diff options
author | Nicolas Reynolds <fauno@kiwwwi.com.ar> | 2012-02-17 16:22:58 -0300 |
---|---|---|
committer | Nicolas Reynolds <fauno@kiwwwi.com.ar> | 2012-02-17 16:22:58 -0300 |
commit | 184903e07aa7b573b0acf162424afc969c07bd4b (patch) | |
tree | 538ba187cfb866efc3e1bb23be668882b8a5bb44 /core/shadow | |
parent | 3138d10936c63dc6444ac0dc55dd08b722b82309 (diff) | |
parent | 68998b64e2d81f7e77184b7f23ee141da1d0e2ff (diff) |
Merge branch 'master' of ssh://vparabola/home/parabola/abslibre-pre-mips64el
Conflicts:
community-testing/hostapd/PKGBUILD
community-testing/hostapd/config.bz2
community-testing/hostapd/hostap_allow-linking-with-libnl-3.2.patch
community-testing/hostapd/hostapd
community-testing/hostapd/hostapd.conf.d
community-testing/hostapd/hostapd.install
community-testing/ipvsadm/PKGBUILD
community-testing/ipvsadm/ipvsadm.conf
community-testing/ipvsadm/ipvsadm.rc
community-testing/ipvsadm/ipvsadm.rules
community-testing/keepalived/PKGBUILD
community-testing/keepalived/ip_vs_moved.patch
community-testing/keepalived/keepalived.conf
community-testing/keepalived/keepalived.rc
community-testing/knemo/PKGBUILD
community-testing/knemo/knemo.install
community-testing/simh/LICENSE
community-testing/simh/PKGBUILD
community-testing/simh/simh.install
community/fityk/PKGBUILD
community/ruby-gtk2/PKGBUILD
community/sage-mathematics/PKGBUILD
community/xylib/PKGBUILD
core/kmod/0001-libkmod-module-probe-fix-infinite-loop-with-softdeps.patch
extra/kradio/PKGBUILD
extra/phonon-gstreamer/PKGBUILD
extra/phonon-vlc/PKGBUILD
testing/bluez/PKGBUILD
testing/bluez/bluetooth.conf.d
testing/bluez/fix-a2dp.patch
testing/bluez/rc.bluetooth
testing/crda/PKGBUILD
testing/crda/crda.install
testing/crda/crda.rc
testing/crda/libnl32.patch
testing/iw/PKGBUILD
testing/kismet/PKGBUILD
testing/kismet/kismet.changelog
testing/kismet/kismet.install
testing/libnl/PKGBUILD
testing/libnl1/PKGBUILD
testing/libnl1/fix-compilation.patch
testing/libpcap/PKGBUILD
testing/libpcap/libnl32.patch
testing/net-snmp/PKGBUILD
testing/net-snmp/libnl32.patch
testing/net-snmp/snmpd.confd
testing/net-snmp/snmpd.rc
testing/networkmanager/NetworkManager.conf
testing/networkmanager/PKGBUILD
testing/networkmanager/disable_set_hostname.patch
testing/networkmanager/networkmanager.install
testing/ntrack/PKGBUILD
testing/ntrack/libnl3.patch
testing/wpa_supplicant/PKGBUILD
testing/wpa_supplicant/config
testing/wpa_supplicant/dbus.patch
testing/wpa_supplicant/hostap_allow-linking-with-libnl-3.2.patch
Diffstat (limited to 'core/shadow')
-rw-r--r-- | core/shadow/PKGBUILD | 80 | ||||
-rw-r--r-- | core/shadow/nscd-error-reporting.patch | 17 | ||||
-rw-r--r-- | core/shadow/shadow-strncpy-usage.patch | 36 | ||||
-rw-r--r-- | core/shadow/shadow.install | 2 | ||||
-rw-r--r-- | core/shadow/shadow_CVE-2011-0721.patch | 57 |
5 files changed, 81 insertions, 111 deletions
