diff options
| -rw-r--r-- | sys-apps/shadow/ChangeLog | 9 | ||||
| -rw-r--r-- | sys-apps/shadow/Manifest | 52 | ||||
| -rw-r--r-- | sys-apps/shadow/files/digest-shadow-4.0.4.1-r3 | 1 | ||||
| -rw-r--r-- | sys-apps/shadow/files/shadow-4.0.4.1-selinux.diff | 14 | ||||
| -rw-r--r-- | sys-apps/shadow/shadow-4.0.4.1-r3.ebuild | 208 |
5 files changed, 262 insertions, 22 deletions
diff --git a/sys-apps/shadow/ChangeLog b/sys-apps/shadow/ChangeLog index 6786a654e95f..df440417f0ba 100644 --- a/sys-apps/shadow/ChangeLog +++ b/sys-apps/shadow/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for sys-apps/shadow # Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/ChangeLog,v 1.62 2004/07/03 19:19:58 kumba Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/ChangeLog,v 1.63 2004/07/03 19:59:59 pebenito Exp $ + +*shadow-4.0.4.1-r3 (03 Jul 2004) + + 03 Jul 2004; Chris PeBenito <pebenito@gentoo.org> + files/shadow-4.0.4.1-selinux.diff, +shadow-4.0.4.1-r3.ebuild: + Fix /etc/passwd labeling issue in SELinux patch caught by Petre Rodan in + #55781. Otherwise same as 4.0.4.1-r2. 03 Jul 2004; Joshua Kinard <kumba@gentoo.org> shadow-4.0.4.1-r2.ebuild: Marked stable on mips. diff --git a/sys-apps/shadow/Manifest b/sys-apps/shadow/Manifest index b7a98346ba1f..3e14bdcf03a7 100644 --- a/sys-apps/shadow/Manifest +++ b/sys-apps/shadow/Manifest @@ -1,32 +1,44 @@ -MD5 743d580753d817ab8c96ccfa5961b3fb ChangeLog 12165 +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +MD5 2c879ee051005338dfd0931201113812 shadow-4.0.4.1-r3.ebuild 5975 +MD5 7a12eb2fb15aaefb0330c5decfa661f0 shadow-4.0.4.1.ebuild 5786 +MD5 40bfbf55a5f84cdd7707fe1c657c0c99 shadow-4.0.4.1-r2.ebuild 5972 +MD5 fa1a0cd9ad21289827250583dc58aa56 ChangeLog 12434 MD5 9a09f8d531c582e78977dbfd96edc1f2 metadata.xml 164 -MD5 5cc1cb6f463c7f2176e8ff0545435f13 shadow-4.0.3-r10.ebuild 5891 MD5 bdd034fc6e41a26cc2eccd7b9b232f32 shadow-4.0.3-r9.ebuild 5792 +MD5 5cc1cb6f463c7f2176e8ff0545435f13 shadow-4.0.3-r10.ebuild 5891 MD5 589134b7fc99429c59699bb4faab8be7 shadow-4.0.4.1-r1.ebuild 6090 -MD5 40bfbf55a5f84cdd7707fe1c657c0c99 shadow-4.0.4.1-r2.ebuild 5972 -MD5 7a12eb2fb15aaefb0330c5decfa661f0 shadow-4.0.4.1.ebuild 5786 -MD5 52fc2a150fc27350a5f9990e0007d064 files/digest-shadow-4.0.3-r10 65 -MD5 52fc2a150fc27350a5f9990e0007d064 files/digest-shadow-4.0.3-r9 65 -MD5 cef6788bc7c8c5468c1b1f68df77ed9e files/digest-shadow-4.0.4.1 67 +MD5 aaf16ddabef285df169e37254b13561c files/shadow-4.0.4.1-selinux.diff 4296 +MD5 020e030c2d09b206e88cf9051ced6244 files/shadow-4.0.4.1-nonis.patch 1504 +MD5 201f1321262da41ccd1a0283216ae9a7 files/shadow-4.0.4.1-su-pam_open_session.patch 4886 MD5 cef6788bc7c8c5468c1b1f68df77ed9e files/digest-shadow-4.0.4.1-r1 