Rebased to 4.8.1

This commit is contained in:
ikerexxe 2020-03-17 18:18:50 +01:00
parent 7309a53c2a
commit b926b118d9
7 changed files with 159 additions and 142 deletions

2
.gitignore vendored
View File

@ -12,3 +12,5 @@ shadow-4.1.4.2.tar.bz2
/shadow-4.6.tar.xz.asc
/shadow-4.8.tar.xz
/shadow-4.8.tar.xz.asc
/shadow-4.8.1.tar.xz
/shadow-4.8.1.tar.xz.asc

View File

@ -1,30 +0,0 @@
diff -up shadow-4.8/src/useradd.c.invalid-shell shadow-4.8/src/useradd.c
--- shadow-4.8/src/useradd.c.invalid-shell 2020-01-16 08:47:13.841921106 +0100
+++ shadow-4.8/src/useradd.c 2020-01-16 08:57:26.338421901 +0100
@@ -1277,15 +1277,22 @@ static void process_flags (int argc, cha
if ( ( !VALID (optarg) )
|| ( ('\0' != optarg[0])
&& ('/' != optarg[0])
- && ('*' != optarg[0]) )
- || (stat(optarg, &st) != 0)
- || (S_ISDIR(st.st_mode))
- || (access(optarg, X_OK) != 0)) {
+ && ('*' != optarg[0]) )) {
fprintf (stderr,
_("%s: invalid shell '%s'\n"),
Prog, optarg);
exit (E_BAD_ARG);
}
+ if ( '\0' != optarg[0]
+ && '*' != optarg[0]
+ && strcmp(optarg, "/sbin/nologin") != 0
+ && ( stat(optarg, &st) != 0
+ || S_ISDIR(st.st_mode)
+ || access(optarg, X_OK) != 0)) {
+ fprintf (stderr,
+ _("%s: Warning: missing or non-executable shell '%s'\n"),
+ Prog, optarg);
+ }
user_shell = optarg;
def_shell = optarg;
sflg = true;

