Fix useradd behavior when using -g #128715 by Max Lorenz and fix segfault in userdel with -r and /dev/null #139148 by David Roussel.

Package-Manager: portage-2.1.1_pre2-r2

6 files changed, 435 insertions, 13 deletions

diff --git a/sys-apps/shadow/ChangeLog b/sys-apps/shadow/ChangeLog
index e5aad9dd31f0..a1479a63f845 100644
--- a/sys-apps/shadow/ChangeLog
+++ b/sys-apps/shadow/ChangeLog
@@ -1,6 +1,15 @@
 # ChangeLog for sys-apps/shadow
 # Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/ChangeLog,v 1.151 2006/06/10 16:54:22 uberlord Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/ChangeLog,v 1.152 2006/07/04 19:55:18 vapier Exp $
+
+*shadow-4.0.16-r1 (04 Jul 2006)
+
+  04 Jul 2006; Mike Frysinger <vapier@gentoo.org>
+  +files/shadow-4.0.16-check-opendir.patch,
+  +files/shadow-4.0.16-fix-useradd-usergroups.patch,
+  +shadow-4.0.16-r1.ebuild:
+  Fix useradd behavior when using -g #128715 by Max Lorenz and fix segfault in
+  userdel with -r and /dev/null #139148 by David Roussel.
 
   10 Jun 2006; <roy@gentoo.org> shadow-4.0.14-r1.ebuild,
   shadow-4.0.15-r2.ebuild, shadow-4.0.16.ebuild:
diff --git a/sys-apps/shadow/Manifest b/sys-apps/shadow/Manifest
index e162cee07df2..62f75c3ed662 100644
--- a/sys-apps/shadow/Manifest
+++ b/sys-apps/shadow/Manifest
@@ -177,6 +177,14 @@ AUX shadow-4.0.15-uclibc-missing-l64a.patch 1354 RMD160 6d35c4ddad876edacdd41be0
 MD5 f79f1051bedb185f81f24fb9d30dcc35 files/shadow-4.0.15-uclibc-missing-l64a.patch 1354
 RMD160 6d35c4ddad876edacdd41be056fa8abd567ae802 files/shadow-4.0.15-uclibc-missing-l64a.patch 1354
 SHA256 37ac2cdea64f849e0cf9e92ccefeab05b0466541268fb4844f18a94c377c8514 files/shadow-4.0.15-uclibc-missing-l64a.patch 1354
+AUX shadow-4.0.16-check-opendir.patch 534 RMD160 d90923cb1ee74ac653e818ac5e480866e2f974d9 SHA1 19a02a4c610bb235db4df2c5adb7fdd170f87359 SHA256 5d22bb16183a44e13482b5a72d8ea971b6df227aeb9d95020e48bc89aa004b3d
+MD5 19045e99ca34233f1e790857d6aea4d8 files/shadow-4.0.16-check-opendir.patch 534
+RMD160 d90923cb1ee74ac653e818ac5e480866e2f974d9 files/shadow-4.0.16-check-opendir.patch 534
+SHA256 5d22bb16183a44e13482b5a72d8ea971b6df227aeb9d95020e48bc89aa004b3d files/shadow-4.0.16-check-opendir.patch 534
+AUX shadow-4.0.16-fix-useradd-usergroups.patch 3319 RMD160 22c4f916fe1f9da00b0d587b9976491426142f98 SHA1 b08cb5129717c040479f287e0c7851da27b77483 SHA256 b9428435b51341f23be148fa6921408b595dd965a02d1ba731d1ff5b9caba786
+MD5 1815781072561fc469f3eb8bded50009 files/shadow-4.0.16-fix-useradd-usergroups.patch 3319
+RMD160 22c4f916fe1f9da00b0d587b9976491426142f98 files/shadow-4.0.16-fix-useradd-usergroups.patch 3319
+SHA256 b9428435b51341f23be148fa6921408b595dd965a02d1ba731d1ff5b9caba786 files/shadow-4.0.16-fix-useradd-usergroups.patch 3319
