Upstream patch: su should not sanitize_env(), bug #301957.

Package-Manager: portage-2.1.7.16/cvs/Linux x86_64
author: Peter Volkov <pva@gentoo.org> 2010-01-27 10:32:31 +0000
committer: Peter Volkov <pva@gentoo.org> 2010-01-27 10:32:31 +0000
commit: ab131a7dd3aa7767b7a144cb8ae05a68eb843de2 (patch)
tree: 5442b2274cd5a5fdd962772b679b2dad0de63a65 /sys-apps/shadow
parent: Version bump. (diff)
download: historical-ab131a7dd3aa7767b7a144cb8ae05a68eb843de2.tar.gz
historical-ab131a7dd3aa7767b7a144cb8ae05a68eb843de2.tar.bz2
historical-ab131a7dd3aa7767b7a144cb8ae05a68eb843de2.zip
4 files changed, 214 insertions, 12 deletions
diff --git a/sys-apps/shadow/ChangeLog b/sys-apps/shadow/ChangeLog
index bcb3d70b4a87..9ace9b06c4e2 100644
--- a/sys-apps/shadow/ChangeLog
+++ b/sys-apps/shadow/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for sys-apps/shadow
 # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/ChangeLog,v 1.230 2010/01/15 02:58:27 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/ChangeLog,v 1.231 2010/01/27 10:32:31 pva Exp $
+
+*shadow-4.1.4.2-r3 (27 Jan 2010)
+
+  27 Jan 2010; Peter Volkov <pva@gentoo.org> +shadow-4.1.4.2-r3.ebuild,
+  +files/shadow-4.1.4.2-su_no_sanitize_env.patch:
+  Upstream patch: su should not sanitize_env(), bug #301957.
 
 *shadow-4.1.4.2-r2 (15 Jan 2010)
 
diff --git a/sys-apps/shadow/Manifest b/sys-apps/shadow/Manifest
index 2012eff60cff..722840d65a12 100644
--- a/sys-apps/shadow/Manifest
+++ b/sys-apps/shadow/Manifest
@@ -1,6 +1,3 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA256
-
 AUX 4.1.2.2/shadow-svn-2298.patch 1702 RMD160 0c9acfa0a9664e58012dfc86aea2b328aedcfc24 SHA1 aae2e1aa5b40269258f7bef890e93685bd7ff6b4 SHA256 a19dfd9a3f884930f7a1458e9e9767853d09949a9c04274762097ceddfd8129b
 AUX 4.1.2.2/shadow-svn-2364.patch 1944 RMD160 b70c637777ce46115fff0ce1796feff0b5d32e24 SHA1 861172fb52ccafe0e7c35cb740dbfae472a5b59d SHA256 32f1da89c135aaa03062e973b3f2281f560c1cc35663af739ae2b4c2dafc6277
 AUX default/useradd 96 RMD160 55c38953c800c6aae1ebe4312028560f77e7414f SHA1 348916abd4f794ee99310e1c006fbf00296ea2d7 SHA256 31aa2cbe4a34a9f7d4d134c1fecd007c9bbf4d40e19d0dcddbcd396f1853b490
@@ -40,6 +37,7 @@ AUX shadow-4.1.2.2-optional-utimes.patch 1397 RMD160 ffeceac79a9474fcd4c9064ebac
 AUX shadow-4.1.3-dots-in-usernames.patch 302 RMD160 dcd0fdb1646a16cae1f3da0858257a22addefd17 SHA1 997e007090618713f9f0295ab540a6f2c9489885 SHA256 2299ffaec204d20e00d791bf5b982571c9261a74c7a7b865a9f7cad1cdcb43ba
 AUX shadow-4.1.4.2-env-reset-keep-locale.patch 436 RMD160 0acad89469885cc88937e23f20a84231af3840fa SHA1 8410b1b291f9c72efa03003f6afdd3e1fdeebe88 SHA256 5dd113c5cc0ea77dc8d8903b8c327b3b5e2cc9a529306ca85651631f06652e8f
 AUX shadow-4.1.4.2-groupmod-pam-check.patch 689 RMD160 daa22dfce4b35d02951958fafdbac3816794bd63 SHA1 5823f38c0085b27e7e4327ab17ecc13563a43650 SHA256 ad60c0c26b70007750da034223eca38f1a98512fc80ce2fe40440e31a7585c52