View File

@ -1,6 +1,6 @@
diff -up shadow-4.8/libmisc/audit_help.c.audit-update shadow-4.8/libmisc/audit_help.c
--- shadow-4.8/libmisc/audit_help.c.audit-update 2019-07-23 17:26:08.000000000 +0200
+++ shadow-4.8/libmisc/audit_help.c 2020-01-13 10:15:51.802073378 +0100
diff -up shadow-4.8.1/libmisc/audit_help.c.audit-update shadow-4.8.1/libmisc/audit_help.c
--- shadow-4.8.1/libmisc/audit_help.c.audit-update 2019-07-23 17:26:08.000000000 +0200
+++ shadow-4.8.1/libmisc/audit_help.c 2020-03-17 16:53:44.371943299 +0100
@@ -68,7 +68,7 @@ void audit_help_open (void)
* This function will log a message to the audit system using a predefined
* message format. Parameter usage is as follows:
@ -50,9 +50,9 @@ diff -up shadow-4.8/libmisc/audit_help.c.audit-update shadow-4.8/libmisc/audit_h
void audit_logger_message (const char *message, shadow_audit_result result)
{
if (audit_fd < 0) {
diff -up shadow-4.8/libmisc/cleanup_group.c.audit-update shadow-4.8/libmisc/cleanup_group.c
--- shadow-4.8/libmisc/cleanup_group.c.audit-update 2019-07-23 17:26:08.000000000 +0200
+++ shadow-4.8/libmisc/cleanup_group.c 2020-01-13 10:15:51.802073378 +0100
diff -up shadow-4.8.1/libmisc/cleanup_group.c.audit-update shadow-4.8.1/libmisc/cleanup_group.c
--- shadow-4.8.1/libmisc/cleanup_group.c.audit-update 2019-07-23 17:26:08.000000000 +0200
+++ shadow-4.8.1/libmisc/cleanup_group.c 2020-03-17 16:53:44.371943299 +0100
@@ -83,7 +83,7 @@ void cleanup_report_mod_group (void *cle
gr_dbname (),
info->action));
@ -131,9 +131,9 @@ diff -up shadow-4.8/libmisc/cleanup_group.c.audit-update shadow-4.8/libmisc/clea
SHADOW_AUDIT_FAILURE);
#endif
}
diff -up shadow-4.8/libmisc/cleanup_user.c.audit-update shadow-4.8/libmisc/cleanup_user.c
--- shadow-4.8/libmisc/cleanup_user.c.audit-update 2019-07-23 17:26:08.000000000 +0200
+++ shadow-4.8/libmisc/cleanup_user.c 2020-01-13 10:15:51.802073378 +0100
diff -up shadow-4.8.1/libmisc/cleanup_user.c.audit-update shadow-4.8.1/libmisc/cleanup_user.c
--- shadow-4.8.1/libmisc/cleanup_user.c.audit-update 2019-07-23 17:26:08.000000000 +0200
+++ shadow-4.8.1/libmisc/cleanup_user.c 2020-03-17 16:53:44.371943299 +0100
@@ -65,7 +65,7 @@ void cleanup_report_mod_passwd (void *cl
pw_dbname (),
info->action));
@ -181,9 +181,9 @@ diff -up shadow-4.8/libmisc/cleanup_user.c.audit-update shadow-4.8/libmisc/clean
SHADOW_AUDIT_FAILURE);
#endif
}
diff -up shadow-4.8/lib/prototypes.h.audit-update shadow-4.8/lib/prototypes.h
--- shadow-4.8/lib/prototypes.h.audit-update 2020-01-13 10:15:51.785073664 +0100
+++ shadow-4.8/lib/prototypes.h 2020-01-13 10:15:51.803073362 +0100
diff -up shadow-4.8.1/lib/prototypes.h.audit-update shadow-4.8.1/lib/prototypes.h
--- shadow-4.8.1/lib/prototypes.h.audit-update 2020-03-17 16:53:44.364943206 +0100
+++ shadow-4.8.1/lib/prototypes.h 2020-03-17 16:53:44.371943299 +0100
@@ -219,12 +219,21 @@ extern int audit_fd;
extern void audit_help_open (void);
/* Use AUDIT_NO_ID when a name is provided to audit_logger instead of an ID */
@ -206,9 +206,9 @@ diff -up shadow-4.8/lib/prototypes.h.audit-update shadow-4.8/lib/prototypes.h
void audit_logger_message (const char *message, shadow_audit_result result);
#endif
diff -up shadow-4.8/src/chage.c.audit-update shadow-4.8/src/chage.c
--- shadow-4.8/src/chage.c.audit-update 2019-11-12 01:18:25.000000000 +0100
+++ shadow-4.8/src/chage.c 2020-01-13 10:15:51.806073311 +0100
diff -up shadow-4.8.1/src/chage.c.audit-update shadow-4.8.1/src/chage.c
--- shadow-4.8.1/src/chage.c.audit-update 2019-11-12 01:18:25.000000000 +0100
+++ shadow-4.8.1/src/chage.c 2020-03-17 16:53:44.371943299 +0100
@@ -123,9 +123,10 @@ static /*@noreturn@*/void fail_exit (int
#ifdef WITH_AUDIT
@ -296,9 +296,9 @@ diff -up shadow-4.8/src/chage.c.audit-update shadow-4.8/src/chage.c
user_name, (unsigned int) user_uid, 1);
}
#endif
diff -up shadow-4.8/src/gpasswd.c.audit-update shadow-4.8/src/gpasswd.c
--- shadow-4.8/src/gpasswd.c.audit-update 2019-07-23 17:26:08.000000000 +0200
+++ shadow-4.8/src/gpasswd.c 2020-01-13 10:15:51.803073362 +0100
diff -up shadow-4.8.1/src/gpasswd.c.audit-update shadow-4.8.1/src/gpasswd.c
--- shadow-4.8.1/src/gpasswd.c.audit-update 2019-07-23 17:26:08.000000000 +0200
+++ shadow-4.8.1/src/gpasswd.c 2020-03-17 16:53:44.371943299 +0100