 AUX shadow-4.0.4.1-nonis.patch 1504 RMD160 f8e5fc3fb33c2d57206d813e88abe6a7d6198ed7 SHA1 2f05f7dcd62248c974b58909c8951a7eeb64f7a4 SHA256 3e126ef9e1e9b7d95297e2e1dd450557438f9a7f13a120fae8863e3d80534e08
 MD5 020e030c2d09b206e88cf9051ced6244 files/shadow-4.0.4.1-nonis.patch 1504
 RMD160 f8e5fc3fb33c2d57206d813e88abe6a7d6198ed7 files/shadow-4.0.4.1-nonis.patch 1504
@@ -229,13 +237,13 @@ AUX shadow-4.0.7-perms.patch 1768 RMD160 d0dcb046314fd9db40406617c77e93d4b18c3bb
 MD5 13cddd2e24cbcaf5164e13f9105c222c files/shadow-4.0.7-perms.patch 1768
 RMD160 d0dcb046314fd9db40406617c77e93d4b18c3bb2 files/shadow-4.0.7-perms.patch 1768
 SHA256 3cebd9b132cf64b9b33378e294538aa5d563e0cedceb8a14e7274df5547d322d files/shadow-4.0.7-perms.patch 1768
-DIST shadow-4.0.11.1.tar.bz2 1056103 RMD160 16453f7205c05a11a03cec79217ada57ae9c7f16 SHA256 f092452a1ee39cc15a205dc1bfdde596da78f96160c36e03c685723a634a3e3b
-DIST shadow-4.0.12.tar.bz2 1082217 RMD160 f0a532ee3d71c368313cbe9ab49f22986cde102c SHA256 abeeefd2cb3bfea62f8bdab29451f4585e7c4bb3b252b57e7e3a72ba9b0573cf
-DIST shadow-4.0.13.tar.bz2 1087998 RMD160 02124e789e13e877727eb9072ad43900d4e50f56 SHA256 ef31bc7511214cb84f0d8c1821f841269d75d40ca8d48b1913b3b529f954b962
+DIST shadow-4.0.11.1.tar.bz2 1056103 RMD160 16453f7205c05a11a03cec79217ada57ae9c7f16 SHA1 cf2d12493c2125cbbc122f5afb0ef8d98c6e7763 SHA256 f092452a1ee39cc15a205dc1bfdde596da78f96160c36e03c685723a634a3e3b
+DIST shadow-4.0.12.tar.bz2 1082217 RMD160 f0a532ee3d71c368313cbe9ab49f22986cde102c SHA1 cf54e6803d35a55ab8ed2df649f07c82d3a75b2c SHA256 abeeefd2cb3bfea62f8bdab29451f4585e7c4bb3b252b57e7e3a72ba9b0573cf
+DIST shadow-4.0.13.tar.bz2 1087998 RMD160 02124e789e13e877727eb9072ad43900d4e50f56 SHA1 0f605460c7826d7974089faf793ee2a973c9a176 SHA256 ef31bc7511214cb84f0d8c1821f841269d75d40ca8d48b1913b3b529f954b962
 DIST shadow-4.0.14.tar.bz2 1246902 RMD160 555bb154ba73b9e322ddd17517a77470cdfb7902 SHA1 7d8c504ae03421f9a75cfef3b97b9713782a6e91 SHA256 e9beb4edf8689f94c32e9a8f53d1c6c542ef1a5678e8037d4c452c53dfbeb0ae
 DIST shadow-4.0.15.tar.bz2 1294860 RMD160 b7b9ee9469561205037a1eacaa8791f069ba124c SHA1 0f7cd3366a032091fdffd2f8edf65056bd576cae SHA256 e486bdb083df453c2d15ac58887ef45a3006182c0cdb1c6092058ea588be538d
 DIST shadow-4.0.16.tar.bz2 1438030 RMD160 9ac436d89913441b448da90ece25b77e818f3bd4 SHA1 c8e739d935cb46d9cbc0654f373c2bff18110a55 SHA256 2cbd0af0b4682d91282d2d0ad3110e6dfcad4e365d25a3b6beaf7048dd477bdd
-DIST shadow-4.0.7.tar.bz2 1019749 RMD160 f8551c8267c8da60366f24db7370ec03273f38bc SHA256 4bf9a7289d1e72b03d53e94c9f5de13cdc9573809270dab27b203fa471518f1b
+DIST shadow-4.0.7.tar.bz2 1019749 RMD160 f8551c8267c8da60366f24db7370ec03273f38bc SHA1 5af35730c7fdff8d23021e05f0b7823abb658949 SHA256 4bf9a7289d1e72b03d53e94c9f5de13cdc9573809270dab27b203fa471518f1b