diff --git a/core/shadow/PKGBUILD b/core/shadow/PKGBUILD index e46251076..79fe34f29 100644 --- a/core/shadow/PKGBUILD +++ b/core/shadow/PKGBUILD @@ -1,10 +1,10 @@ -# $Id: PKGBUILD 144463 2011-12-06 10:57:36Z dreisner $ +# $Id: PKGBUILD 150333 2012-02-16 23:20:09Z dreisner $ # Maintainer: Dave Reisner <dreisner@archlinux.org> # Maintainer: Aaron Griffin <aaron@archlinux.org> pkgname=shadow -pkgver=4.1.4.3 -pkgrel=5 +pkgver=4.1.5 +pkgrel=3 pkgdesc="Password and account management tool suite with support for shadow files and PAM" arch=('i686' 'x86_64' 'mips64el') url='http://pkg-shadow.alioth.debian.org/' @@ -17,15 +17,26 @@ backup=(etc/login.defs etc/pam.d/{chfn,chgpasswd,groupmems,chsh} etc/default/useradd) options=('!libtool') -install=shadow.install -#http://pkg-shadow.alioth.debian.org/releases/shadow-$pkgver.tar.bz2 -# shadow 4.1.4.3 is just shadow 4.1.4.2 with shadow_CVE-2011-0721.patch applied -source=(ftp://ftp.archlinux.org/other/shadow/shadow_4.1.4.2+svn3283.orig.tar.gz - adduser chgpasswd chpasswd defaults.pam login login.defs newusers - passwd shadow.cron.daily useradd.defaults LICENSE - xstrdup.patch shadow_CVE-2011-0721.patch shadow-strncpy-usage.patch +install='shadow.install' +source=("http://pkg-shadow.alioth.debian.org/releases/$pkgname-$pkgver.tar.bz2"{,.sig} + LICENSE + adduser + chgpasswd + chpasswd + defaults.pam + login + login.defs + newusers + passwd + shadow.cron.daily + useradd.defaults + nscd-error-reporting.patch + xstrdup.patch + shadow-strncpy-usage.patch shadow-add-missing-include.patch) -sha1sums=('8b704b8f07718e329205f23d457c3121c0f3679e' +sha1sums=('3ab1ae0e30af36d04445314fcb5a079bdf05de41' + '0a31aafceb948a91fe7370a6378cafd6fd883145' + '33a6cf1e44a1410e5c9726c89e5de68b78f5f922' '78ec184a499f9708adcfcf0b7a3b22a60bf39f91' '4ad0e059406a305c8640ed30d93c2a1f62c2f4ad' '12427b1ca92a9b85ca8202239f0d9f50198b818f' @@ -36,39 +47,42 @@ sha1sums=('8b704b8f07718e329205f23d457c3121c0f3679e' '611be25d91c3f8f307c7fe2485d5f781e5dee75f' '5d83ba7e11c765c951867cbe00b0ae7ff57148fa' '9ae93de5987dd0ae428f0cc1a5a5a5cd53583f19' - '33a6cf1e44a1410e5c9726c89e5de68b78f5f922' + 'ae6eebb842c433ac4022c493294a13ed68e06acc' '6010fffeed1fc6673ad9875492e1193b1a847b53' - '6bfe6528391eb38d338beacedd620407877b637d' - '9db9e62ad173f31e1039121c0124cf60826ffd7e' + '21e12966a6befb25ec123b403cd9b5c492fe5b16' '0697a21f7519de30821da7772677035652df4ad2') build() { - cd "$srcdir/$pkgname-4.1.4.2+svn3283" + cd "$pkgname-$pkgver" + + # avoid transitive linking issues with binutils 2.22 + sed -i '/^user\(mod\|add\)_LDADD/s|$| -lattr|' src/Makefile.am - #Ugh, force this to build shared libraries, for god's sake - sed -i "s/noinst_LTLIBRARIES/lib_LTLIBRARIES/g" lib/Makefile.am - libtoolize - autoreconf - export LDFLAGS="$LDFLAGS -lcrypt" + # link to glibc's crypt(3) + LDFLAGS+=" -lcrypt" - patch -p1 -i "$srcdir/xstrdup.patch" - patch -p1 -i "$srcdir/shadow_CVE-2011-0721.patch" - patch -p1 -i "$srcdir/shadow-strncpy-usage.patch" - patch -p1 -i "$srcdir/shadow-add-missing-include.patch" + patch -Np1 <"$srcdir/xstrdup.patch" + patch -Np1 <"$srcdir/shadow-strncpy-usage.patch" + patch -Np1 <"$srcdir/shadow-add-missing-include.patch" + patch -Np1 <"$srcdir/nscd-error-reporting.patch" # supress etc/pam.d/*, we provide our own sed -i '/^SUBDIRS/s/pam.d//' etc/Makefile.in ./configure \ - --prefix=/usr --libdir=/lib \ - --mandir=/usr/share/man --sysconfdir=/etc \ - --enable-shared --disable-static \ - --with-libpam --without-selinux + --prefix=/usr \ + --libdir=/lib \ + --mandir=/usr/share/man \ + --sysconfdir=/etc \ + --with-libpam \ + --without-selinux + make } package() { - cd "$srcdir/$pkgname-4.1.4.2+svn3283" + cd "$pkgname-$pkgver" + make DESTDIR="$pkgdir" install # license @@ -87,11 +101,9 @@ package() { install -Dm644 "$srcdir/login.defs" "$pkgdir/etc/login.defs" # PAM config - custom - install -Dm644 "$srcdir/login" "$pkgdir/etc/pam.d/login" - install -Dm644 "$srcdir/passwd" "$pkgdir/etc/pam.d/passwd" - install -Dm644 "$srcdir/chgpasswd" "$pkgdir/etc/pam.d/chgpasswd" - install -Dm644 "$srcdir/chpasswd" "$pkgdir/etc/pam.d/chpasswd" - install -Dm644 "$srcdir/newusers" "$pkgdir/etc/pam.d/newusers" + install -dm755 "$pkgdir/etc/pam.d" + install -t "$pkgdir/etc/pam.d" -m644 "$srcdir"/{login,passwd,chgpasswd,chpasswd,newusers} + # PAM config - from tarball install -Dm644 etc/pam.d/groupmems "$pkgdir/etc/pam.d/groupmems" diff --git a/core/shadow/nscd-error-reporting.patch b/core/shadow/nscd-error-reporting.patch new file mode 100644 index 000000000..a4075756e --- /dev/null +++ b/core/shadow/nscd-error-reporting.patch @@ -0,0 +1,17 @@ +diff --git a/upstream/trunk/lib/nscd.c b/upstream/trunk/lib/nscd.c +index 227c205..7adb58f 100644 +--- a/lib/nscd.c ++++ b/lib/nscd.c +@@ -39,8 +39,11 @@ int nscd_flush_cache (const char *service) + /* nscd is not installed, or it is installed but uses an + interpreter that is missing. Probably the former. */ + return 0; ++ } else if (code == 1) { ++ /* nscd is installed, but it isn't active. */ ++ return 0; + } else if (code != 0) { +- (void) fprintf (stderr, _("%s: nscd exited with status %d"), ++ (void) fprintf (stderr, _("%s: nscd exited with status %d\n"), + Prog, code); + (void) fprintf (stderr, _(MSG_NSCD_FLUSH_CACHE_FAILED), Prog); + return -1; diff --git a/core/shadow/shadow-strncpy-usage.patch b/core/shadow/shadow-strncpy-usage.patch index 46df74ace..5aba8fa01 100644 --- a/core/shadow/shadow-strncpy-usage.patch +++ b/core/shadow/shadow-strncpy-usage.patch @@ -1,27 +1,25 @@ -diff -ur shadow-4.1.4.3.orig/src/login.c shadow-4.1.4.3/src/login.c ---- shadow-4.1.4.3.orig/src/login.c 2011-03-05 22:17:10.032524948 -0800 -+++ shadow-4.1.4.3/src/login.c 2011-03-05 22:17:59.154342059 -0800 -@@ -748,8 +748,9 @@ - sizeof (loginprompt), +diff -u shadow-4.1.5/src/usermod.c.orig shadow-4.1.5/src/usermod.c +--- shadow-4.1.5/src/usermod.c.orig 2012-02-13 08:19:43.792146449 -0500 ++++ shadow-4.1.5/src/usermod.c 2012-02-13 08:21:19.375114500 -0500 +@@ -182,7 +182,7 @@ + struct tm *tp; + + if (date < 0) { +- strncpy (buf, "never", maxsize); ++ strncpy (buf, "never", maxsize - 1); + } else { + time_t t = (time_t) date; + tp = gmtime (&t); +diff -u shadow-4.1.5/src/login.c.orig shadow-4.1.5/src/login.c +--- shadow-4.1.5/src/login.c.orig 2012-02-13 08:19:50.951994454 -0500 ++++ shadow-4.1.5/src/login.c 2012-02-13 08:21:04.490430937 -0500 +@@ -752,7 +752,8 @@ _("%s login: "), hostn); } else { -+ loginprompt[sizeof (loginprompt) - 1] = '\0'; strncpy (loginprompt, _("login: "), - sizeof (loginprompt)); + sizeof (loginprompt) - 1); ++ loginprompt[sizeof (loginprompt) - 1] = '\0'; } retcode = pam_set_item (pamh, PAM_USER_PROMPT, loginprompt); -diff -ur shadow-4.1.4.3.orig/src/usermod.c shadow-4.1.4.3/src/usermod.c ---- shadow-4.1.4.3.orig/src/usermod.c 2011-03-05 22:17:10.029191265 -0800 -+++ shadow-4.1.4.3/src/usermod.c 2011-03-05 22:18:42.665576968 -0800 -@@ -182,7 +182,8 @@ - struct tm *tp; - - if ((negativ != NULL) && (date < 0)) { -- strncpy (buf, negativ, maxsize); -+ buf[maxsize - 1] = '\0'; -+ strncpy (buf, negativ, maxsize - 1); - } else { - time_t t = (time_t) date; - tp = gmtime (&t); diff --git a/core/shadow/shadow.install b/core/shadow/shadow.install index e990bfe39..14384c333 100644 --- a/core/shadow/shadow.install +++ b/core/shadow/shadow.install @@ -2,7 +2,7 @@ post_upgrade() { grpck -r >/dev/null 2>&1 if [ $? -eq 2 ]; then printf '%s\n' \ - "==> Warning: /etc/group or /etc/gshadow are inconsistant." \ + "==> Warning: /etc/group or /etc/gshadow are inconsistent." \ " Run 'grpck' to correct this." fi return 0 diff --git a/core/shadow/shadow_CVE-2011-0721.patch b/core/shadow/shadow_CVE-2011-0721.patch deleted file mode 100644 index eb9ad80a2..000000000 --- a/core/shadow/shadow_CVE-2011-0721.patch +++ /dev/null @@ -1,57 +0,0 @@ -Goal: Input sanitization for chfn and chsh - -Fixes: CVE-2011-0721 - -Status wrt upstream: Already applied upstream (4.1.4.3) - ---- a/src/chfn.c -+++ b/src/chfn.c -@@ -551,14 +551,14 @@ - static void check_fields (void) - { - int err; -- err = valid_field (fullnm, ":,="); -+ err = valid_field (fullnm, ":,=\n"); - if (err > 0) { - fprintf (stderr, _("%s: name with non-ASCII characters: '%s'\n"), Prog, fullnm); - } else if (err < 0) { - fprintf (stderr, _("%s: invalid name: '%s'\n"), Prog, fullnm); - fail_exit (E_NOPERM); - } -- err = valid_field (roomno, ":,="); -+ err = valid_field (roomno, ":,=\n"); - if (err > 0) { - fprintf (stderr, _("%s: room number with non-ASCII characters: '%s'\n"), Prog, roomno); - } else if (err < 0) { -@@ -566,17 +566,17 @@ - Prog, roomno); - fail_exit (E_NOPERM); - } -- if (valid_field (workph, ":,=") != 0) { -+ if (valid_field (workph, ":,=\n") != 0) { - fprintf (stderr, _("%s: invalid work phone: '%s'\n"), - Prog, workph); - fail_exit (E_NOPERM); - } -- if (valid_field (homeph, ":,=") != 0) { -+ if (valid_field (homeph, ":,=\n") != 0) { - fprintf (stderr, _("%s: invalid home phone: '%s'\n"), - Prog, homeph); - fail_exit (E_NOPERM); - } -- err = valid_field (slop, ":"); -+ err = valid_field (slop, ":\n"); - if (err > 0) { - fprintf (stderr, _("%s: '%s' contains non-ASCII characters\n"), Prog, slop); - } else if (err < 0) { ---- a/src/chsh. -+++ b/src/chsh.c -@@ -528,7 +528,7 @@ - * users are restricted to using the shells in /etc/shells. - * The shell must be executable by the user. - */ -- if (valid_field (loginsh, ":,=") != 0) { -+ if (valid_field (loginsh, ":,=\n") != 0) { - fprintf (stderr, _("%s: Invalid entry: %s\n"), Prog, loginsh); - fail_exit (1); - } |