@@ -138,7 +138,7 @@ static void usage (int status)
(void) fputs (_(" -d, --delete USER remove USER from GROUP\n"), usageout);
(void) fputs (_(" -h, --help display this help message and exit\n"), usageout);
@ -562,9 +562,9 @@ diff -up shadow-4.8/src/gpasswd.c.audit-update shadow-4.8/src/gpasswd.c
SHADOW_AUDIT_SUCCESS);
#endif
}
diff -up shadow-4.8/src/groupadd.c.audit-update shadow-4.8/src/groupadd.c
--- shadow-4.8/src/groupadd.c.audit-update 2019-07-23 17:26:08.000000000 +0200
+++ shadow-4.8/src/groupadd.c 2020-01-13 10:15:51.804073345 +0100
diff -up shadow-4.8.1/src/groupadd.c.audit-update shadow-4.8.1/src/groupadd.c
--- shadow-4.8.1/src/groupadd.c.audit-update 2019-07-23 17:26:08.000000000 +0200
+++ shadow-4.8.1/src/groupadd.c 2020-03-17 16:53:44.372943312 +0100
@@ -131,6 +131,15 @@ static /*@noreturn@*/void usage (int sta
exit (status);
}
@ -740,9 +740,9 @@ diff -up shadow-4.8/src/groupadd.c.audit-update shadow-4.8/src/groupadd.c
}
}
diff -up shadow-4.8/src/groupdel.c.audit-update shadow-4.8/src/groupdel.c
--- shadow-4.8/src/groupdel.c.audit-update 2019-07-23 17:26:08.000000000 +0200
+++ shadow-4.8/src/groupdel.c 2020-01-13 10:15:51.804073345 +0100
diff -up shadow-4.8.1/src/groupdel.c.audit-update shadow-4.8.1/src/groupdel.c
--- shadow-4.8.1/src/groupdel.c.audit-update 2019-07-23 17:26:08.000000000 +0200
+++ shadow-4.8.1/src/groupdel.c 2020-03-17 16:53:44.372943312 +0100
@@ -106,6 +106,15 @@ static /*@noreturn@*/void usage (int sta
exit (status);
}
@ -912,9 +912,9 @@ diff -up shadow-4.8/src/groupdel.c.audit-update shadow-4.8/src/groupdel.c
}
#endif
diff -up shadow-4.8/src/groupmod.c.audit-update shadow-4.8/src/groupmod.c
--- shadow-4.8/src/groupmod.c.audit-update 2019-07-23 17:26:08.000000000 +0200
+++ shadow-4.8/src/groupmod.c 2020-01-13 10:15:51.805073328 +0100
diff -up shadow-4.8.1/src/groupmod.c.audit-update shadow-4.8.1/src/groupmod.c
--- shadow-4.8.1/src/groupmod.c.audit-update 2019-07-23 17:26:08.000000000 +0200
+++ shadow-4.8.1/src/groupmod.c 2020-03-17 16:53:44.372943312 +0100
@@ -450,7 +450,7 @@ static void close_files (void)
exit (E_GRP_UPDATE);
}
@ -1118,9 +1118,9 @@ diff -up shadow-4.8/src/groupmod.c.audit-update shadow-4.8/src/groupmod.c
// FIXME: add a system cleanup
add_cleanup (cleanup_report_mod_group, &info_group);
diff -up shadow-4.8/src/newgrp.c.audit-update shadow-4.8/src/newgrp.c
--- shadow-4.8/src/newgrp.c.audit-update 2019-07-23 17:26:08.000000000 +0200
+++ shadow-4.8/src/newgrp.c 2020-01-13 10:15:51.806073311 +0100
diff -up shadow-4.8.1/src/newgrp.c.audit-update shadow-4.8.1/src/newgrp.c
--- shadow-4.8.1/src/newgrp.c.audit-update 2020-01-12 15:19:28.000000000 +0100
+++ shadow-4.8.1/src/newgrp.c 2020-03-17 16:53:44.372943312 +0100
@@ -206,11 +206,12 @@ static void check_perms (const struct gr
strcmp (cpasswd, grp->gr_passwd) != 0) {
#ifdef WITH_AUDIT
@ -1203,7 +1203,7 @@ diff -up shadow-4.8/src/newgrp.c.audit-update shadow-4.8/src/newgrp.c
}
#endif
exit (EXIT_FAILURE);
@@ -457,7 +458,7 @@ int main (int argc, char **argv)
@@ -458,7 +459,7 @@ int main (int argc, char **argv)
#ifdef WITH_AUDIT
audit_logger (AUDIT_CHGRP_ID, Prog,
"changing", NULL,
@ -1212,7 +1212,7 @@ diff -up shadow-4.8/src/newgrp.c.audit-update shadow-4.8/src/newgrp.c
#endif
SYSLOG ((LOG_WARN, "Cannot determine the user name of the caller (UID %lu)",
(unsigned long) getuid ()));
@@ -573,15 +574,26 @@ int main (int argc, char **argv)
@@ -574,15 +575,26 @@ int main (int argc, char **argv)
perror ("getgroups");
#ifdef WITH_AUDIT
if (group) {
@ -1243,7 +1243,7 @@ diff -up shadow-4.8/src/newgrp.c.audit-update shadow-4.8/src/newgrp.c
}
#endif
exit (EXIT_FAILURE);
@@ -738,10 +750,10 @@ int main (int argc, char **argv)
@@ -739,10 +751,10 @@ int main (int argc, char **argv)
perror ("setgid");
#ifdef WITH_AUDIT
snprintf (audit_buf, sizeof(audit_buf),
@ -1256,7 +1256,7 @@ diff -up shadow-4.8/src/newgrp.c.audit-update shadow-4.8/src/newgrp.c
#endif
exit (EXIT_FAILURE);
}
@@ -750,10 +762,10 @@ int main (int argc, char **argv)
@@ -751,10 +763,10 @@ int main (int argc, char **argv)
perror ("setuid");
#ifdef WITH_AUDIT
snprintf (audit_buf, sizeof(audit_buf),
@ -1269,7 +1269,7 @@ diff -up shadow-4.8/src/newgrp.c.audit-update shadow-4.8/src/newgrp.c
#endif
exit (EXIT_FAILURE);