 EBUILD shadow-4.0.11.1-r1.ebuild 7065 RMD160 553033afb14b9b0808293d365df989dfcacff36b SHA1 6f13960c2c9a33bf26f3ff435e347348a20b04b7 SHA256 0dc36d228ded134469b9042d87b71fd6f72678b2201e367fd8419f415c950451
 MD5 ad6ed0863f5c1ead00f5cdfc2d399cab shadow-4.0.11.1-r1.ebuild 7065
 RMD160 553033afb14b9b0808293d365df989dfcacff36b shadow-4.0.11.1-r1.ebuild 7065
@@ -276,6 +284,10 @@ EBUILD shadow-4.0.15.ebuild 7381 RMD160 1c7e6e9121f50c3c95574bb80276e40fde1e8f77
 MD5 7c680b08d906f9d4c044fdd536a6cbf5 shadow-4.0.15.ebuild 7381
 RMD160 1c7e6e9121f50c3c95574bb80276e40fde1e8f77 shadow-4.0.15.ebuild 7381
 SHA256 6312212d7e5547d940ae2254966e2808bc861ae6263291d58e0a7fe882a1d729 shadow-4.0.15.ebuild 7381
+EBUILD shadow-4.0.16-r1.ebuild 7998 RMD160 ea2a8974019e31908545a3e0299aba04c4074a07 SHA1 49ea42937552a7f095db437997a5e746fcdde929 SHA256 7a158276d2e93fb80608352684c9422a3a7fb4a44ebdf4be0dd177567760a3db
+MD5 6e517366770a6377d3b70debfae0ccfa shadow-4.0.16-r1.ebuild 7998
+RMD160 ea2a8974019e31908545a3e0299aba04c4074a07 shadow-4.0.16-r1.ebuild 7998
+SHA256 7a158276d2e93fb80608352684c9422a3a7fb4a44ebdf4be0dd177567760a3db shadow-4.0.16-r1.ebuild 7998
 EBUILD shadow-4.0.16.ebuild 7859 RMD160 c6d9daa8fe627b319a58feeb8b368a82bc625c21 SHA1 e84b5c75347cdba0dc677a8fde19be6ac02e9e3d SHA256 18d7a98721c9b87c013484f745761b71531d0c4b7af2831aa9fc66ec339d9a94
 MD5 1b67a09df50732f5cc89f25cad61e29b shadow-4.0.16.ebuild 7859
 RMD160 c6d9daa8fe627b319a58feeb8b368a82bc625c21 shadow-4.0.16.ebuild 7859
@@ -284,10 +296,10 @@ EBUILD shadow-4.0.7-r4.ebuild 7163 RMD160 0622f67c225f3cb59116708993ac7d269fd4b8
 MD5 550a7571df41e2be2d4808f6a2ba51a7 shadow-4.0.7-r4.ebuild 7163
 RMD160 0622f67c225f3cb59116708993ac7d269fd4b868 shadow-4.0.7-r4.ebuild 7163
 SHA256 e6b7becb236cbba5362ebc9475b6974893c3c90164384ba572be273966e1ba48 shadow-4.0.7-r4.ebuild 7163
-MISC ChangeLog 27520 RMD160 e885348cd21dcae53d4a3fc084e58d4f4aa0a096 SHA1 f27390c2e01078e843cf11b771fb388359614f81 SHA256 1a940e5ca1a5482c7dc3dac3d0e097d76f5ec6e10e0e9c17e0b91c3a58be5456
-MD5 03a7897db241cd1c33b92a574be7eca9 ChangeLog 27520
-RMD160 e885348cd21dcae53d4a3fc084e58d4f4aa0a096 ChangeLog 27520
-SHA256 1a940e5ca1a5482c7dc3dac3d0e097d76f5ec6e10e0e9c17e0b91c3a58be5456 ChangeLog 27520
+MISC ChangeLog 27864 RMD160 22f40eb7195b65e5486b7b4f5956e804e122b23b SHA1 83334331b4fd894771124b469d976007a95866aa SHA256 43a1cd965637aaa6e5341fc81e5e6ab695e1acb4f9da773f037bb44ddcf6a6e7
+MD5 b90e0f1490372c4e3c1a815db948d1ba ChangeLog 27864
+RMD160 22f40eb7195b65e5486b7b4f5956e804e122b23b ChangeLog 27864
+SHA256 43a1cd965637aaa6e5341fc81e5e6ab695e1acb4f9da773f037bb44ddcf6a6e7 ChangeLog 27864
