_BUILD_ROOT/%{_bindir}/su
|
||||
rm $RPM_BUILD_ROOT/%{_sysconfdir}/login.access
|
||||
rm $RPM_BUILD_ROOT/%{_sysconfdir}/limits
|
||||
rm $RPM_BUILD_ROOT/%{_sbindir}/logoutd
|
||||
rm $RPM_BUILD_ROOT/%{_sbindir}/nologin
|
||||
rm $RPM_BUILD_ROOT/%{_sbindir}/chgpasswd
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/man1/chfn.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/*/man1/chfn.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/man1/chsh.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/*/man1/chsh.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/man1/expiry.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/*/man1/expiry.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/man1/groups.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/*/man1/groups.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/man1/login.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/*/man1/login.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/man1/passwd.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/*/man1/passwd.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/man1/su.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/*/man1/su.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/man5/limits.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/limits.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/man5/login.access.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/login.access.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/man5/passwd.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/passwd.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/man5/porttime.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/porttime.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/man5/suauth.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/suauth.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/man8/logoutd.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/logoutd.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/man8/nologin.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/nologin.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/man8/chgpasswd.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/chgpasswd.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/man3/getspnam.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/*/man3/getspnam.*
|
||||
rm $RPM_BUILD_ROOT%{_bindir}/chfn
|
||||
rm $RPM_BUILD_ROOT%{_bindir}/chsh
|
||||
rm $RPM_BUILD_ROOT%{_bindir}/expiry
|
||||
rm $RPM_BUILD_ROOT%{_bindir}/groups
|
||||
rm $RPM_BUILD_ROOT%{_bindir}/login
|
||||
rm $RPM_BUILD_ROOT%{_bindir}/passwd
|
||||
rm $RPM_BUILD_ROOT%{_bindir}/su
|
||||
rm $RPM_BUILD_ROOT%{_bindir}/faillog
|
||||
rm $RPM_BUILD_ROOT%{_sysconfdir}/login.access
|
||||
rm $RPM_BUILD_ROOT%{_sysconfdir}/limits
|
||||
rm $RPM_BUILD_ROOT%{_sbindir}/logoutd
|
||||
rm $RPM_BUILD_ROOT%{_sbindir}/nologin
|
||||
rm $RPM_BUILD_ROOT%{_mandir}/man1/chfn.*
|
||||
rm $RPM_BUILD_ROOT%{_mandir}/*/man1/chfn.*
|
||||
rm $RPM_BUILD_ROOT%{_mandir}/man1/chsh.*
|
||||
rm $RPM_BUILD_ROOT%{_mandir}/*/man1/chsh.*
|
||||
rm $RPM_BUILD_ROOT%{_mandir}/man1/expiry.*
|
||||
rm $RPM_BUILD_ROOT%{_mandir}/*/man1/expiry.*
|
||||
rm $RPM_BUILD_ROOT%{_mandir}/man1/groups.*
|
||||
rm $RPM_BUILD_ROOT%{_mandir}/*/man1/groups.*
|
||||
rm $RPM_BUILD_ROOT%{_mandir}/man1/login.*
|
||||
rm $RPM_BUILD_ROOT%{_mandir}/*/man1/login.*
|
||||
rm $RPM_BUILD_ROOT%{_mandir}/man1/passwd.*
|
||||
rm $RPM_BUILD_ROOT%{_mandir}/*/man1/passwd.*
|
||||
rm $RPM_BUILD_ROOT%{_mandir}/man1/su.*
|
||||
rm $RPM_BUILD_ROOT%{_mandir}/*/man1/su.*
|
||||
rm $RPM_BUILD_ROOT%{_mandir}/man5/limits.*
|
||||
rm $RPM_BUILD_ROOT%{_mandir}/*/man5/limits.*
|
||||
rm $RPM_BUILD_ROOT%{_mandir}/man5/login.access.*
|
||||
rm $RPM_BUILD_ROOT%{_mandir}/*/man5/login.access.*
|
||||
rm $RPM_BUILD_ROOT%{_mandir}/man5/passwd.*
|
||||
rm $RPM_BUILD_ROOT%{_mandir}/*/man5/passwd.*
|
||||
rm $RPM_BUILD_ROOT%{_mandir}/man5/porttime.*
|
||||
rm $RPM_BUILD_ROOT%{_mandir}/*/man5/porttime.*
|
||||
rm $RPM_BUILD_ROOT%{_mandir}/man5/suauth.*
|
||||
rm $RPM_BUILD_ROOT%{_mandir}/*/man5/suauth.*
|
||||
rm $RPM_BUILD_ROOT%{_mandir}/man8/logoutd.*
|
||||
rm $RPM_BUILD_ROOT%{_mandir}/*/man8/logoutd.*
|
||||
rm $RPM_BUILD_ROOT%{_mandir}/man8/nologin.*
|
||||
rm $RPM_BUILD_ROOT%{_mandir}/*/man8/nologin.*
|
||||
rm $RPM_BUILD_ROOT%{_mandir}/man3/getspnam.*
|
||||
rm $RPM_BUILD_ROOT%{_mandir}/*/man3/getspnam.*
|
||||
rm $RPM_BUILD_ROOT%{_mandir}/man5/faillog.*
|
||||
rm $RPM_BUILD_ROOT%{_mandir}/*/man5/faillog.*
|
||||
rm $RPM_BUILD_ROOT%{_mandir}/man8/faillog.*
|
||||
rm $RPM_BUILD_ROOT%{_mandir}/*/man8/faillog.*
|
||||
|
||||
%find_lang shadow
|
||||
find $RPM_BUILD_ROOT%{_mandir} -depth -type d -empty -delete
|
||||
%find_lang shadow
|
||||
for dir in $(ls -1d $RPM_BUILD_ROOT%{_mandir}/{??,??_??}) ; do
|
||||
dir=$(echo $dir | sed -e "s|^$RPM_BUILD_ROOT||")
|
||||
lang=$(basename $dir)
|
||||
echo "%%lang($lang) $dir" >> shadow.lang
|
||||
echo "%%lang($lang) $dir/man*" >> shadow.lang
|
||||
# echo "%%lang($lang) $dir/man*/*" >> shadow.lang
|
||||
# echo "%%lang($lang) $dir" >> shadow.lang
|
||||
# echo "%%lang($lang) $dir/man*" >> shadow.lang
|