}
@@ -767,10 +779,10 @@ int main (int argc, char **argv)
@@ -768,10 +780,10 @@ int main (int argc, char **argv)
execl (SHELL, "sh", "-c", command, (char *) 0);
#ifdef WITH_AUDIT
snprintf (audit_buf, sizeof(audit_buf),
@ -1282,7 +1282,7 @@ diff -up shadow-4.8/src/newgrp.c.audit-update shadow-4.8/src/newgrp.c
#endif
perror (SHELL);
exit ((errno == ENOENT) ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
@@ -834,11 +846,11 @@ int main (int argc, char **argv)
@@ -835,11 +847,11 @@ int main (int argc, char **argv)
}
#ifdef WITH_AUDIT
@ -1296,7 +1296,7 @@ diff -up shadow-4.8/src/newgrp.c.audit-update shadow-4.8/src/newgrp.c
#endif
/*
* Exec the login shell and go away. We are trying to get back to
@@ -862,15 +874,24 @@ int main (int argc, char **argv)
@@ -863,15 +875,24 @@ int main (int argc, char **argv)
closelog ();
#ifdef WITH_AUDIT
if (NULL != group) {
@ -1325,9 +1325,9 @@ diff -up shadow-4.8/src/newgrp.c.audit-update shadow-4.8/src/newgrp.c
}
#endif
exit (EXIT_FAILURE);
diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
--- shadow-4.8/src/useradd.c.audit-update 2020-01-13 10:15:51.789073597 +0100
+++ shadow-4.8/src/useradd.c 2020-01-13 10:17:30.929406913 +0100
diff -up shadow-4.8.1/src/useradd.c.audit-update shadow-4.8.1/src/useradd.c
--- shadow-4.8.1/src/useradd.c.audit-update 2020-03-17 16:53:44.365943219 +0100
+++ shadow-4.8.1/src/useradd.c 2020-03-17 17:03:11.614503929 +0100
@@ -233,6 +233,8 @@ static void create_mail (void);
*/
static void fail_exit (int code)
@ -1510,7 +1510,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
SHADOW_AUDIT_SUCCESS);
#endif
SYSLOG ((LOG_INFO,
@@ -1445,7 +1393,7 @@ static void process_flags (int argc, cha
@@ -1452,7 +1400,7 @@ static void process_flags (int argc, cha
Prog, user_name);
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
@ -1519,7 +1519,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
@@ -1560,7 +1508,7 @@ static void close_files (void)
@@ -1567,7 +1515,7 @@ static void close_files (void)
SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ()));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
@ -1528,7 +1528,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
@@ -1573,7 +1521,7 @@ static void close_files (void)
@@ -1580,7 +1528,7 @@ static void close_files (void)
SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
@ -1537,7 +1537,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
@@ -1585,7 +1533,7 @@ static void close_files (void)
@@ -1592,7 +1540,7 @@ static void close_files (void)
SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ()));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
@ -1546,7 +1546,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
@@ -1599,7 +1547,7 @@ static void close_files (void)
@@ -1606,7 +1554,7 @@ static void close_files (void)
SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ()));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
@ -1555,7 +1555,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
@@ -1615,7 +1563,7 @@ static void close_files (void)
@@ -1622,7 +1570,7 @@ static void close_files (void)
SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ()));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
@ -1564,7 +1564,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
@@ -1629,7 +1577,7 @@ static void close_files (void)
@@ -1636,7 +1584,7 @@ static void close_files (void)
SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ()));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
@ -1573,7 +1573,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
@@ -1821,7 +1769,7 @@ static void grp_add (void)
@@ -1828,7 +1776,7 @@ static void grp_add (void)
Prog, gr_dbname (), grp.gr_name);
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_GROUP, Prog,
@ -1582,7 +1582,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
grp.gr_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
@@ -1837,7 +1785,7 @@ static void grp_add (void)
@@ -1844,7 +1792,7 @@ static void grp_add (void)
Prog, sgr_dbname (), sgrp.sg_name);
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_GROUP, Prog,
@ -1591,7 +1591,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
grp.gr_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