 MISC metadata.xml 164 RMD160 f43cbec30b7074319087c9acffdb9354b17b0db3 SHA1 9c213f5803676c56439df3716be07d6692588856 SHA256 f5f2891f2a4791cd31350bb2bb572131ad7235cd0eeb124c9912c187ac10ce92
 MD5 9a09f8d531c582e78977dbfd96edc1f2 metadata.xml 164
 RMD160 f43cbec30b7074319087c9acffdb9354b17b0db3 metadata.xml 164
@@ -325,13 +337,16 @@ SHA256 10c8764de8a7feb230419e232290d7f8c35a28ad69e7174b509fcd358aeed237 files/di
 MD5 dc4586eb93a7af1f6ffa24a8a0385574 files/digest-shadow-4.0.16 247
 RMD160 2fa0ba2c0ca819c44877181ee35df012d16caa0e files/digest-shadow-4.0.16 247
 SHA256 f4adf1db93b22fcaf350fa669ba59de6c502ca80104d3fdcf18bf8ff3d7845e9 files/digest-shadow-4.0.16 247
+MD5 dc4586eb93a7af1f6ffa24a8a0385574 files/digest-shadow-4.0.16-r1 247
+RMD160 2fa0ba2c0ca819c44877181ee35df012d16caa0e files/digest-shadow-4.0.16-r1 247
+SHA256 f4adf1db93b22fcaf350fa669ba59de6c502ca80104d3fdcf18bf8ff3d7845e9 files/digest-shadow-4.0.16-r1 247
 MD5 9130da1995073352cee951d0a18ad227 files/digest-shadow-4.0.7-r4 244
 RMD160 6c749ed8204533cd854c78251f158c2bd1d3a555 files/digest-shadow-4.0.7-r4 244
 SHA256 6945583c30661308f30bd36bf7e5e64c0b923a06914def8622b702b447daf849 files/digest-shadow-4.0.7-r4 244
 -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.3 (GNU/Linux)
+Version: GnuPG v1.4.4 (GNU/Linux)
 
-iD8DBQFEndHzamhnQswr0vIRAiCWAJwKgMlnNcqzkn4wOZmZvCKw0my00gCfWswL
-AVNfpQ41nNCwg9yiaLM3lik=
-=xqwW
+iD8DBQFEqse1amhnQswr0vIRAq3mAKCd6e71a7hS4FKJgL9zgAaDih1P2gCfR7y6
+xPbpjjE5HsTWEvISg8B022Y=
+=+zRn
 -----END PGP SIGNATURE-----
diff --git a/sys-apps/shadow/files/digest-shadow-4.0.16-r1 b/sys-apps/shadow/files/digest-shadow-4.0.16-r1
new file mode 100644
index 000000000000..e6b69a954530
--- /dev/null
+++ b/sys-apps/shadow/files/digest-shadow-4.0.16-r1
@@ -0,0 +1,3 @@
+MD5 1d91f7479143d1d705b94180c0d4874b shadow-4.0.16.tar.bz2 1438030
+RMD160 9ac436d89913441b448da90ece25b77e818f3bd4 shadow-4.0.16.tar.bz2 1438030
+SHA256 2cbd0af0b4682d91282d2d0ad3110e6dfcad4e365d25a3b6beaf7048dd477bdd shadow-4.0.16.tar.bz2 1438030
diff --git a/sys-apps/shadow/files/shadow-4.0.16-check-opendir.patch b/sys-apps/shadow/files/shadow-4.0.16-check-opendir.patch
new file mode 100644
index 000000000000..e0403cbaa654
--- /dev/null
+++ b/sys-apps/shadow/files/shadow-4.0.16-check-opendir.patch
@@ -0,0 +1,21 @@
+http://bugs.gentoo.org/139148
+
+e-mailed upstream
+
+Index: libmisc/copydir.c
+===================================================================
+RCS file: /cvsroot/shadow/libmisc/copydir.c,v
+retrieving revision 1.14
+diff -u -p -r1.14 copydir.c
+--- libmisc/copydir.c	7 May 2006 18:10:10 -0000	1.14
++++ libmisc/copydir.c	4 Jul 2006 19:42:22 -0000
+@@ -396,7 +396,8 @@ int remove_tree (const char *root)
+ 	 * is made set-ID.