||||
echo "%%lang($lang) $dir/man*/*" >> shadow.lang
|
||||
done
|
||||
|
||||
%clean
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
# Move header files to its own folder
|
||||
echo $(ls)
|
||||
mkdir -p $RPM_BUILD_ROOT/%{includesubiddir}
|
||||
install -m 644 libsubid/subid.h $RPM_BUILD_ROOT/%{includesubiddir}/
|
||||
|
||||
# Remove .la and .a files created by libsubid
|
||||
rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.la
|
||||
rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.a
|
||||
|
||||
%files -f shadow.lang
|
||||
%defattr(-,root,root)
|
||||
%doc NEWS doc/HOWTO README
|
||||
%dir %{_sysconfdir}/default
|
||||
%license gpl-2.0.txt shadow-bsd.txt
|
||||
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/login.defs
|
||||
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/default/useradd
|
||||
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/default/useradd
|
||||
%{_bindir}/sg
|
||||
%{_bindir}/chage
|
||||
%{_bindir}/faillog
|
||||
%{_bindir}/gpasswd
|
||||
%attr(4755,root,root) %{_bindir}/chage
|
||||
%attr(4755,root,root) %{_bindir}/gpasswd
|
||||
%{_bindir}/lastlog
|
||||
%{_bindir}/newgrp
|
||||
%attr(4755,root,root) %{_bindir}/newgrp
|
||||
%attr(0755,root,root) %caps(cap_setgid=ep) %{_bindir}/newgidmap
|
||||
%attr(0755,root,root) %caps(cap_setuid=ep) %{_bindir}/newuidmap
|
||||
%{_sbindir}/adduser
|
||||
%attr(0750,root,root) %{_sbindir}/user*
|
||||
%attr(0750,root,root) %{_sbindir}/group*
|
||||
%attr(0755,root,root) %{_sbindir}/user*
|
||||
%attr(0755,root,root) %{_sbindir}/group*
|
||||
%{_sbindir}/grpck
|
||||
%{_sbindir}/pwck
|
||||
%{_sbindir}/*conv
|
||||
%{_sbindir}/chpasswd
|
||||
%{_sbindir}/chgpasswd
|
||||
%{_sbindir}/newusers
|
||||
%{_sbindir}/vipw
|
||||
%{_sbindir}/vigr
|
||||
|
@ -161,25 +264,508 @@ rm -rf $RPM_BUILD_ROOT
|
|||
%{_mandir}/man1/gpasswd.1*
|
||||
%{_mandir}/man1/sg.1*
|
||||
%{_mandir}/man1/newgrp.1*
|
||||
%{_mandir}/man1/newgidmap.1*
|
||||
%{_mandir}/man1/newuidmap.1*
|
||||
%{_mandir}/man3/shadow.3*
|
||||
%{_mandir}/man5/shadow.5*
|
||||
%{_mandir}/man5/login.defs.5*
|
||||
%{_mandir}/man5/gshadow.5*
|
||||
%{_mandir}/man5/faillog.5*
|
||||
%{_mandir}/man5/subuid.5*
|
||||
%{_mandir}/man5/subgid.5*
|
||||
%{_mandir}/man8/adduser.8*
|
||||
%{_mandir}/man8/group*.8*
|
||||
%{_mandir}/man8/user*.8*
|
||||
%{_mandir}/man8/pwck.8*
|
||||
%{_mandir}/man8/grpck.8*
|
||||
%{_mandir}/man8/chpasswd.8*
|
||||
%{_mandir}/man8/chgpasswd.8*
|
||||
%{_mandir}/man8/newusers.8*
|
||||
%{_mandir}/man8/*conv.8*
|
||||
%{_mandir}/man8/lastlog.8*
|
||||
%{_mandir}/man8/faillog.8*
|
||||
%{_mandir}/man8/vipw.8*
|
||||
%{_mandir}/man8/vigr.8*
|
||||
|
||||
%files subid
|
||||
%{_libdir}/libsubid.so.*
|
||||
%{_bindir}/getsubids
|
||||
%{_mandir}/man1/getsubids.1*
|
||||
|
||||
%files subid-devel
|
||||
%{includesubiddir}/subid.h
|
||||
%{_libdir}/libsubid.so
|
||||
|
||||
%changelog
|
||||
* Mon Aug 1 2022 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.11.1-4
|
||||
- useradd: modify check ID range for system users. Resolves: #2093692
|
||||
|
||||
* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2:4.11.1-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
|
||||
|
||||
* Thu Feb 10 2022 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.11.1-2
|
||||
- Fix explicit subid requirement for subid-devel
|
||||
|
||||
* Tue Jan 25 2022 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.11.1-1
|
||||
- Rebase to version 4.11.1 (#2034038)
|
||||
- Fix release sources
|
||||
- Add explicit subid requirement for subid-devel
|
||||
|
||||
* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2:4.9-10
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
|
||||
|
||||
* Mon Jan 17 2022 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.9-9
|
||||
- nss: get shadow_logfd with log_get_logfd() (#2038811)
|
||||
- lib: make shadow_logfd and Prog not extern
|
||||
- lib: rename Prog to shadow_progname
|
||||
- lib: provide default values for shadow_progname
|
||||
- libsubid: use log_set_progname in subid_init
|
||||
|
||||
* Fri Nov 19 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.9-8
|
||||
- getsubids: provide system binary and man page (#1980780)
|
||||
- pwck: fix segfault when calling fprintf() (#2021339)
|
||||
- newgrp: fix segmentation fault (#2019553)
|
||||
- groupdel: fix SIGSEGV when passwd does not exist (#1986111)
|
||||
|
||||
* Fri Nov 12 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.9-7
|
||||
- useradd: change SELinux labels for home files (#2022658)
|
||||
|
||||
* Thu Nov 4 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.9-6
|
||||
- useradd: revert fix memleak of grp (#2018697)
|
||||
|
||||
* Wed Oct 27 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.9-5
|
||||
- useradd: generate home and mail directories with selinux user attribute
|
||||
|
||||
* Thu Sep 23 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.9-4
|
||||
- login.defs: include HMAC_CRYPTO_ALGO key
|
||||
- Clean spec file: organize dependencies and move License location
|
||||
|
||||
* Tue Aug 17 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.9-3
|
||||
- libmisc: fix default value in SHA_get_salt_rounds()