@@ -1847,7 +1795,7 @@ static void grp_add (void)
@@ -1854,7 +1802,7 @@ static void grp_add (void)
SYSLOG ((LOG_INFO, "new group: name=%s, GID=%u", user_name, user_gid));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_GROUP, Prog,
@ -1600,7 +1600,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
grp.gr_name, AUDIT_NO_ID,
SHADOW_AUDIT_SUCCESS);
#endif
@@ -2015,12 +1963,6 @@ static void usr_update (void)
@@ -2025,12 +1973,6 @@ static void usr_update (void)
fprintf (stderr,
_("%s: failed to prepare the new %s entry '%s'\n"),
Prog, spw_dbname (), spent.sp_namp);
@ -1613,7 +1613,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
fail_exit (E_PW_UPDATE);
}
#ifdef ENABLE_SUBIDS
@@ -2041,9 +1983,14 @@ static void usr_update (void)
@@ -2051,9 +1993,14 @@ static void usr_update (void)
#endif /* ENABLE_SUBIDS */
#ifdef WITH_AUDIT
@ -1630,7 +1630,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
SHADOW_AUDIT_SUCCESS);
#endif
/*
@@ -2130,12 +2077,6 @@ static void create_home (void)
@@ -2140,12 +2087,6 @@ static void create_home (void)
fprintf (stderr,
_("%s: cannot create directory %s\n"),
Prog, path);
@ -1643,8 +1643,8 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
fail_exit (E_HOMEDIR);
}
if (chown (path, 0, 0) < 0) {
@@ -2157,8 +2098,8 @@ static void create_home (void)
0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
@@ -2168,8 +2109,8 @@ static void create_home (void)
chmod (prefix_user_home, mode);
home_added = true;
#ifdef WITH_AUDIT
- audit_logger (AUDIT_ADD_USER, Prog,
@ -1654,7 +1654,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
user_name, (unsigned int) user_id,
SHADOW_AUDIT_SUCCESS);
#endif
@@ -2343,12 +2284,6 @@ int main (int argc, char **argv)
@@ -2354,12 +2295,6 @@ int main (int argc, char **argv)
*/
if (prefix_getpwnam (user_name) != NULL) { /* local, no need for xgetpwnam */
fprintf (stderr, _("%s: user '%s' already exists\n"), Prog, user_name);
@ -1667,7 +1667,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
fail_exit (E_NAME_IN_USE);
}
@@ -2364,12 +2299,6 @@ int main (int argc, char **argv)
@@ -2375,12 +2310,6 @@ int main (int argc, char **argv)
fprintf (stderr,
_("%s: group %s exists - if you want to add this user to that group, use -g.\n"),
Prog, user_name);
@ -1680,7 +1680,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
fail_exit (E_NAME_IN_USE);
}
}
@@ -2399,12 +2328,6 @@ int main (int argc, char **argv)
@@ -2410,12 +2339,6 @@ int main (int argc, char **argv)
fprintf (stderr,
_("%s: UID %lu is not unique\n"),
Prog, (unsigned long) user_id);
@ -1693,7 +1693,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
fail_exit (E_UID_IN_USE);
}
}
@@ -2478,9 +2401,10 @@ int main (int argc, char **argv)
@@ -2489,9 +2412,10 @@ int main (int argc, char **argv)
_("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
Prog, user_name, user_selinux);
#ifdef WITH_AUDIT
@ -1707,9 +1707,9 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
#endif /* WITH_AUDIT */
rv = E_SE_UPDATE;
}
diff -up shadow-4.8/src/userdel.c.audit-update shadow-4.8/src/userdel.c
--- shadow-4.8/src/userdel.c.audit-update 2020-01-13 10:15:51.797073462 +0100
+++ shadow-4.8/src/userdel.c 2020-01-13 10:15:51.809073261 +0100
diff -up shadow-4.8.1/src/userdel.c.audit-update shadow-4.8.1/src/userdel.c
--- shadow-4.8.1/src/userdel.c.audit-update 2020-03-17 16:53:44.368943259 +0100
+++ shadow-4.8.1/src/userdel.c 2020-03-17 16:53:44.373943325 +0100
@@ -222,9 +222,9 @@ static void update_groups (void)
* Update the DBM group file with the new entry as well.
*/
@ -2037,9 +2037,9 @@ diff -up shadow-4.8/src/userdel.c.audit-update shadow-4.8/src/userdel.c
user_name, (unsigned int) user_id,
SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
diff -up shadow-4.8/src/usermod.c.audit-update shadow-4.8/src/usermod.c
--- shadow-4.8/src/usermod.c.audit-update 2020-01-13 10:15:51.800073412 +0100
+++ shadow-4.8/src/usermod.c 2020-01-13 10:15:51.812073210 +0100
diff -up shadow-4.8.1/src/usermod.c.audit-update shadow-4.8.1/src/usermod.c
--- shadow-4.8.1/src/usermod.c.audit-update 2020-03-17 16:53:44.370943285 +0100
+++ shadow-4.8.1/src/usermod.c 2020-03-17 16:53:44.373943325 +0100
@@ -457,8 +457,8 @@ static char *new_pw_passwd (char *pw_pas
#ifdef WITH_AUDIT