67 +MD5 94728414b91e556a211379f6acc9b52d files/shadow-4.0.3-selinux.diff 3940 MD5 cef6788bc7c8c5468c1b1f68df77ed9e files/digest-shadow-4.0.4.1-r2 67 +MD5 5be850b601aabd73a43b1a3bbb893386 files/shadow-4.0.3-nologin-run-sh.patch 972 MD5 e70a5f61d37c3c67a4b860d8a6191dbc files/securetty 230 MD5 d0d7abec0c499ad20d2fbc865215c3e6 files/shadow-4.0.3-gcc34-xmalloc.patch 260 -MD5 5be850b601aabd73a43b1a3bbb893386 files/shadow-4.0.3-nologin-run-sh.patch 972 -MD5 94728414b91e556a211379f6acc9b52d files/shadow-4.0.3-selinux.diff 3940 -MD5 6dfd34cef0901f49a1899aa59219bc8f files/shadow-4.0.3-shared-needs-pam.patch 646 -MD5 13c8bec4c2cffb2d73c2f5aa01229d03 files/shadow-4.0.3-su-pam_open_session.patch-v2 4882 +MD5 bb55107c3a9354ef2d1977547fdb5a83 files/shadow-4.0.4.1-useradd-manpage-update.patch 958 +MD5 52fc2a150fc27350a5f9990e0007d064 files/digest-shadow-4.0.3-r9 65 +MD5 cef6788bc7c8c5468c1b1f68df77ed9e files/digest-shadow-4.0.4.1 67 MD5 de1e23b4a7d38545475dffc3c9dc73a0 files/shadow-4.0.3-useradd-manpage-update.patch 804 +MD5 13c8bec4c2cffb2d73c2f5aa01229d03 files/shadow-4.0.3-su-pam_open_session.patch-v2 4882 +MD5 52fc2a150fc27350a5f9990e0007d064 files/digest-shadow-4.0.3-r10 65 +MD5 cef6788bc7c8c5468c1b1f68df77ed9e files/digest-shadow-4.0.4.1-r3 67 MD5 b8efca60a25e256eebe54c3d0db0760f files/shadow-4.0.4.1-gcc34-xmalloc.patch 361 -MD5 020e030c2d09b206e88cf9051ced6244 files/shadow-4.0.4.1-nonis.patch 1504 -MD5 ab9789d22ebb1e74be504dcd71e23132 files/shadow-4.0.4.1-selinux.diff 3926 -MD5 201f1321262da41ccd1a0283216ae9a7 files/shadow-4.0.4.1-su-pam_open_session.patch 4886 -MD5 bb55107c3a9354ef2d1977547fdb5a83 files/shadow-4.0.4.1-useradd-manpage-update.patch 958 -MD5 6e0bc0211949c624da0ea08d994a7038 files/default/useradd 96 +MD5 6dfd34cef0901f49a1899aa59219bc8f files/shadow-4.0.3-shared-needs-pam.patch 646 +MD5 0a8b62ed0426b607b92e275d63fa7cbf files/pam.d/su 1247 +MD5 60d44a6f43aafcb9ca35858ab2534a49 files/pam.d/shadow 227 MD5 51b0337bd261f6ed5e53af5dc196431a files/pam.d/system-auth 499 -MD5 a5311bbc9c1fc378a6b0bfb3ca1b2394 files/pam.d/login 431 -MD5 344d17a865edc40adebe07797853c839 files/pam.d/other 198 MD5 a1c7fb84c2dc309db86ba7b8d3dfae76 files/pam.d/passwd 214 -MD5 60d44a6f43aafcb9ca35858ab2534a49 files/pam.d/shadow 227 -MD5 0a8b62ed0426b607b92e275d63fa7cbf files/pam.d/su 1247 MD5 1baa646400c4a596290e9d4b9e1c09b2 files/pam.d/system-auth-1.1 491 +MD5 a5311bbc9c1fc378a6b0bfb3ca1b2394 files/pam.d/login 431 +MD5 344d17a865edc40adebe07797853c839 files/pam.d/other 198 +MD5 6e0bc0211949c624da0ea08d994a7038 files/default/useradd 96 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.4 (GNU/Linux) + +iD8DBQFA5xBOGFJQsIJWJy4RAlD/AJ0XFmuG7vKEFDF/5TMHSgi1vAqJlgCfRTQX +uisOITIvcpWQ7iXvoOhLlWY= +=2ZmJ +-----END PGP SIGNATURE----- diff --git a/sys-apps/shadow/files/digest-shadow-4.0.4.1-r3 b/sys-apps/shadow/files/digest-shadow-4.0.4.1-r3 new file mode 100644 index 000000000000..86c719561f0b --- /dev/null +++ b/sys-apps/shadow/files/digest-shadow-4.0.4.1-r3 @@ -0,0 +1 @@ +MD5 3a3d17d3d7c630b602baf66ae7434c61 shadow-4.0.4.1.tar.bz2 814234 diff --git a/sys-apps/shadow/files/shadow-4.0.4.1-selinux.diff b/sys-apps/shadow/files/shadow-4.0.4.1-selinux.diff index c2a15f80fd20..26e118125f77 100644 --- a/sys-apps/shadow/files/shadow-4.0.4.1-selinux.diff +++ b/sys-apps/shadow/files/shadow-4.0.4.1-selinux.diff @@ -10,6 +10,18 @@ diff -urN shadow-4.0.3.orig/lib/Makefile.am shadow-4.0.3/lib/Makefile.am INCLUDES = lib_LTLIBRARIES = libshadow.la +diff -urN shadow-4.0.3.orig/lib/Makefile.in shadow-4.0.3/lib/Makefile.in +--- shadow-4.0.3.orig/lib/Makefile.in 2004-01-14 16:15:26.000000000 +0200 ++++ shadow-4.0.3/lib/Makefile.in 2004-07-03 21:34:31.815854072 +0300 +@@ -56,7 +56,7 @@ + CXXFLAGS = @CXXFLAGS@ + CYGPATH_W = @CYGPATH_W@ + +-DEFS = ++DEFS = -DWITH_SELINUX + DEPDIR = @DEPDIR@ + ECHO = @ECHO@ + ECHO_C = @ECHO_C@ diff -urN shadow-4.0.3.orig/lib/commonio.c shadow-4.0.3/lib/commonio.c --- shadow-4.0.3.orig/lib/commonio.c 2001-11-17 07:15:52.000000000 -0600 +++ shadow-4.0.3/lib/commonio.c 2003-08-07 08:38:20.000000000 -0500 @@ -110,7 +122,7 @@ diff -urN shadow-4.0.3.orig/lib/commonio.h shadow-4.0.3/lib/commonio.h --- shadow-4.0.3.orig/lib/commonio.h 2001-08-14 16:09:54.000000000 -0500 +++ shadow-4.0.3/lib/commonio.h 2003-08-07 08:38:20.000000000 -0500 @@ -1,5 +1,8 @@ - /* $Id: shadow-4.0.4.1-selinux.diff,v 1.1 2004/01/23 19:51:06 pebenito Exp $ */ + /* $Id: shadow-4.0.4.1-selinux.diff,v 1.2 2004/07/03 19:59:59 pebenito Exp $ */ +#ifdef WITH_SELINUX +#include <selinux/selinux.h> diff --git a/sys-apps/shadow/shadow-4.0.4.1-r3.ebuild b/sys-apps/shadow/shadow-4.0.4.1-r3.ebuild new file mode 100644 index 000000000000..0c90a0538e62 --- /dev/null +++ b/sys-apps/shadow/shadow-4.0.4.1-r3.ebuild @@ -0,0 +1,208 @@ +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/shadow-4.0.4.1-r3.ebuild,v 1.1 2004/07/03 19:59:59 pebenito Exp $ + +inherit eutils libtool gnuconfig flag-o-matic + +FORCE_SYSTEMAUTH_UPDATE="no" + +SELINUX_PATCH="shadow-4.0.4.1-selinux.diff" + +HOMEPAGE="http://shadow.pld.org.pl/" +DESCRIPTION="Utilities to deal with user accounts" +SRC_URI="ftp://ftp.pld.org.pl/software/shadow/${P}.tar.bz2" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="x86 ~ppc ~sparc mips alpha ~arm ~mips ~hppa amd64 ia64 ~ppc64 ~s390" +IUSE="pam selinux nls uclibc" + +DEPEND=">=sys-libs/cracklib-2.7-r3 + pam? ( >=sys-libs/pam-0.75-r4 ) + nls? ( sys-devel/gettext ) + selinux? ( sys-libs/libselinux )" +RDEPEND=">=sys-libs/cracklib-2.7-r3 + pam? ( >=sys-libs/pam-0.75-r4 ) + selinux? ( sys-libs/libselinux )" + +pkg_preinst() { + rm -f ${ROOT}/etc/pam.d/system-auth.new +} + +src_unpack() { + unpack ${A} + + cd ${S} + + use selinux && epatch ${FILESDIR}/${SELINUX_PATCH} + + # uclibc support, corrects NIS usage + use uclibc && epatch ${FILESDIR}/shadow-4.0.4.1-nonis.patch + + # Get su to call pam_open_session(), and also set DISPLAY and XAUTHORITY, + # else the session entries in /etc/pam.d/su never get executed, and + # pam_xauth for one, is then never used. This should close bug #8831. + # + # <azarah@gentoo.org> (19 Oct 2002) + use pam && epatch ${FILESDIR}/${P}-su-pam_open_session.patch + + # If su should not simulate a login shell, use '/bin/sh' as shell to enable + # running of commands as user with /bin/false as shell, closing bug #15015. + # + # <azarah@gentoo.org> (23 Feb 2003) +# This one could be a security hole ... +# cd ${S}; epatch ${FILESDIR}/${P}-nologin-run-sh.patch + + # Patch the useradd manpage to be a bit more clear, closing bug #13203. + # Thanks to Guy <guycad@mindspring.com>. + epatch ${FILESDIR}/${P}-useradd-manpage-update.patch + + # Patch to correct the definition if malloc, so that shadow can compile + # using gcc 3.4. see bug #47455 for more information + epatch ${FILESDIR}/${P}-gcc34-xmalloc.patch +} + +src_compile() { + # Allows shadow configure detect mips systems properly + gnuconfig_update + elibtoolize + + local myconf + use pam \ + && myconf="${myconf} --with-libpam --with-libcrack" \ + || myconf="${myconf} --without-libpam" + + ./configure --disable-desrpc \ + --with-libcrypt \ + --with-libcrack \ + --enable-shared=no \ + --enable-static=yes \ + --host=${CHOST} \ + $(use_enable nls) \ + ${myconf} || die "bad configure" + + # Parallel make fails sometimes + emake -j1 || die "compile problem" +} + +src_install() { + dodir /etc/default /etc/skel + + make prefix=${D}/usr \ + exec_prefix=${D} \ + mandir=${D}/usr/share/man \ + install || die "install problem" + + # Remove libshadow and libmisc; see bug 37725 and the following + # comment from shadow's README.linux: + # Currently, libshadow.a is for internal use only, so if you see + # -lshadow in a Makefile of some other package, it is safe to + # remove it. + rm -f ${D}/lib/lib{misc,shadow}.