+AUX shadow-4.1.4.2-su_no_sanitize_env.patch 315 RMD160 114abfb9ccc429342a83b8e919929c3818019718 SHA1 28ca6c0624c0fe5e4582ccca54e957ede125e96d SHA256 675098bb3dca4d8ac78e6c1c4ae7f513cb4017583b34b6b4d67611578bff8723
 DIST shadow-4.1.2.2.tar.bz2 1697615 RMD160 19b8d3bc37d26d708ecad6a86e6a1f2dcc3c51d3 SHA1 6cbd29104c219ff6776eececb8068f7326d57a45 SHA256 378fbfb0e8bb8c87be239fccd692818871f763206bb7d881744f4fa72dc6b491
 DIST shadow-4.1.4.2.tar.bz2 1790400 RMD160 8483dc5aefc52708199e09a7b2d6831f0a8e357b SHA1 43e29471057c671de51360b10e3ee2b419c78ffa SHA256 97987f6a7967a85e6aa0dba2a1d52db8bd69af5a717391de5693db768fb78990
 DIST shadow_4.0.18.2.orig.tar.gz 2501791 RMD160 f13d5c06bc88eea8d851a8c396110b2e96d1bb39 SHA1 c3426cddc8605ddb7ff55fdc231dc191ecc46989 SHA256 0b3cbfb32200cacd8544734d227d0a576642baf573f972f046bbbae457145cae
@@ -47,12 +45,6 @@ EBUILD shadow-4.0.18.2.ebuild 5172 RMD160 52a11801829a25b8c856d0841e0f398dc103ec
 EBUILD shadow-4.1.2.2.ebuild 4754 RMD160 8c5c5bbb82ef37b66dc9da78b4a735dba6660fb4 SHA1 935f5d49f4d6cb928275c9fe32e0cd86ea87b62c SHA256 78898eb623d2a5da8697408528b57b45304a8981b17865eb1f4bc99ec74831c6
 EBUILD shadow-4.1.4.2-r1.ebuild 5182 RMD160 64c9e2a1454bf1f0d0025aab846b63cced8770e3 SHA1 8b41b0b6d2ab533e91b61e12291b6ed181719cee SHA256 99d8792d19a852282175dd79efa92c45a43e2aa55626ce5d1d58b79b23ebfd8e
 EBUILD shadow-4.1.4.2-r2.ebuild 5143 RMD160 27f95be47f54b4bfe53fc5bc6d1640dd8913c16b SHA1 980a9ba0106a713ad10b86ff350d1253177926f3 SHA256 4a447c3e84acda9b862616566ba6fab9d4f7cb64fbf95284c95ea022d20a3b82
-MISC ChangeLog 39878 RMD160 c1019df8c1ba8dd5d7de06cbf06eb04bdd69d17f SHA1 7067f095be642331cb671921b0e383237829b473 SHA256 eb5643fd202fb66d02e7c87ece3fbdea65f5f616653a345f5b9402dcfdc25f17
+EBUILD shadow-4.1.4.2-r3.ebuild 5209 RMD160 8e1914760188e7d43df4cb285f6e07b47b91785a SHA1 ac93efed8cd2591a1f5503e4528ade56948e08cc SHA256 a19f75a251f34ad6918210c81994e9610c82057915285dcb6fb20529e0e2c282
+MISC ChangeLog 40093 RMD160 e28e92c7f7181dac3f2f4b5114bd110e73396069 SHA1 48c3299f6f394abe89352ef4c8ebd3108af0b826 SHA256 a3a9ae90b2930b7bbce64895622819ff81b3db56685bdfee8a2e64fb2c9cc12e
 MISC metadata.xml 412 RMD160 8cb1c2ffd3365f4334c78591e9349d394771dfed SHA1 e32195b6f24c7feae2ddfa3c9410a109c1e357f2 SHA256 41b211af54ade1542ce67559eeeb233c9fde4c97e66ef3602ae0f2dc228d7504
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.14 (GNU/Linux)
-
-iF4EAREIAAYFAktP2fMACgkQTwhj9JtAlp645wD+I2B1n0aakWWqbdC/sEIlGZk1
-a4wEEE3dR7IZmAtzx04A/0/X5JJQeCsZSpl1YyxqlIBlgFb+W5NbeUCcfvSm4ATt
-=89pI
------END PGP SIGNATURE-----
diff --git a/sys-apps/shadow/files/shadow-4.1.4.2-su_no_sanitize_env.patch b/sys-apps/shadow/files/shadow-4.1.4.2-su_no_sanitize_env.patch
new file mode 100644
index 000000000000..0cf74f897565
--- /dev/null
+++ b/sys-apps/shadow/files/shadow-4.1.4.2-su_no_sanitize_env.patch