|
||||
|
||||
* Mon Aug 9 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.9-2
|
||||
- useradd: avoid generating an empty subid range (#1990653)
|
||||
|
||||
* Wed Aug 4 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.9-1
|
||||
- Rebase to version 4.9
|
||||
- usermod: allow all group types with -G option (#1975327)
|
||||
- Clean spec file
|
||||
|
||||
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2:4.8.1-20
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
|
||||
|
||||
* Wed Jul 14 2021 Björn Esser <besser82@fedoraproject.org> - 2:4.8.1-19
|
||||
- Add patch to fix 'fread returns element count, not element size'
|
||||
|
||||
* Wed Jul 14 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.8.1-18
|
||||
- Fix regression issues detected in rhbz#667593 and rhbz#672510
|
||||
|
||||
* Mon Jul 12 2021 Björn Esser <besser82@fedoraproject.org> - 2:4.8.1-17
|
||||
- Enable bcrypt support, as libxcrypt supports it well
|
||||
|
||||
* Sun Jul 04 2021 Björn Esser <besser82@fedoraproject.org> - 2:4.8.1-16
|
||||
- Add a patch to obtain random bytes using getentropy()
|
||||
- Update shadow-4.8-crypt_h.patch with the upstreamed version
|
||||
- Add a patch to make use of crypt_gensalt() from libxcrypt
|
||||
|
||||
* Tue Jun 29 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.8.1-15
|
||||
- useradd: free correct pointer (#1976809)
|
||||
|
||||
* Mon Jun 28 2021 Björn Esser <besser82@fedoraproject.org> - 2:4.8.1-14
|
||||
- Add a patch to fix the used prefix for the bcrypt hash method
|
||||
- Add a patch to cleanup the code in libmisc/salt.c
|
||||
- Add a patch adding some clarifying comments in libmisc/salt.c
|
||||
- Add a patch to obtain random bytes from /dev/urandom
|
||||
|
||||
* Mon Jun 28 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.8.1-13
|
||||
- Covscan fixes
|
||||
|
||||
* Mon Jun 21 2021 Björn Esser <besser82@fedoraproject.org> - 2:4.8.1-12
|
||||
- Backport support for yescrypt hash method
|
||||
- Add a patch to fix the parameter type of YESCRYPT_salt_cost()
|
||||
|
||||
* Mon Jun 21 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.8.1-11
|
||||
- libsubid: don't print error messages on stderr by default
|
||||
- libsubid: libsubid_init return false if out of memory
|
||||
- useradd: fix SUB_UID_COUNT=0
|
||||
- libsubid: don't return owner in list_owner_ranges API call
|
||||
- libsubid: libsubid_init don't print messages on error
|
||||
- libsubid: fix newusers when nss provides subids
|
||||
- man: clarify subid delegation
|
||||
- libsubid: make shadow_logfd not extern
|
||||
|
||||
* Thu May 6 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.8.1-10
|
||||
- man: mention NSS in new[ug]idmap manpages
|
||||
- libsubid: move development header to shadow folder
|
||||
|
||||
* Fri Apr 16 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.8.1-9
|
||||
- libsubid: creation and nsswitch support
|
||||
- Creation of subid and subid-devel subpackages
|
||||
|
||||
* Mon Mar 29 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.8.1-8
|
||||
- man: include lastlog file caveat (#951564)
|
||||
- Upstream links to several patches
|
||||
- Spec file cleanup by Robert Scheck
|
||||
- Add BuildRequires: make by Tom Stellard
|
||||
|
||||
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2:4.8.1-7
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
|
||||
* Mon Nov 9 2020 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.8.1-6
|
||||
- commonio: force lock file sync (#1862056)
|
||||
|
||||
* Tue Nov 3 2020 Petr Lautrbach <plautrba@redhat.com> - 2:4.8.1-5
|
||||
- Rebuild with libsemanage.so.2
|
||||
|
||||
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2:4.8.1-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Thu May 14 2020 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.8.1-3
|
||||
- check only local groups when adding new supplementary groups to a user (#1727236)
|
||||
|
||||
* Tue Mar 24 2020 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.8.1-2
|
||||
- useradd: clarify the useradd -d parameter behavior in man page
|
||||
|
||||
* Tue Mar 17 2020 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.8.1-1
|
||||
- updated upstream to 4.8.1
|
||||
|
||||
* Tue Mar 17 2020 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.8-5
|
||||
- synchronized login.defs with upstream file (#1261099 and #1807957)
|
||||
|
||||
* Mon Feb 24 2020 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.8-4
|
||||
- fix useradd: doesn't generate spool mail with the proper SELinux user identity
|
||||
(#1690527)
|
||||
|
||||
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2:4.8-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Thu Jan 16 2020 Tomáš Mráz <tmraz@redhat.com> - 2:4.8-2
|
||||
- make the invalid shell check into warning
|
||||
|
||||
* Mon Jan 13 2020 Tomáš Mráz <tmraz@redhat.com> - 2:4.8-1
|
||||
- update to current upstream release 4.8
|
||||
|
||||
* Mon Sep 2 2019 Tomáš Mráz <tmraz@redhat.com> - 2:4.6-16
|
||||
- fix SELinux related problem in chpasswd/chgpasswd when run with -R
|
||||
(patch by Petr Lautrbach) (#1747215)
|
||||
|
||||