{a,la} + + # Do not install this login, but rather the one from + # pam-login, as this one have a serious root exploit + # with pam_limits in use. + use pam && rm ${D}/bin/login + + dosym newgrp /usr/bin/sg + dosym useradd /usr/sbin/adduser + dosym vipw /usr/sbin/vigr + # Remove dead links + rm -f ${D}/bin/{sg,vipw,vigr} + + insinto /etc + # Using a securetty with devfs device names added + # (compat names kept for non-devfs compatibility) + insopts -m0600 ; doins ${FILESDIR}/securetty + insopts -m0600 ; doins ${S}/etc/login.access + insopts -m0644 ; doins ${S}/etc/limits + + # needed for 'adduser -D' + insinto /etc/default + insopts -m0600 + doins ${FILESDIR}/default/useradd + # From sys-apps/pam-login now + #insopts -m0644 ; doins ${FILESDIR}/login.defs + + if use pam; then + insinto /etc/pam.d ; insopts -m0644 + for x in ${FILESDIR}/pam.d/*; do + [ -f ${x} ] && doins ${x} + done + cd ${FILESDIR}/pam.d + # Make sure /etc/pam.d/system-auth is the new version .. + mv ${D}/etc/pam.d/system-auth-1.1 ${D}/etc/pam.d/system-auth + newins system-auth-1.1 system-auth.new || die + newins shadow chage + newins shadow chsh + newins shadow chfn + newins shadow useradd + newins shadow groupadd + fi + + cd ${S} + # The manpage install is beyond my comprehension, and + # also broken. Just do it over. + rm -rf ${D}/usr/share/man/* + + rm -f man/id.1 man/getspnam.3 man/passwd.5 + for x in man/*.[0-9] + do + [ -f ${x} ] && doman ${x} + done + + if ! use pam; then + # Dont install the manpage, since we dont use + # login with shadow + rm -f ${D}/usr/share/man/man1/login.* + # We use pam, so this is not applicable. + rm -f ${D}/usr/share/man/man5/suauth.* + fi + + cd ${S}/doc + dodoc ANNOUNCE INSTALL LICENSE README WISHLIST + docinto txt + dodoc HOWTO LSM README.* *.txt + + # Fix sparc serial console + if [ "${ARCH}" = "sparc" ] + then + # ttyS0 and its devfsd counterpart (Sparc serial port "A") + dosed 's:\(vc/1\)$:tts/0\n\1:' /etc/securetty + dosed 's:\(tty1\)$:ttyS0\n\1:' /etc/securetty + fi + + # fix hppa serial console + if [ "${ARCH}" = "hppa" ] + then + # ttyB0 is the PDC software console + dosed 's:\(vc/1\)$:tts/0\n\1:' /etc/securetty + dosed 's:\(tty1\)$:ttyS0\n\1:' /etc/securetty + dosed 's:\(tty1\)$:ttyB0\n\1:' /etc/securetty + fi +} + +pkg_postinst() { + use pam || return 0; + local CHECK1="$(md5sum ${ROOT}/etc/pam.d/system-auth | cut -d ' ' -f 1)" + local CHECK2="$(md5sum ${ROOT}/etc/pam.d/system-auth.new | cut -d ' ' -f 1)" + + if [ "${CHECK1}" != "${CHECK2}" -a "${FORCE_SYSTEMAUTH_UPDATE}" = "yes" ] + then + ewarn "Due to a security issue, ${ROOT}etc/pam.d/system-auth " + ewarn "is being updated automatically. Your old " + ewarn "system-auth will be backed up as:" + ewarn + ewarn " ${ROOT}etc/pam.d/system-auth.bak" + echo + + cp -a ${ROOT}/etc/pam.d/system-auth \ + ${ROOT}/etc/pam.d/system-auth.bak; + mv -f ${ROOT}/etc/pam.d/system-auth.new \ + ${ROOT}/etc/pam.d/system-auth + rm -f ${ROOT}/etc/pam.d/._cfg????_system-auth + else + rm -f ${ROOT}/etc/pam.d/system-auth.new + fi +} |