@@ -0,0 +1,14 @@
+http://bugs.gentoo.org/show_bug.cgi?id=301957
+https://alioth.debian.org/scm/browser.php?group_id=30580
+
+--- a/src/su.c
++++ b/src/su.c
+@@ -342,7 +342,7 @@
+ #endif
+ #endif				/* !USE_PAM */
+ 
+-	sanitize_env ();
++	/* sanitize_env (); */
+ 
+ 	(void) setlocale (LC_ALL, "");
+ 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
diff --git a/sys-apps/shadow/shadow-4.1.4.2-r3.ebuild b/sys-apps/shadow/shadow-4.1.4.2-r3.ebuild
new file mode 100644
index 000000000000..29fe5bd41172
--- /dev/null
+++ b/sys-apps/shadow/shadow-4.1.4.2-r3.ebuild
@@ -0,0 +1,190 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/shadow-4.1.4.2-r3.ebuild,v 1.1 2010/01/27 10:32:31 pva Exp $
+
+inherit eutils libtool toolchain-funcs pam multilib
+
+DESCRIPTION="Utilities to deal with user accounts"
+HOMEPAGE="http://shadow.pld.org.pl/ http://pkg-shadow.alioth.debian.org/"
+SRC_URI="ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-${PV}.tar.bz2"
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="audit cracklib nls pam selinux skey"
+
+RDEPEND="audit? ( sys-process/audit )
+	cracklib? ( >=sys-libs/cracklib-2.7-r3 )
+	pam? ( virtual/pam )
+	!sys-apps/pam-login
+	!app-admin/nologin
+	skey? ( sys-auth/skey )
+	selinux? ( >=sys-libs/libselinux-1.28 )
+	nls? ( virtual/libintl )"
+DEPEND="${RDEPEND}
+	nls? ( sys-devel/gettext )"
+RDEPEND="${RDEPEND}
+	pam? ( >=sys-auth/pambase-20080219.1 )"
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+	epatch "${FILESDIR}"/${PN}-4.1.4.2-env-reset-keep-locale.patch #283725
+	epatch "${FILESDIR}"/${PN}-4.1.3-dots-in-usernames.patch #22920
+	epatch "${FILESDIR}"/${PN}-4.1.4.2-groupmod-pam-check.patch #300790
+	epatch "${FILESDIR}"/${PN}-4.1.4.2-su_no_sanitize_env.patch #301957
+	elibtoolize
+	epunt_cxx
+}
+
+src_compile() {
+	tc-is-cross-compiler && export ac_cv_func_setpgrp_void=yes
+	econf \
+		--without-group-name-max-length \
+		--enable-shared=no \
+		--enable-static=yes \
+		$(use_with audit) \
+		$(use_with cracklib libcrack) \
+		$(use_with pam libpam) \
+		$(use_with skey) \
+		$(use_with selinux) \
+		$(use_enable nls) \
+		$(use_with elibc_glibc nscd)
+	emake || die "compile problem"
+}
+
+set_login_opt() {
+	local comment="" opt=$1 val=$2
+	[[ -z ${val} ]] && comment="#"
+	sed -i -r \
+		-e "/^#?${opt}/s:.*:${comment}${opt} ${val}:" \
+		"${D}"/etc/login.defs
+	local res=$(grep "^${comment}${opt}" "${D}"/etc/login.defs)
+	einfo ${res:-Unable to find ${opt} in /etc/login.defs}
+}
+
+src_install() {
+	emake DESTDIR="${D}" suidperms=4711 install || die "install problem"
+
+	# Remove libshadow and libmisc; see bug 37725 and the following
+	# comment from shadow's README.linux:
+	#   Currently, libshadow.a is for internal use only, so if you see
+	#   -lshadow in a Makefile of some other package, it is safe to
+	#   remove it.