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2:4.6-15
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
|
||||
* Fri Jun 7 2019 Tomáš Mráz <tmraz@redhat.com> - 2:4.6-14
|
||||
- minor auditing fixes
|
||||
|
||||
* Fri May 3 2019 Tomáš Mráz <tmraz@redhat.com> - 2:4.6-13
|
||||
- use lckpwdf() again to disable concurrent edits of databases by
|
||||
other applications
|
||||
|
||||
* Tue Apr 2 2019 Tomáš Mráz <tmraz@redhat.com> - 2:4.6-12
|
||||
- force regeneration of getdate.c otherwise the date parsing fix
|
||||
is not applied
|
||||
|
||||
* Fri Mar 22 2019 Tomáš Mráz <tmraz@redhat.com> - 2:4.6-11
|
||||
- clarify chage manual page in regards to shadow and passwd
|
||||
inconsistency (#1686440)
|
||||
|
||||
* Thu Mar 21 2019 Tomáš Mráz <tmraz@redhat.com> - 2:4.6-10
|
||||
- Ignore LOGIN_PLAIN_PROMPT variable in login.defs
|
||||
|
||||
* Thu Mar 7 2019 Tim Landscheidt <tim@tim-landscheidt.de> - 2:4.6-9
|
||||
- Remove obsolete requirements for post/pre scriptlets
|
||||
|
||||
* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2:4.6-8
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 2:4.6-7
|
||||
- Rebuilt for libcrypt.so.2 (#1666033)
|
||||
|
||||
* Tue Dec 18 2018 Tomáš Mráz <tmraz@redhat.com> - 2:4.6-6
|
||||
- usermod: guard against unsafe change of ownership of
|
||||
special home directories
|
||||
|
||||
* Mon Nov 19 2018 Tomáš Mráz <tmraz@redhat.com> - 2:4.6-5
|
||||
- use itstool instead of xml2po
|
||||
|
||||
* Tue Nov 6 2018 Tomáš Mráz <tmraz@redhat.com> - 2:4.6-4
|
||||
- use cap_setxid file capabilities for newxidmap instead of making them setuid
|
||||
- limit the SYS_U/GID_MIN value to 1 as the algorithm does not work with 0
|
||||
and the 0 is always used by root anyway
|
||||
- manual page improvements
|
||||
|
||||
* Wed Oct 10 2018 Tomáš Mráz <tmraz@redhat.com> - 2:4.6-3
|
||||
- fix some issues from Coverity scan
|
||||
- flush sssd caches - patch by Jakub Hrozek
|
||||
|
||||
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2:4.6-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||
|
||||
* Mon May 28 2018 Tomáš Mráz <tmraz@redhat.com> - 2:4.6-1
|
||||
- update to current upstream release 4.6
|
||||
|
||||
* Fri Apr 20 2018 Tomáš Mráz <tmraz@redhat.com> - 2:4.5-10
|
||||
- Raise limit for passwd and shadow entry length but also prevent
|
||||
writing longer entries (#1422497)
|
||||
|
||||
* Tue Feb 06 2018 Björn Esser <besser82@fedoraproject.org> - 2:4.5-9
|
||||
- Add patch to include crypt.h, if present
|
||||
- Use %%make_{build,install} macros
|
||||
- Refresh other patches for proper alignment
|
||||
|
||||
* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 2:4.5-8
|
||||
- Rebuilt for switch to libxcrypt
|
||||
|
||||
* Mon Nov 6 2017 Tomáš Mráz <tmraz@redhat.com> - 2:4.5-7
|
||||
- fix regression caused by the userdel-chroot patch (#1509978)
|
||||
|
||||
* Thu Nov 2 2017 Tomáš Mráz <tmraz@redhat.com> - 2:4.5-6
|
||||
- fix userdel in chroot (#1316168)
|
||||
- add useful chage -E example to chage manpage
|
||||
|
||||
* Fri Sep 15 2017 Tomáš Mráz <tmraz@redhat.com> - 2:4.5-5
|
||||
- do not allow "." and ".." user names
|
||||
|
||||
* Mon Aug 14 2017 Tomáš Mráz <tmraz@redhat.com> - 2:4.5-4
|
||||
- allow switching to secondary group without checking the membership
|
||||
explicitly (patch from upstream)
|
||||
|
||||
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2:4.5-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
||||
|
||||
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2:4.5-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
||||
|
||||
* Fri Jul 21 2017 Tomáš Mráz <tmraz@redhat.com> - 2:4.5-1
|
||||
- update to current upstream release 4.5
|
||||
|
||||
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2:4.3.1-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
||||
|
||||
* Thu Aug 25 2016 Tomáš Mráz <tmraz@redhat.com> - 2:4.3.1-2
|
||||
- fix regression in useradd - not processing defaults properly (#1369979)
|
||||
|
||||
* Tue Aug 23 2016 Tomáš Mráz <tmraz@redhat.com> - 2:4.3.1-1
|
||||
- new upstream release fixing low impact security issue
|
||||
|
||||
* Tue Jun 14 2016 Tomáš Mráz <tmraz@redhat.com> - 2:4.2.1-11
|
||||
- guard for localtime() and gmtime() failure
|
||||
|
||||
* Mon May 30 2016 Tomáš Mráz <tmraz@redhat.com> - 2:4.2.1-10
|
||||
- chpasswd, chgpasswd: open audit when starting
|
||||
|
||||
* Thu May 26 2016 Tomáš Mráz <tmraz@redhat.com> - 2:4.2.1-9
|
||||
- chgpasswd: do not remove it
|
||||
- chpasswd, chgpasswd: add selinux_check_access call (#1336902)
|
||||
|
||||
* Thu Mar 17 2016 Tomáš Mráz <tmraz@redhat.com> - 2:4.2.1-8
|
||||
- userdel: fix userdel -f with /etc/subuid present (#1316168)
|
||||
|
||||
* Tue Feb 9 2016 Tomáš Mráz <tmraz@redhat.com> - 2:4.2.1-7
|
||||
- usermod: properly return error during password manipulation
|
||||
|
||||
* Wed Feb 3 2016 Tomáš Mráz <tmraz@redhat.com> - 2:4.2.1-6
|
||||
- add possibility to clear or set lastlog record for user via lastlog
|
||||
|
||||
* Fri Jan 8 2016 Tomáš Mráz <tmraz@redhat.com> - 2:4.2.1-5
|
||||
- do not use obscure permissions for binaries
|
||||
- remove unused commands from login.defs(5) cross-reference
|
||||
|
||||