+ 	 */
+ 
+-	dir = opendir (root);
++	if (!(dir = opendir (root)))
++		return -1;
+ 
+ 	while ((ent = readdir (dir))) {
+ 
diff --git a/sys-apps/shadow/files/shadow-4.0.16-fix-useradd-usergroups.patch b/sys-apps/shadow/files/shadow-4.0.16-fix-useradd-usergroups.patch
new file mode 100644
index 000000000000..3170869f0277
--- /dev/null
+++ b/sys-apps/shadow/files/shadow-4.0.16-fix-useradd-usergroups.patch
@@ -0,0 +1,105 @@
+http://bugs.gentoo.org/128715
+
+exact implementation details are still in discussion upstream, but this fixes 
+the behavior to not suck like current code
+
+Index: src/useradd.c
+===================================================================
+RCS file: /cvsroot/shadow/src/useradd.c,v
+retrieving revision 1.96
+diff -u -p -r1.96 useradd.c
+--- src/useradd.c	30 May 2006 18:28:45 -0000	1.96
++++ src/useradd.c	10 Jun 2006 22:13:32 -0000
+@@ -114,7 +114,7 @@ static int do_grp_update = 0;	/* group f
+ static char *Prog;
+ 
+ static int
+- bflg = 0,			/* new default root of home directory */
++    bflg = 0,			/* new default root of home directory */
+     cflg = 0,			/* comment (GECOS) field for new account */
+     dflg = 0,			/* home directory for new account */
+     Dflg = 0,			/* set/show new user default values */
+@@ -253,6 +253,12 @@ static void get_defaults (void)
+ 	const struct group *grp;
+ 
+ 	/*
++	 * Pull relevant settings from login.defs first.
++	 */
++	if (getdef_bool ("USERGROUPS_ENAB"))
++		nflg = -1;
++
++	/*
+ 	 * Open the defaults file for reading.
+ 	 */
+ 
+@@ -628,6 +634,8 @@ static void usage (void)
+ 			   "  -K, --key KEY=VALUE		overrides /etc/login.defs defaults\n"
+ 			   "  -m, --create-home		create home directory for the new user\n"
+ 			   "				account\n"
++			   "  -n, --user-group		create a new group with the same name as the\n"
++			   "				new user\n"
+ 			   "  -o, --non-unique		allow create user with duplicate\n"
+ 			   "				(non-unique) UID\n"
+ 			   "  -p, --password PASSWORD	use encrypted password for the new user\n"
+@@ -1009,6 +1017,7 @@ static void process_flags (int argc, cha
+ 			{"skel", required_argument, NULL, 'k'},
+ 			{"key", required_argument, NULL, 'K'},
+ 			{"create-home", no_argument, NULL, 'm'},
++			{"user-group", no_argument, NULL, 'n'},
+ 			{"non-unique", no_argument, NULL, 'o'},
+ 			{"password", required_argument, NULL, 'p'},
+ 			{"shell", required_argument, NULL, 's'},
+@@ -1016,7 +1025,7 @@ static void process_flags (int argc, cha
+ 			{NULL, 0, NULL, '\0'}
+ 		};
+ 		while ((c =
+-			getopt_long (argc, argv, "b:c:d:De:f:g:G:k:K:mMop:s:u:",
++			getopt_long (argc, argv, "b:c:d:De:f:g:G:k:K:mMnop:s:u:",
+ 				     long_options, NULL)) != -1) {
+ 			switch (c) {
+ 			case 'b':
+@@ -1156,6 +1165,9 @@ static void process_flags (int argc, cha
+ 			case 'm':
+ 				mflg++;
+ 				break;
++			case 'n':
++				nflg = 1;
++				break;
+ 			case 'o':
+ 				oflg++;
+ 				break;
+@@ -1203,6 +1215,16 @@ static void process_flags (int argc, cha
+ 		usage ();
+ 
+ 	/*
++	 * Using --gid and --user-group doesn't make sense.