View File

@ -1,6 +1,6 @@
diff -up shadow-4.8/man/chage.1.xml.manfix shadow-4.8/man/chage.1.xml
--- shadow-4.8/man/chage.1.xml.manfix 2019-10-05 01:28:34.000000000 +0200
+++ shadow-4.8/man/chage.1.xml 2020-01-13 10:12:48.445155882 +0100
diff -up shadow-4.8.1/man/chage.1.xml.manfix shadow-4.8.1/man/chage.1.xml
--- shadow-4.8.1/man/chage.1.xml.manfix 2019-10-05 01:28:34.000000000 +0200
+++ shadow-4.8.1/man/chage.1.xml 2020-03-17 15:34:48.750414984 +0100
@@ -102,6 +102,9 @@
Set the number of days since January 1st, 1970 when the password
was last changed. The date may also be expressed in the format
@ -44,9 +44,9 @@ diff -up shadow-4.8/man/chage.1.xml.manfix shadow-4.8/man/chage.1.xml
<para>The <command>chage</command> command is restricted to the root
user, except for the <option>-l</option> option, which may be used by
an unprivileged user to determine when their password or account is due
diff -up shadow-4.8/man/groupadd.8.xml.manfix shadow-4.8/man/groupadd.8.xml
--- shadow-4.8/man/groupadd.8.xml.manfix 2020-01-13 10:12:48.432156100 +0100
+++ shadow-4.8/man/groupadd.8.xml 2020-01-13 10:13:06.096859122 +0100
diff -up shadow-4.8.1/man/groupadd.8.xml.manfix shadow-4.8.1/man/groupadd.8.xml
--- shadow-4.8.1/man/groupadd.8.xml.manfix 2020-03-17 15:34:48.745414917 +0100
+++ shadow-4.8.1/man/groupadd.8.xml 2020-03-17 15:34:48.750414984 +0100
@@ -320,13 +320,13 @@
<varlistentry>
<term><replaceable>4</replaceable></term>
@ -63,15 +63,15 @@ diff -up shadow-4.8/man/groupadd.8.xml.manfix shadow-4.8/man/groupadd.8.xml
</listitem>
</varlistentry>
<varlistentry>
diff -up shadow-4.8/man/groupmems.8.xml.manfix shadow-4.8/man/groupmems.8.xml
--- shadow-4.8/man/groupmems.8.xml.manfix 2019-07-23 17:26:08.000000000 +0200
+++ shadow-4.8/man/groupmems.8.xml 2020-01-13 10:12:48.445155882 +0100
diff -up shadow-4.8.1/man/groupmems.8.xml.manfix shadow-4.8.1/man/groupmems.8.xml
--- shadow-4.8.1/man/groupmems.8.xml.manfix 2020-03-17 15:34:48.750414984 +0100
+++ shadow-4.8.1/man/groupmems.8.xml 2020-03-17 15:41:13.383588722 +0100
@@ -179,20 +179,10 @@
<refsect1 id='setup'>
<title>SETUP</title>
<para>
- The <command>groupmems</command> executable should be in mode
- <literal>2770</literal> as user <emphasis>root</emphasis> and in group
- <literal>2710</literal> as user <emphasis>root</emphasis> and in group
- <emphasis>groups</emphasis>. The system administrator can add users to
- group <emphasis>groups</emphasis> to allow or disallow them using the
- <command>groupmems</command> utility to manage their own group
@ -83,16 +83,16 @@ diff -up shadow-4.8/man/groupmems.8.xml.manfix shadow-4.8/man/groupmems.8.xml
-
- <programlisting>
- $ groupadd -r groups
- $ chmod 2770 groupmems
- $ chmod 2710 groupmems
- $ chown root.groups groupmems
- $ groupmems -g groups -a gk4
- </programlisting>
</refsect1>
<refsect1 id='configuration'>
diff -up shadow-4.8/man/ja/man5/login.defs.5.manfix shadow-4.8/man/ja/man5/login.defs.5
--- shadow-4.8/man/ja/man5/login.defs.5.manfix 2019-07-23 17:26:08.000000000 +0200
+++ shadow-4.8/man/ja/man5/login.defs.5 2020-01-13 10:12:48.445155882 +0100
diff -up shadow-4.8.1/man/ja/man5/login.defs.5.manfix shadow-4.8.1/man/ja/man5/login.defs.5
--- shadow-4.8.1/man/ja/man5/login.defs.5.manfix 2019-07-23 17:26:08.000000000 +0200
+++ shadow-4.8.1/man/ja/man5/login.defs.5 2020-03-17 15:34:48.750414984 +0100
@@ -147,10 +147,6 @@ 以下の参照表は、
shadow パスワード機能のどのプログラムが
どのパラメータを使用するかを示したものである。
@ -104,10 +104,10 @@ diff -up shadow-4.8/man/ja/man5/login.defs.5.manfix shadow-4.8/man/ja/man5/login
.IP groupadd 12
GID_MAX GID_MIN
.IP newusers 12
diff -up shadow-4.8/man/login.defs.5.xml.manfix shadow-4.8/man/login.defs.5.xml
--- shadow-4.8/man/login.defs.5.xml.manfix 2019-07-23 17:26:08.000000000 +0200
+++ shadow-4.8/man/login.defs.5.xml 2020-01-13 10:14:10.491776547 +0100
@@ -163,6 +163,17 @@
diff -up shadow-4.8.1/man/login.defs.5.xml.manfix shadow-4.8.1/man/login.defs.5.xml
--- shadow-4.8.1/man/login.defs.5.xml.manfix 2020-01-17 16:47:56.000000000 +0100
+++ shadow-4.8.1/man/login.defs.5.xml 2020-03-17 15:34:48.750414984 +0100
@@ -164,6 +164,17 @@
long numeric parameters is machine-dependent.
</para>