* Fri Nov 6 2015 Tomáš Mráz <tmraz@redhat.com> - 2:4.2.1-4
|
||||
- document that groupmems is not setuid root
|
||||
- document that expiration of the password after inactivity period
|
||||
locks the user account completely
|
||||
|
||||
* Thu Aug 27 2015 Tomáš Mráz <tmraz@redhat.com> - 2:4.2.1-3
|
||||
- unlock also passwords locked with passwd -l
|
||||
- prevent breaking user entry by entering a password containing colon
|
||||
- fix possible DoS when locking the database files for update
|
||||
- properly use login.defs from the chroot in useradd
|
||||
|
||||
* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2:4.2.1-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
||||
|
||||
* Wed Nov 26 2014 Tomáš Mráz <tmraz@redhat.com> - 2:4.2.1-1
|
||||
- new upstream release with support for subordinate uids and gids
|
||||
|
||||
* Tue Nov 25 2014 Tomáš Mráz <tmraz@redhat.com> - 2:4.1.5.1-22
|
||||
- small adjustments to the audit patch
|
||||
|
||||
* Fri Oct 17 2014 Tomáš Mráz <tmraz@redhat.com> - 2:4.1.5.1-21
|
||||
- update auditing to cover more events and fix some incorrect audit
|
||||
records - patch by Steve Grubb (#1151580)
|
||||
- apply the same new allocation algorithm to uids as for gids
|
||||
|
||||
* Wed Sep 10 2014 Tomas Mraz <tmraz@redhat.com> - 2:4.1.5.1-20
|
||||
- discard obsolete matchpathcon cache after semanage_commit()
|
||||
|
||||
* Tue Sep 9 2014 Tomas Mraz <tmraz@redhat.com> - 2:4.1.5.1-19
|
||||
- disallow all-numeric user and group names (#1139318)
|
||||
|
||||
* Fri Aug 29 2014 Tomas Mraz <tmraz@redhat.com> - 2:4.1.5.1-18
|
||||
- label the newly created home dir correctly (#1077809)
|
||||
- mention that chage -d 0 forces password change (#1135010)
|
||||
- improve date parsing and error detecting in chage
|
||||
- avoid full group database scanning in newgrp in most common case
|
||||
- report error if usermod asked for moving homedir and it does not exist
|
||||
|
||||
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2:4.1.5.1-17
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
|
||||
|
||||
* Tue Aug 5 2014 Tom Callaway <spot@fedoraproject.org> - 2:4.1.5.1-16
|
||||
- fix license handling
|
||||
|
||||
* Mon Jul 14 2014 Tomas Mraz <tmraz@redhat.com> - 2:4.1.5.1-15
|
||||
- revert the last change as it is not really needed
|
||||
|
||||
* Thu Jul 10 2014 Tomas Mraz <tmraz@redhat.com> - 2:4.1.5.1-14
|
||||
- put system users and groups into /usr/lib/{passwd,group} if
|
||||
the files exist and SHADOW_USE_USRLIB environment variable is set
|
||||
Patch by Colin Walters
|
||||
|
||||
* Mon Jun 30 2014 Tomas Mraz <tmraz@redhat.com> - 2:4.1.5.1-13
|
||||
- ignore getgrgid() errors for now
|
||||
|
||||
* Mon Jun 30 2014 Tomas Mraz <tmraz@redhat.com> - 2:4.1.5.1-12
|
||||
- improve group allocation algorithm - patch by Stephen Gallager (#1089738)
|
||||
|
||||
* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2:4.1.5.1-11
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
||||
|
||||
* Wed Feb 12 2014 Tomas Mraz <tmraz@redhat.com> - 2:4.1.5.1-10
|
||||
- clean up login.defs manpage
|
||||
- properly document userdel -f behavior
|
||||
|
||||
* Fri Oct 18 2013 Tomas Mraz <tmraz@redhat.com> - 2:4.1.5.1-9
|
||||
- document that the directory where user's home is created must exist
|
||||
|
||||
* Thu Jul 25 2013 Tomas Mraz <tmraz@redhat.com> - 2:4.1.5.1-8
|
||||
- slightly more meaningful error messages if crypt() returns NULL (#988184)
|
||||
- explicit suid permissions
|
||||
|
||||
* Fri Jul 19 2013 Tomas Mraz <tmraz@redhat.com> - 2:4.1.5.1-7
|
||||
- fix useradd man page bugs
|
||||
|
||||
* Fri Jun 14 2013 Tomas Mraz <tmraz@redhat.com> - 2:4.1.5.1-6
|
||||
- report error to stdout when SELinux context for home directory
|
||||
cannot be determined (#973647)
|
||||
- audit the changing home directory owner (#885797)
|
||||
- do not set the default SELinux MLS range (#852676)
|
||||
|
||||
* Tue Mar 19 2013 Tomas Mraz <tmraz@redhat.com> - 2:4.1.5.1-5
|
||||
- improve the failure syslog message in useradd (#830617)
|
||||
|
||||
* Wed Feb 20 2013 Tomas Mraz <tmraz@redhat.com> - 2:4.1.5.1-4
|
||||
- keep the original context if matchpathcon() fails (#912399)
|
||||
|
||||
* Tue Jan 29 2013 Tomas Mraz <tmraz@redhat.com> - 2:4.1.5.1-3
|
||||
- fix bugs in merge_group_entries()
|
||||
|
||||
* Fri Jan 11 2013 Tomas Mraz <tmraz@redhat.com> - 2:4.1.5.1-2
|
||||
- /etc/default is owned by glibc-common now (#894194)
|
||||
|
||||
* Wed Sep 19 2012 Tomas Mraz <tmraz@redhat.com> - 2:4.1.5.1-1
|
||||
- new upstream version
|
||||
- use the original file permissions when creating backup (#853102)
|
||||
|
||||
* Wed Jul 25 2012 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.5-5
|
||||
- make /etc/default/useradd world-readable (#835137)
|
||||
|
||||
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2:4.1.5-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
||||
|
||||
* Mon Jun 18 2012 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.5-3
|
||||
- pwconv/grpconv skipped 2nd of consecutive failures (#832995)
|
||||
|
||||
* Thu Mar 22 2012 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.5-2
|
||||
- fix selinux context handling
|
||||