+	rm -f "${D}"/{,usr/}$(get_libdir)/lib{misc,shadow}.{a,la}
+
+	insinto /etc
+	# Using a securetty with devfs device names added
+	# (compat names kept for non-devfs compatibility)
+	insopts -m0600 ; doins "${FILESDIR}"/securetty
+	if ! use pam ; then
+		insopts -m0600
+		doins etc/login.access etc/limits
+	fi
+	# Output arch-specific cruft
+	local devs
+	case $(tc-arch) in
+		ppc*)  devs="hvc0 hvsi0 ttyPSC0";;
+		hppa)  devs="ttyB0";;
+		arm)   devs="ttyFB0";;
+		sh)    devs="ttySC0 ttySC1";;
+	esac
+	[[ -n ${devs} ]] && printf '%s\n' ${devs} >> "${D}"/etc/securetty
+
+	# needed for 'useradd -D'
+	insinto /etc/default
+	insopts -m0600
+	doins "${FILESDIR}"/default/useradd
+
+	# move passwd to / to help recover broke systems #64441
+	mv "${D}"/usr/bin/passwd "${D}"/bin/
+	dosym /bin/passwd /usr/bin/passwd
+
+	cd "${S}"
+	insinto /etc
+	insopts -m0644
+	newins etc/login.defs login.defs
+
+	if ! use pam ; then
+		set_login_opt MAIL_CHECK_ENAB no
+		set_login_opt SU_WHEEL_ONLY yes
+		set_login_opt CRACKLIB_DICTPATH /usr/$(get_libdir)/cracklib_dict
+		set_login_opt LOGIN_RETRIES 3
+		set_login_opt ENCRYPT_METHOD SHA512
+	else
+		dopamd "${FILESDIR}/pam.d-include/"{su,passwd,shadow}
+
+		newpamd "${FILESDIR}/login.pamd.2" login
+
+		for x in chage chsh chfn chpasswd newusers \
+				 user{add,del,mod} group{add,del,mod} ; do
+			newpamd "${FILESDIR}"/pam.d-include/shadow ${x}
+		done
+
+		# comment out login.defs options that pam hates
+		local opt
+		for opt in \
+			CHFN_AUTH \
+			CRACKLIB_DICTPATH \
+			ENV_HZ \
+			ENVIRON_FILE \
+			FAILLOG_ENAB \
+			FTMP_FILE \
+			LASTLOG_ENAB \
+			MAIL_CHECK_ENAB \
+			MOTD_FILE \
+			NOLOGINS_FILE \
+			OBSCURE_CHECKS_ENAB \
+			PASS_ALWAYS_WARN \
+			PASS_CHANGE_TRIES \
+			PASS_MIN_LEN \
+			PORTTIME_CHECKS_ENAB \
+			QUOTAS_ENAB \
+			SU_WHEEL_ONLY
+		do
+			set_login_opt ${opt}
+		done
+
+		sed -i -f "${FILESDIR}"/login_defs_pam.sed \
+			"${D}"/etc/login.defs
+
+		# remove manpages that pam will install for us
+		# and/or don't apply when using pam
+		find "${D}"/usr/share/man \
+			'(' -name 'limits.5*' -o -name 'suauth.5*' ')' \
+			-exec rm {} +
+	fi
+
+	# Remove manpages that are handled by other packages
+	find "${D}"/usr/share/man \
+		'(' -name id.1 -o -name passwd.5 -o -name getspnam.3 ')' \
+		-exec rm {} +
+
+	cd "${S}"
+	dodoc ChangeLog NEWS TODO
+	newdoc README README.download
+	cd doc
+	dodoc HOWTO README* WISHLIST *.txt
+}
+
+pkg_preinst() {
+	rm -f "${ROOT}"/etc/pam.d/system-auth.new \
+		"${ROOT}/etc/login.defs.new"
+
+	use pam && pam_epam_expand "${D}"/etc/pam.d/login
+}
+
+pkg_postinst() {
+	# Enable shadow groups (we need ROOT=/ here, as grpconv only
+	# operate on / ...).
+	if [[ ${ROOT} == / && ! -f /etc/gshadow ]] ; then
+		if grpck -r 2>/dev/null ; then
+			grpconv
+		else
+			ewarn "Running 'grpck' returned errors.  Please run it by hand, and then"
+			ewarn "run 'grpconv' afterwards!"
+		fi
+	fi
+
+	einfo "The 'adduser' symlink to 'useradd' has been dropped."
+}
author	Peter Volkov <pva@gentoo.org>	2010-01-27 10:32:31 +0000
committer	Peter Volkov <pva@gentoo.org>	2010-01-27 10:32:31 +0000
commit	ab131a7dd3aa7767b7a144cb8ae05a68eb843de2 (patch)
tree	5442b2274cd5a5fdd962772b679b2dad0de63a65 /sys-apps/shadow
parent	Version bump. (diff)
download	historical-ab131a7dd3aa7767b7a144cb8ae05a68eb843de2.tar.gz historical-ab131a7dd3aa7767b7a144cb8ae05a68eb843de2.tar.bz2 historical-ab131a7dd3aa7767b7a144cb8ae05a68eb843de2.zip