@ -125,7 +125,7 @@ diff -up shadow-4.8/man/login.defs.5.xml.manfix shadow-4.8/man/login.defs.5.xml
<para>The following configuration items are provided:</para>
<variablelist remap='IP'>
@@ -254,16 +265,6 @@
@@ -256,16 +267,6 @@
</listitem>
</varlistentry>
<varlistentry>
@ -142,7 +142,7 @@ diff -up shadow-4.8/man/login.defs.5.xml.manfix shadow-4.8/man/login.defs.5.xml
<term>chgpasswd</term>
<listitem>
<para>
@@ -284,14 +285,6 @@
@@ -286,14 +287,6 @@
</para>
</listitem>
</varlistentry>
@ -157,7 +157,7 @@ diff -up shadow-4.8/man/login.defs.5.xml.manfix shadow-4.8/man/login.defs.5.xml
<!-- expiry: no variables (CONSOLE_GROUPS linked, but not used) -->
<!-- faillog: no variables -->
<varlistentry>
@@ -357,34 +350,6 @@
@@ -359,34 +352,6 @@
<para>LASTLOG_UID_MAX</para>
</listitem>
</varlistentry>
@ -192,7 +192,7 @@ diff -up shadow-4.8/man/login.defs.5.xml.manfix shadow-4.8/man/login.defs.5.xml
<!-- logoutd: no variables -->
<varlistentry>
<term>newgrp / sg</term>
@@ -412,17 +377,6 @@
@@ -415,17 +380,6 @@
</listitem>
</varlistentry>
<!-- nologin: no variables -->
@ -210,7 +210,7 @@ diff -up shadow-4.8/man/login.defs.5.xml.manfix shadow-4.8/man/login.defs.5.xml
<varlistentry>
<term>pwck</term>
<listitem>
@@ -449,32 +403,6 @@
@@ -452,32 +406,6 @@
</para>
</listitem>
</varlistentry>
@ -243,9 +243,9 @@ diff -up shadow-4.8/man/login.defs.5.xml.manfix shadow-4.8/man/login.defs.5.xml
<varlistentry>
<term>useradd</term>
<listitem>
diff -up shadow-4.8/man/shadow.5.xml.manfix shadow-4.8/man/shadow.5.xml
--- shadow-4.8/man/shadow.5.xml.manfix 2019-12-01 17:52:32.000000000 +0100
+++ shadow-4.8/man/shadow.5.xml 2020-01-13 10:12:48.446155865 +0100
diff -up shadow-4.8.1/man/shadow.5.xml.manfix shadow-4.8.1/man/shadow.5.xml
--- shadow-4.8.1/man/shadow.5.xml.manfix 2019-12-01 17:52:32.000000000 +0100
+++ shadow-4.8.1/man/shadow.5.xml 2020-03-17 15:34:48.750414984 +0100
@@ -129,7 +129,7 @@
<listitem>
<para>
@ -275,10 +275,10 @@ diff -up shadow-4.8/man/shadow.5.xml.manfix shadow-4.8/man/shadow.5.xml
</para>
<para>
Note that an account expiration differs from a password
diff -up shadow-4.8/man/useradd.8.xml.manfix shadow-4.8/man/useradd.8.xml
--- shadow-4.8/man/useradd.8.xml.manfix 2020-01-13 10:12:48.432156100 +0100
+++ shadow-4.8/man/useradd.8.xml 2020-01-13 10:12:48.446155865 +0100
@@ -358,6 +358,11 @@
diff -up shadow-4.8.1/man/useradd.8.xml.manfix shadow-4.8.1/man/useradd.8.xml
--- shadow-4.8.1/man/useradd.8.xml.manfix 2020-03-17 15:34:48.745414917 +0100
+++ shadow-4.8.1/man/useradd.8.xml 2020-03-17 15:34:48.751414997 +0100
@@ -359,6 +359,11 @@
<option>CREATE_HOME</option> is not enabled, no home
directories are created.
</para>
@ -290,10 +290,10 @@ diff -up shadow-4.8/man/useradd.8.xml.manfix shadow-4.8/man/useradd.8.xml
</listitem>
</varlistentry>
<varlistentry>
diff -up shadow-4.8/man/usermod.8.xml.manfix shadow-4.8/man/usermod.8.xml
--- shadow-4.8/man/usermod.8.xml.manfix 2019-10-05 03:23:58.000000000 +0200
+++ shadow-4.8/man/usermod.8.xml 2020-01-13 10:12:48.446155865 +0100
@@ -153,7 +153,8 @@
diff -up shadow-4.8.1/man/usermod.8.xml.manfix shadow-4.8.1/man/usermod.8.xml
--- shadow-4.8.1/man/usermod.8.xml.manfix 2019-12-20 06:58:23.000000000 +0100
+++ shadow-4.8.1/man/usermod.8.xml 2020-03-17 15:34:48.751414997 +0100
@@ -143,7 +143,8 @@
If the <option>-m</option>
option is given, the contents of the current home directory will
be moved to the new home directory, which is created if it does
@ -303,7 +303,7 @@ diff -up shadow-4.8/man/usermod.8.xml.manfix shadow-4.8/man/usermod.8.xml
</para>
</listitem>
</varlistentry>
@@ -215,6 +216,12 @@
@@ -205,6 +206,12 @@
The group ownership of files outside of the user's home directory
must be fixed manually.
</para>
@ -316,7 +316,7 @@ diff -up shadow-4.8/man/usermod.8.xml.manfix shadow-4.8/man/usermod.8.xml
</listitem>
</varlistentry>
<varlistentry>
@@ -277,7 +284,8 @@
@@ -267,7 +274,8 @@
<listitem>
<para>
Move the content of the user's home directory to the new
@ -326,7 +326,7 @@ diff -up shadow-4.8/man/usermod.8.xml.manfix shadow-4.8/man/usermod.8.xml
</para>
<para>
This option is only valid in combination with the
@@ -391,6 +399,12 @@
@@ -381,6 +389,12 @@
must be fixed manually.
</para>
<para>