++	 */
++	if (nflg == -1 && gflg)
++		nflg = 0;
++	if (nflg && gflg) {
++		fprintf (stderr, _("%s: options -g and -n conflict\n"), Prog);
++		exit (E_BAD_ARG);
++	}
++
++	/*
+ 	 * Either -D or username is required. Defaults can be set with -D
+ 	 * for the -b, -e, -f, -g, -s options only.
+ 	 */
+@@ -1725,7 +1747,7 @@ int main (int argc, char **argv)
+ 	 * to that group, use useradd -g username username.
+ 	 * --bero
+ 	 */
+-	if (!gflg) {
++	if (nflg) {
+ 		if (getgrnam (user_name)) {
+ 			fprintf (stderr,
+ 				 _
+@@ -1759,7 +1781,7 @@ int main (int argc, char **argv)
+ 
+ 	/* do we have to add a group for that user? This is why we need to
+ 	 * open the group files in the open_files() function  --gafton */
+-	if (!(nflg || gflg)) {
++	if (nflg) {
+ 		find_new_gid ();
+ 		grp_add ();
+ 	}
diff --git a/sys-apps/shadow/shadow-4.0.16-r1.ebuild b/sys-apps/shadow/shadow-4.0.16-r1.ebuild
new file mode 100644
index 000000000000..f2e1bff2b914
--- /dev/null
+++ b/sys-apps/shadow/shadow-4.0.16-r1.ebuild
@@ -0,0 +1,269 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/shadow-4.0.16-r1.ebuild,v 1.1 2006/07/04 19:55:18 vapier Exp $
+
+inherit eutils libtool toolchain-funcs flag-o-matic autotools pam
+
+# We should remove this login after pam-0.78 goes stable.
+FORCE_SYSTEMAUTH_UPDATE="no"
+
+DESCRIPTION="Utilities to deal with user accounts"
+HOMEPAGE="http://shadow.pld.org.pl/"
+SRC_URI="ftp://ftp.pld.org.pl/software/${PN}/${P}.tar.bz2"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="nls pam selinux skey nousuid"
+
+RDEPEND=">=sys-libs/cracklib-2.7-r3
+	pam? ( virtual/pam )
+	!sys-apps/pam-login
+	skey? ( app-admin/skey )
+	selinux? ( >=sys-libs/libselinux-1.28 )
+	nls? ( virtual/libintl )"
+DEPEND="${RDEPEND}
+	>=sys-apps/portage-2.0.51-r2
+	nls? ( sys-devel/gettext )"
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+
+	# uclibc support, corrects NIS usage
+	epatch "${FILESDIR}"/${PN}-4.0.13-nonis.patch
+
+	# If su should not simulate a login shell, use '/bin/sh' as shell to enable
+	# running of commands as user with /bin/false as shell, closing bug #15015.
+	# *** This one could be a security hole; disable for now ***
+	#epatch "${FILESDIR}"/${P}-nologin-run-sh.patch
+
+	# tweak the default login.defs
+	epatch "${FILESDIR}"/${PN}-4.0.13-login.defs.patch
+
+	# Make user/group names more flexible #3485 / #22920
+	epatch "${FILESDIR}"/${PN}-4.0.13-dots-in-usernames.patch
+	epatch "${FILESDIR}"/${PN}-4.0.13-long-groupnames.patch
+
+	# Fix compiling with gcc-2.95.x
+	epatch "${FILESDIR}"/${PN}-4.0.12-gcc2.patch
+
+	# Patch from upstream enables the new environment too early for PAM
+	epatch "${FILESDIR}"/${PN}-4.0.14-su-fix-environment.patch
+
+	# lock down setuid perms #47208
+	epatch "${FILESDIR}"/${PN}-4.0.11.1-perms.patch
+
+	epatch "${FILESDIR}"/${PN}-4.0.15-uclibc-missing-l64a.patch
+
+	epatch "${FILESDIR}"/${PN}-4.0.16-check-opendir.patch #139148
+	epatch "${FILESDIR}"/${PN}-4.0.16-fix-useradd-usergroups.patch #128715
+
+	# Needed by the UCLIBC patches
+	eautoconf || die
+
+	elibtoolize
+	epunt_cxx
+}
+
+src_compile() {
+	append-ldflags $(bindnow-flags)
+	tc-is-cross-compiler && export ac_cv_func_setpgrp_void=yes
+	econf \
+		--disable-desrpc \
+		--with-libcrypt \
+		--with-libcrack \
+		--enable-shared=no \
+		--enable-static=yes \
+		$(use_with pam libpam) \
+		$(use_with skey) \
+		$(use_with selinux) \
+		$(use_enable nls) \
+		|| die "bad configure"
+	emake || die "compile problem"
+}
+
+src_install() {
+	local perms=4711
+	use nousuid && perms=711
+	make DESTDIR="${D}" suiduperms=${perms} install || die "install problem"
+	dosym useradd /usr/sbin/adduser
+
+	# Remove libshadow and libmisc; see bug 37725 and the following
+	# comment from shadow's README.linux:
+	#   Currently, libshadow.a is for internal use only, so if you see
+	#   -lshadow in a Makefile of some other package, it is safe to
+	#   remove it.