- reset selinux context on files copied from skel
|
||||
|
||||
* Mon Mar 19 2012 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.5-1
|
||||
- upgrade
|
||||
|
||||
* Tue Feb 07 2012 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.4.3-14
|
||||
- compile with PIE and RELRO flags (#784349)
|
||||
|
||||
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2:4.1.4.3-13
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
||||
|
||||
* Tue Dec 20 2011 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.4.3-12
|
||||
- fix leaks in .IDs patch (#734340)
|
||||
|
||||
* Wed Nov 16 2011 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.4.3-11
|
||||
- free memory associated with SELinux security contexts
|
||||
|
||||
* Wed Nov 09 2011 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.4.3-10
|
||||
- replace semanage call by library call
|
||||
- useradd man page (#739147)
|
||||
|
||||
* Tue Aug 02 2011 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.4.3-9
|
||||
- man page adjustment (userdel -Z)
|
||||
|
||||
* Tue Aug 02 2011 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.4.3-8
|
||||
- fixing semanage issue (#701355)
|
||||
|
||||
* Fri Jul 22 2011 Miloslav Trmač <mitr@redhat.com> - 2:4.1.4.3-7
|
||||
- Make sure /etc/login.defs is not changed on upgrades from Fedora 1[345].
|
||||
|
||||
* Wed Jun 29 2011 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.4.3-6
|
||||
- man page fixes (#696213 #674878)
|
||||
|
||||
* Tue Jun 28 2011 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.4.3-5
|
||||
- userdel option to remove Linux login <-> SELinux login mapping (#639900)
|
||||
- useradd special exit value if SELinux user mapping is invalid (#639975)
|
||||
- usermod special exit value if SELinux user mapping is invalid (#639976)
|
||||
|
||||
* Mon Jun 27 2011 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.4.3-4
|
||||
- refer to PAM in /etc/login.defs (#629277)
|
||||
|
||||
* Mon Jun 06 2011 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.4.3-3
|
||||
- fix shadow-4.1.4.2-underflow.patch
|
||||
|
||||
* Tue May 31 2011 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.4.3-2
|
||||
- fix integer underflow in laslog (#706321)
|
||||
|
||||
* Fri May 20 2011 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.4.3-1
|
||||
- upgrade
|
||||
- change UID/GID_MIN to #1000
|
||||
- fix find_new_uid/gid for big UID/GID_MAX
|
||||
|
||||
* Wed Feb 09 2011 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.4.2-11
|
||||
- useradd man page (-m option)
|
||||
- create home directory on fs with noacl
|
||||
- remove faillog app (pam_tally.so is no longer shipped)
|
||||
Resolves: #523265, #622320
|
||||
|
||||
* Tue Feb 01 2011 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.4.2-10
|
||||
- do not use gshadow functions from glibc, there is a bug
|
||||
in glibc sgetsgent(#674361)
|
||||
Resolves: #674234
|
||||
|
||||
* Wed Jan 05 2011 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.4.2-9
|
||||
- fix gshadow functions from shadow utils
|
||||
- make shadow utils use gshadow functions from glibc
|
||||
Resolves: #665780
|
||||
|
||||
* Tue Jul 20 2010 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.4.2-8
|
||||
- fix pwck/grpck hang
|
||||
Resolves: #586322
|
||||
|
||||
* Mon Jun 14 2010 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.4.2-7
|
||||
- fix integer underflow in faillog (#603683)
|
||||
- use preferred GID for reserved static IDs
|
||||
|
||||
* Thu Apr 29 2010 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.4.2-6
|
||||
- preserve ACL's on files in /etc/skel
|
||||
Resolves: #513055
|
||||
|
||||
* Wed Apr 28 2010 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.4.2-5
|
||||
- newusers man page more informative
|
||||
- userdel should not need to run semanage
|
||||
Resolves: #586330 #586408
|
||||
|
||||
* Thu Apr 01 2010 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.4.2-4
|
||||
- fix man directories ownership (#569418)
|
||||
|
||||
* Fri Mar 26 2010 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.4.2-3
|
||||
- max group name length set to 32 characters
|
||||
|
||||
* Wed Nov 18 2009 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.4.2-2
|
||||
- apply patches{1,2,3}
|
||||
- enable SHA512 in /etc/login.defs
|
||||
|
@ -300,11 +886,11 @@ rm -rf $RPM_BUILD_ROOT
|
|||
* Tue Jun 26 2007 Peter Vrabec <pvrabec@redhat.com> 2:4.0.18.1-16
|
||||
- fix "CAVEATS" section of groupadd man page (#245590)
|
||||
|
||||
* Tue Jun 06 2007 Peter Vrabec <pvrabec@redhat.com> 2:4.0.18.1-15
|
||||
* Wed Jun 06 2007 Peter Vrabec <pvrabec@redhat.com> 2:4.0.18.1-15
|
||||
- fix infinitive loop if there are duplicate entries
|
||||
in /etc/group (#240915)
|
||||
|
||||
* Tue Jun 06 2007 Peter Vrabec <pvrabec@redhat.com> 2:4.0.18.1-14
|
||||
* Wed Jun 06 2007 Peter Vrabec <pvrabec@redhat.com> 2:4.0.18.1-14
|
||||
- do not run find_new_uid() twice and use getpwuid() to check
|
||||
UID uniqueness (#236871)
|
||||
|
||||
|
@ -319,7 +905,7 @@ rm -rf $RPM_BUILD_ROOT
|
|||
|
||||
* Wed Feb 28 2007 Peter Vrabec <pvrabec@redhat.com> 2:4.0.18.1-10
|
||||
- spec file fixes to meet fedora standarts.