View File

@ -0,0 +1,43 @@
<!--
Copyright (c) 1991 - 1993, Julianne Frances Haugh
Copyright (c) 1991 - 1993, Chip Rosenthal
Copyright (c) 2007 - 2009, Nicolas François
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. The name of the copyright holders or contributors may not be used to
endorse or promote products derived from this software without
specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-->
<varlistentry>
<term><option>HOME_MODE</option> (number)</term>
<listitem>
<para>
The mode for new home directories. If not specified,
the <option>UMASK</option> is used to create the mode.
</para>
<para>
<command>useradd</command> and <command>newusers</command> use this
to set the mode of the home directory they create.
</para>
</listitem>
</varlistentry>

View File

@ -1,7 +1,7 @@
Summary: Utilities for managing accounts and shadow password files
Name: shadow-utils
Version: 4.8
Release: 5%{?dist}
Version: 4.8.1
Release: 1%{?dist}
Epoch: 2
URL: http://pkg-shadow.alioth.debian.org/
Source0: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz
@ -10,6 +10,7 @@ Source2: shadow-utils.useradd
Source3: shadow-utils.login.defs
Source4: shadow-bsd.txt
Source5: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
Source6: shadow-utils.HOME_MODE.xml
# Misc small changes - most probably non-upstreamable
Patch0: shadow-4.6-redhat.patch
# Be more lenient with acceptable user/group names - non upstreamable
@ -23,7 +24,7 @@ Patch11: shadow-4.1.5.1-logmsg.patch
# SElinux related - upstreamability unknown
Patch14: shadow-4.1.5.1-default-range.patch
# Misc manual page changes - only some of them could be upstreamed
Patch15: shadow-4.8-manfix.patch
Patch15: shadow-4.8.1-manfix.patch
# Userdel usage message change - could be upstreamed
Patch17: shadow-4.1.5.1-userdel-helpfix.patch
# Date parsing improvement - could be upstreamed
@ -31,7 +32,7 @@ Patch19: shadow-4.2.1-date-parsing.patch
# Additional error message - could be upstreamed
Patch21: shadow-4.6-move-home.patch
# Audit message changes - upstreamability unknown
Patch22: shadow-4.8-audit-update.patch
Patch22: shadow-4.8.1-audit-update.patch
# Changes related to password unlocking - could be upstreamed
Patch23: shadow-4.5-usermod-unlock.patch
# Additional SElinux related changes - upstreamability unknown
@ -48,8 +49,6 @@ Patch33: shadow-4.8-long-entry.patch
Patch38: shadow-4.6-sysugid-min-limit.patch
# Ignore LOGIN_PLAIN_PROMPT in login.defs - upstreamability unknown
Patch40: shadow-4.8-ignore-login-prompt.patch
# Make the missing shell check into warning - could be upstreamed
Patch41: shadow-4.8-invalid-shell-check.patch
# Generate /var/spool/mail/$USER with the proper SELinux user identity - already upstreamed
Patch42: shadow-4.8-useradd-selinux-mail.patch
@ -99,13 +98,13 @@ are used for managing group accounts.
%patch33 -p1 -b .long-entry
%patch38 -p1 -b .sysugid-min-limit
%patch40 -p1 -b .login-prompt
%patch41 -p1 -b .invalid-shell
%patch42 -p1 -b .useradd-selinux-mail
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
cp -f doc/HOWTO.utf8 doc/HOWTO
cp -a %{SOURCE4} %{SOURCE5} .
cp -a %{SOURCE6} man/login.defs.d/HOME_MODE.xml
# Force regeneration of getdate.c
rm libmisc/getdate.c
@ -255,7 +254,10 @@ done
%{_mandir}/man8/vigr.8*
%changelog
* Mon Mar 17 2020 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.8-5
* Tue Mar 17 2020 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.8.1-1
- updated upstream to 4.8.1
* Tue Mar 17 2020 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.8-5
- synchronized login.defs with upstream file (#1261099 and #1807957)
* Mon Feb 24 2020 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.8-4

View File

@ -1,2 +1,2 @@
SHA512 (shadow-4.8.tar.xz) = 1c607aec541400fc179d6cbbac7511289c618ab2ce6ee9d7c18a8bfda00421c62d4b9e58aff52b5f82d485468e7db955c186ea0faad9a08003ffc01bdf2ccece
SHA512 (shadow-4.8.tar.xz.asc) = 200f7793e55447cc5c0d11988ee26511167c5fe23e1f6622b6b0c8cb74498052f2df855f02e351fee0da16562f6a6510ad3954b4c5e13dd9a8da0d998f8dc5e6
SHA512 (shadow-4.8.1.tar.xz) = 780a983483d847ed3c91c82064a0fa902b6f4185225978241bc3bc03fcc3aa143975b46aee43151c6ba43efcfdb1819516b76ba7ad3d1d3c34fcc38ea42e917b
SHA512 (shadow-4.8.1.tar.xz.asc) = ec7686263c81d3feb8ee4314c3323a9a3ada74aafaaf99f4f0d9af9b1341f8c5ff5477ecf98dd94dbb7d921f532d655b0b6a87d94c71893f35dc9bc54c84dd42