+	rm -f "${D}"/{,usr/}$(get_libdir)/lib{misc,shadow}.{a,la}
+
+	insinto /etc
+	# Using a securetty with devfs device names added
+	# (compat names kept for non-devfs compatibility)
+	insopts -m0600 ; doins "${FILESDIR}"/securetty
+	if ! use pam ; then
+		insopts -m0600
+		doins etc/login.access etc/limits
+	else
+		newpamd "${FILESDIR}/login.pamd" login
+		use selinux || sed -i -e '/@selinux@/d' "${D}"/etc/pam.d/login
+		use selinux && sed -i -e 's:@selinux@::g' "${D}"/etc/pam.d/login
+
+		insinto /etc
+		insopts -m0644
+		newins "${FILESDIR}/login.defs" login.defs
+
+		# Also install another one that we can use to check if
+		# we need to update it if FORCE_LOGIN_DEFS = "yes"
+		[ "${FORCE_LOGIN_DEFS}" = "yes" ] \
+			&& newins "${FILESDIR}/login.defs" login.defs.new
+	fi
+	# Output arch-specific cruft
+	case $(tc-arch) in
+		ppc*)  echo "hvc0" >> "${D}"/etc/securetty
+		       echo "hvsi0" >> "${D}"/etc/securetty;;
+		hppa)  echo "ttyB0" >> "${D}"/etc/securetty;;
+		arm)   echo "ttyFB0" >> "${D}"/etc/securetty;;
+	esac
+
+	# needed for 'adduser -D'
+	insinto /etc/default
+	insopts -m0600
+	doins "${FILESDIR}"/default/useradd
+
+	# move passwd to / to help recover broke systems #64441
+	mv "${D}"/usr/bin/passwd "${D}"/bin/
+	dosym /bin/passwd /usr/bin/passwd
+
+	if use pam ; then
+		local INSTALL_SYSTEM_PAMD="yes"
+
+		# Do not install below pam.d files if we have pam-0.78 or later
+		has_version '>=sys-libs/pam-0.78' && \
+			INSTALL_SYSTEM_PAMD="no"
+
+		for x in "${FILESDIR}"/pam.d-include/*; do
+			case "${x##*/}" in
+				"login")
+					# We do no longer install this one, as its from
+					# pam-login now.
+					;;
+				"system-auth"|"system-auth-1.1"|"other")
+					# These we only install if we do not have pam-0.78
+					# or later.
+					[ "${INSTALL_SYSTEM_PAMD}" = "yes" ] && [ -f ${x} ] && \
+						dopamd ${x}
+					;;
+				"su")
+					# Disable support for pam_env and pam_wheel on openpam
+					has_version sys-libs/pam && dopamd ${x}
+					;;
+				"su-openpam")
+					has_version sys-libs/openpam && newpamd ${x} su
+					;;
+				*)
+					[ -f ${x} ] && dopamd ${x}
+					;;
+			esac
+		done
+		for x in chage chsh chfn chpasswd newusers \
+		         user{add,del,mod} group{add,del,mod} ; do
+			newpamd "${FILESDIR}"/pam.d-include/shadow ${x}
+		done
+
+		# Only add this one if needed.