|
||||
- fix useless call of restorecon(). (#222159)
|
||||
- fix useless call of restorecon(). (#222159)
|
||||
|
||||
* Sun Jan 14 2007 Peter Vrabec <pvrabec@redhat.com> 2:4.0.18.1-9
|
||||
- fix append option in usermod (#222540).
|
||||
|
@ -346,7 +932,7 @@ rm -rf $RPM_BUILD_ROOT
|
|||
* Fri Nov 03 2006 Peter Vrabec <pvrabec@redhat.com> 2:4.0.18.1-2
|
||||
- improve audit logging (#211659)
|
||||
- improve "-l" option. Do not reset faillog if it's used (#213450).
|
||||
|
||||
|
||||
* Wed Nov 01 2006 Peter Vrabec <pvrabec@redhat.com> 2:4.0.18.1-1
|
||||
- upgrade
|
||||
|
||||
|
@ -354,7 +940,7 @@ rm -rf $RPM_BUILD_ROOT
|
|||
- add dist-tag
|
||||
|
||||
* Wed Oct 04 2006 Peter Vrabec <pvrabec@redhat.com> 2:4.0.17-6
|
||||
- fix regression. Permissions on user* group* binaries
|
||||
- fix regression. Permissions on user* group* binaries
|
||||
should be 0750, because of CAPP/LSPP certification
|
||||
- fix groupdel man page
|
||||
|
||||
|
@ -439,7 +1025,7 @@ rm -rf $RPM_BUILD_ROOT
|
|||
- audit support
|
||||
|
||||
* Sat Aug 27 2005 Peter Vrabec <pvrabec@redhat.com> 2:4.0.12-1
|
||||
- upgrade
|
||||
- upgrade
|
||||
|
||||
* Sat Aug 13 2005 Dan Walsh <dwalsh@redhat.com> 2:4.0.11.1-5
|
||||
- Change to use new selinux api for selinux_check_passwd_access
|
||||
|
@ -453,11 +1039,11 @@ rm -rf $RPM_BUILD_ROOT
|
|||
- fix useradd man page(#97131)
|
||||
|
||||
* Mon Aug 08 2005 Peter Vrabec <pvrabec@redhat.com> 2:4.0.11.1-2
|
||||
- do not copy files from skel directory if home directory
|
||||
- do not copy files from skel directory if home directory
|
||||
already exist (#89591,#80242)
|
||||
|
||||
* Fri Aug 05 2005 Peter Vrabec <pvrabec@redhat.com> 2:4.0.11.1-1
|
||||
- upgrade
|
||||
- upgrade
|
||||
|
||||
* Mon May 23 2005 Peter Vrabec <pvrabec@redhat.com> 2:4.0.7-9
|
||||
- remove vigr binary
|
||||
|
@ -472,13 +1058,13 @@ rm -rf $RPM_BUILD_ROOT
|
|||
- fix chage -l option (#109499, #137498)
|
||||
|
||||
* Mon Apr 04 2005 Peter Vrabec <pvrabec@redhat.com> 2:4.0.7-5
|
||||
- fix memory leak, and CPU spinning when grp_update() and
|
||||
- fix memory leak, and CPU spinning when grp_update() and
|
||||
duplicate group entries in /etc/group (#151484)
|
||||
|
||||
* Mon Mar 29 2005 Peter Vrabec <pvrabec@redhat.com> 2:4.0.7-4
|
||||
* Tue Mar 29 2005 Peter Vrabec <pvrabec@redhat.com> 2:4.0.7-4
|
||||
- use newgrp binary
|
||||
- newgrp don't ask for password if user's default GID = group ID,
|
||||
ask for password if there is some in /etc/gshadow
|
||||
ask for password if there is some in /etc/gshadow
|
||||
and in /etc/group is 'x' (#149997)
|
||||
|
||||
* Mon Mar 14 2005 Peter Vrabec <pvrabec@redhat.com>
|
||||
|
@ -585,7 +1171,7 @@ rm -rf $RPM_BUILD_ROOT
|
|||
* Thu Sep 4 2003 Dan Walsh <dwalsh@redhat.com> 4.0.3-11.sel
|
||||
- build with SELinux support
|
||||
|
||||
* Fri Jul 28 2003 Dan Walsh <dwalsh@redhat.com> 4.0.3-10
|
||||
* Mon Jul 28 2003 Dan Walsh <dwalsh@redhat.com> 4.0.3-10
|
||||
- Add SELinux support
|
||||
|
||||
* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
|
||||
|
@ -768,7 +1354,7 @@ rm -rf $RPM_BUILD_ROOT
|
|||
* Tue Mar 23 1999 Preston Brown <pbrown@redhat.com>
|
||||
- edit out unused CHFN fields from login.defs.