+		if [ "${FORCE_SYSTEMAUTH_UPDATE}" = "yes" ]; then
+			newpamd "${FILESDIR}"/pam.d-include/system-auth-1.1 system-auth.new || \
+				die "Failed to install system-auth.new!"
+		fi
+
+		# remove manpages that pam will install for us
+		# and/or don't apply when using pam
+
+		find "${D}"/usr/share/man \
+			'(' -name 'limits.5*' -o -name 'suauth.5*' ')' \
+			-exec rm {} \;
+	else
+		insinto /etc
+		insopts -m0644
+		newins etc/login.defs login.defs
+	fi
+
+	# libshadow_getpass() is only used sometimes now which means
+	# GETPASS_ASTERISKS may not always be applicable
+	use skey || sed -i -e '/^GETPASS_ASTERISKS/s:^:#:' "${D}"/etc/login.defs
+
+	# Remove manpages that are handled by other packages
+	find "${D}"/usr/share/man \
+		'(' -name id.1 -o -name passwd.5 -o -name getspnam.3 ')' \
+		-exec rm {} \;
+
+	cd "${S}"
+	dodoc ChangeLog NEWS TODO
+	newdoc README README.download
+	cd doc
+	dodoc HOWTO LSM README* WISHLIST *.txt
+}
+
+pkg_preinst() {
+	rm -f "${ROOT}"/etc/pam.d/system-auth.new \
+		"${ROOT}/etc/login.defs.new"
+}
+
+pkg_postinst() {
+	# Enable shadow groups (we need ROOT=/ here, as grpconv only
+	# operate on / ...).
+	if [[ ${ROOT} == / && ! -f /etc/gshadow ]] ; then
+		if grpck -r &>/dev/null; then
+			grpconv
+		else
+			ewarn "Running 'grpck' returned errors.  Please run it by hand, and then"
+			ewarn "run 'grpconv' afterwards!"
+		fi
+	fi
+
+	use pam || return 0
+
+	if [ "${FORCE_SYSTEMAUTH_UPDATE}" = "yes" ]; then
+		local CHECK1=$(md5sum "${ROOT}"/etc/pam.d/system-auth | cut -d ' ' -f 1)
+		local CHECK2=$(md5sum "${ROOT}"/etc/pam.d/system-auth.new | cut -d ' ' -f 1)
+
+		if [ "${CHECK1}" != "${CHECK2}" ]; then
+			ewarn "Due to a security issue, ${ROOT}etc/pam.d/system-auth "
+			ewarn "is being updated automatically. Your old "
+			ewarn "system-auth will be backed up as:"
+			ewarn
+			ewarn "  ${ROOT}etc/pam.d/system-auth.bak"
+			echo
+
+			cp -pPR "${ROOT}"/etc/pam.d/system-auth \
+				"${ROOT}"/etc/pam.d/system-auth.bak;
+			mv -f "${ROOT}"/etc/pam.d/system-auth.new \
+				"${ROOT}"/etc/pam.d/system-auth
+			rm -f "${ROOT}"/etc/pam.d/._cfg????_system-auth
+		else
+			rm -f "${ROOT}"/etc/pam.d/system-auth.new
+		fi
+	fi
+
+	[ "${FORCE_LOGIN_DEFS}" != "yes" ] && return 0
+
+	ewarn "Due to a compatibility issue, ${ROOT}etc/login.defs "
+	ewarn "is being updated automatically. Your old login.defs"
+	ewarn "will be backed up as:  ${ROOT}etc/login.defs.bak"
+	echo
+
+	local CHECK1="`md5sum ${ROOT}/etc/login.defs | cut -d ' ' -f 1`"
+	local CHECK2="`md5sum ${ROOT}/etc/login.defs.new | cut -d ' ' -f 1`"
+
+	if [ "${CHECK1}" != "${CHECK2}" ]
+	then
+		cp -pPR ${ROOT}/etc/login.defs ${ROOT}/etc/login.defs.bak
+		mv -f ${ROOT}/etc/login.defs.new ${ROOT}/etc/login.defs
+	elif [ ! -f ${ROOT}/etc/login.defs ]
+	then
+		mv -f ${ROOT}/etc/login.defs.new ${ROOT}/etc/login.defs
+	else
+		rm -f ${ROOT}/etc/login.defs.new
+	fi
+}
+