|
||||
|
||||
* Sun Mar 21 1999 Cristian Gafton <gafton@redhat.com>
|
||||
* Sun Mar 21 1999 Cristian Gafton <gafton@redhat.com>
|
||||
- auto rebuild in the new build environment (release 7)
|
||||
|
||||
* Wed Jan 13 1999 Bill Nottingham <notting@redhat.com>
|
||||
|
@ -809,7 +1395,7 @@ rm -rf $RPM_BUILD_ROOT
|
|||
* Thu Nov 06 1997 Cristian Gafton <gafton@redhat.com>
|
||||
- added forgot lastlog command to the spec file
|
||||
|
||||
* Mon Oct 26 1997 Cristian Gafton <gafton@redhat.com>
|
||||
* Mon Oct 27 1997 Cristian Gafton <gafton@redhat.com>
|
||||
- obsoletes adduser
|
||||
|
||||
* Thu Oct 23 1997 Cristian Gafton <gafton@redhat.com>
|
||||
|
|
3
sources
3
sources
|
@ -1 +1,2 @@
|
|||
d593a9cab93c48ee0a6ba056db8c1997 shadow-4.1.4.2.tar.bz2
|
||||
SHA512 (shadow-4.11.1.tar.xz) = 12fbe4d6ac929ad3c21525ed0f1026b5b678ccec9762f2ec7e611d9c180934def506325f2835fb750dd30af035b592f827ff151cd6e4c805aaaf8e01425c279f
|
||||
SHA512 (shadow-4.11.1.tar.xz.asc) = 4594189678cc9bcc8831f62a5d42c605b085be4a3b540429d7c800f4304e2e8fe04358547917eb90c1513646fade7c714611bfdc98af7dec5321a3dc3e65c4fd
|
||||
|
|
|
@ -0,0 +1,77 @@
|
|||
# Copyright (c) 2006 Red Hat, Inc. All rights reserved. This copyrighted material
|
||||
# is made available to anyone wishing to use, modify, copy, or
|
||||
# redistribute it subject to the terms and conditions of the GNU General
|
||||
# Public License v.2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful, but WITHOUT ANY
|
||||
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
|
||||
# PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# Author: Jakub Hrozek
|
||||
|
||||
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
|
||||
# Example Makefile for RHTS #
|
||||
# This example is geared towards a test for a specific package #
|
||||
# It does most of the work for you, but may require further coding #
|
||||
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
|
||||
|
||||
# The toplevel namespace within which the test lives.
|
||||
TOPLEVEL_NAMESPACE=CoreOS
|
||||
|
||||
# The name of the package under test:
|
||||
PACKAGE_NAME=shadow-utils
|
||||
|
||||
# The path of the test below the package:
|
||||
RELATIVE_PATH=sanity
|
||||
|
||||
# Version of the Test. Used with make tag.
|
||||
export TESTVERSION=1.1
|
||||
|
||||
# The combined namespace of the test.
|
||||
export TEST=/$(TOPLEVEL_NAMESPACE)/$(PACKAGE_NAME)/$(RELATIVE_PATH)
|
||||
|
||||
# A phony target is one that is not really the name of a file.
|
||||
# It is just a name for some commands to be executed when you
|
||||
# make an explicit request. There are two reasons to use a
|
||||
# phony target: to avoid a conflict with a file of the same
|
||||
# name, and to improve performance.
|
||||
.PHONY: all install download clean
|
||||
|
||||
# Executables to be built should be added here, they will be generated on the system under test.
|
||||
BUILT_FILES=
|
||||
|
||||
# Data files, .c files, scripts anything needed to either compile the test and/or run it.
|
||||
FILES=$(METADATA) Makefile PURPOSE sanity_test.py runtest.sh
|
||||
|
||||
run: $(FILES) build
|
||||
./runtest.sh
|
||||
|
||||
build: $(BUILT_FILES)
|
||||
chmod a+x ./sanity_test.py
|
||||
chmod a+x ./runtest.sh
|
||||
|
||||
clean:
|
||||
rm -f *~ *.rpm $(BUILT_FILES)
|
||||
|
||||
# Include Common Makefile
|
||||
include /usr/share/rhts/lib/rhts-make.include
|
||||
|
||||
# Generate the testinfo.desc here:
|
||||
$(METADATA): Makefile
|
||||
@touch $(METADATA)
|
||||
@echo "Owner: Jakub Hrozek <jhrozek@redhat.com>" > $(METADATA)
|
||||
@echo "Name: $(TEST)" >> $(METADATA)
|
||||
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||
@echo "License: GNU GPL" >> $(METADATA)
|
||||
@echo "Description: Basic sanity test for shadow-utils" >> $(METADATA)
|
||||
@echo "TestTime: 5m" >> $(METADATA)
|
||||
@echo "RunFor: $(PACKAGE_NAME)" >> $(METADATA)
|
||||
@echo "Requires: $(PACKAGE_NAME)" >> $(METADATA)
|
||||
@echo "Requires: python" >> $(METADATA)
|
||||
rhts-lint $(METADATA)
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
This is a basic sanity test for the shadow-utils package. It is implemented
|
||||
in python on top of the unittesting.py module.
|
||||
|
||||
Its purpose is to ensure that the binaries in the shadow-utils package behave
|
||||
as expected and its switches/options work correctly.
|
||||
|
||||
For the most part, every binary in the shadow-utils package is represented by
|
||||
a single class named Test<BinaryName>, i.e. TestUsermod etc. There are some
|
||||
exceptions, like TestUseraddWeirdNameTest though.
|
||||
|
|
@ -0,0 +1,24 @@
|
|||
#!/bin/bash
|
||||
. /usr/bin/rhts-environment.sh
|
||||
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
||||
|
||||
rlJournalStart
|
||||
rlFileBackup --clean /etc/default/useradd- /etc/default/useradd
|
||||
setenforce 0
|
||||
python sanity_test.py -v
|
||||
setenforce 1
|
||||
rlFileRestore
|
||||
|
||||
EXIT=$?
|
||||
if [[ $EXIT -eq 0 ]]; then
|
||||
RESULT="PASS"
|
||||
else
|
||||
RESULT="FAIL"
|
||||
fi
|
||||
|
||||
|
||||
rlJournalEnd
|
||||
|
||||
echo "Result: $RESULT"
|
||||
echo "Exit: $EXIT"
|
||||
report_result $TEST $RESULT $EXIT
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,13 @@
|
|||
---
|
||||
# This first play always runs on the local staging system
|
||||
- hosts: localhost
|
||||
roles:
|
||||
- role: standard-test-beakerlib
|
||||
tags:
|
||||
- classic
|
||||
- atomic
|
||||
tests:
|
||||
- sanity
|
||||
required_packages:
|
||||
- shadow-utils # sanity test needs shadow-utils
|
||||
- python # sanity test needs python
|
Loading…
Reference in New Issue