diff options
Diffstat (limited to 'core/shadow')
-rw-r--r-- | core/shadow/PKGBUILD | 80 | ||||
-rw-r--r-- | core/shadow/nscd-error-reporting.patch | 17 | ||||
-rw-r--r-- | core/shadow/shadow-strncpy-usage.patch | 36 | ||||
-rw-r--r-- | core/shadow/shadow.install | 2 |
4 files changed, 81 insertions, 54 deletions
diff --git a/core/shadow/PKGBUILD b/core/shadow/PKGBUILD index 000ffcbc1..ed42c0916 100644 --- a/core/shadow/PKGBUILD +++ b/core/shadow/PKGBUILD @@ -1,10 +1,10 @@ -# $Id: PKGBUILD 144463 2011-12-06 10:57:36Z dreisner $ +# $Id: PKGBUILD 150333 2012-02-16 23:20:09Z dreisner $ # Maintainer: Dave Reisner <dreisner@archlinux.org> # Maintainer: Aaron Griffin <aaron@archlinux.org> pkgname=shadow -pkgver=4.1.4.3 -pkgrel=5 +pkgver=4.1.5 +pkgrel=3 pkgdesc="Password and account management tool suite with support for shadow files and PAM" arch=('i686' 'x86_64') url='http://pkg-shadow.alioth.debian.org/' @@ -17,15 +17,26 @@ backup=(etc/login.defs etc/pam.d/{chfn,chgpasswd,groupmems,chsh} etc/default/useradd) options=('!libtool') -install=shadow.install -#http://pkg-shadow.alioth.debian.org/releases/shadow-$pkgver.tar.bz2 -# shadow 4.1.4.3 is just shadow 4.1.4.2 with shadow_CVE-2011-0721.patch applied -source=(ftp://ftp.archlinux.org/other/shadow/shadow_4.1.4.2+svn3283.orig.tar.gz - adduser chgpasswd chpasswd defaults.pam login login.defs newusers - passwd shadow.cron.daily useradd.defaults LICENSE - xstrdup.patch shadow_CVE-2011-0721.patch shadow-strncpy-usage.patch +install='shadow.install' +source=("http://pkg-shadow.alioth.debian.org/releases/$pkgname-$pkgver.tar.bz2"{,.sig} + LICENSE + adduser + chgpasswd + chpasswd + defaults.pam + login + login.defs + newusers + passwd + shadow.cron.daily + useradd.defaults + nscd-error-reporting.patch + xstrdup.patch + shadow-strncpy-usage.patch shadow-add-missing-include.patch) -sha1sums=('8b704b8f07718e329205f23d457c3121c0f3679e' +sha1sums=('3ab1ae0e30af36d04445314fcb5a079bdf05de41' + '0a31aafceb948a91fe7370a6378cafd6fd883145' + '33a6cf1e44a1410e5c9726c89e5de68b78f5f922' '78ec184a499f9708adcfcf0b7a3b22a60bf39f91' '4ad0e059406a305c8640ed30d93c2a1f62c2f4ad' '12427b1ca92a9b85ca8202239f0d9f50198b818f' @@ -36,39 +47,42 @@ sha1sums=('8b704b8f07718e329205f23d457c3121c0f3679e' '611be25d91c3f8f307c7fe2485d5f781e5dee75f' '5d83ba7e11c765c951867cbe00b0ae7ff57148fa' '9ae93de5987dd0ae428f0cc1a5a5a5cd53583f19' - '33a6cf1e44a1410e5c9726c89e5de68b78f5f922' + 'ae6eebb842c433ac4022c493294a13ed68e06acc' '6010fffeed1fc6673ad9875492e1193b1a847b53' - '6bfe6528391eb38d338beacedd620407877b637d' - '9db9e62ad173f31e1039121c0124cf60826ffd7e' + '21e12966a6befb25ec123b403cd9b5c492fe5b16' '0697a21f7519de30821da7772677035652df4ad2') build() { - cd "$srcdir/$pkgname-4.1.4.2+svn3283" + cd "$pkgname-$pkgver" + + # avoid transitive linking issues with binutils 2.22 + sed -i '/^user\(mod\|add\)_LDADD/s|$| -lattr|' src/Makefile.am - #Ugh, force this to build shared libraries, for god's sake - sed -i "s/noinst_LTLIBRARIES/lib_LTLIBRARIES/g" lib/Makefile.am - libtoolize - autoreconf - export LDFLAGS="$LDFLAGS -lcrypt" + # link to glibc's crypt(3) + LDFLAGS+=" -lcrypt" - patch -p1 -i "$srcdir/xstrdup.patch" - patch -p1 -i "$srcdir/shadow_CVE-2011-0721.patch" - patch -p1 -i "$srcdir/shadow-strncpy-usage.patch" - patch -p1 -i "$srcdir/shadow-add-missing-include.patch" + patch -Np1 <"$srcdir/xstrdup.patch" + patch -Np1 <"$srcdir/shadow-strncpy-usage.patch" + patch -Np1 <"$srcdir/shadow-add-missing-include.patch" + patch -Np1 <"$srcdir/nscd-error-reporting.patch" # supress etc/pam.d/*, we provide our own sed -i '/^SUBDIRS/s/pam.d//' etc/Makefile.in ./configure \ - --prefix=/usr --libdir=/lib \ - --mandir=/usr/share/man --sysconfdir=/etc \ - --enable-shared --disable-static \ - --with-libpam --without-selinux + --prefix=/usr \ + --libdir=/lib \ + --mandir=/usr/share/man \ + --sysconfdir=/etc \ + --with-libpam \ + --without-selinux + make } package() { - cd "$srcdir/$pkgname-4.1.4.2+svn3283" + cd "$pkgname-$pkgver" + make DESTDIR="$pkgdir" install # license @@ -87,11 +101,9 @@ package() { install -Dm644 "$srcdir/login.defs" "$pkgdir/etc/login.defs" # PAM config - custom - install -Dm644 "$srcdir/login" "$pkgdir/etc/pam.d/login" - install -Dm644 "$srcdir/passwd" "$pkgdir/etc/pam.d/passwd" - install -Dm644 "$srcdir/chgpasswd" "$pkgdir/etc/pam.d/chgpasswd" - install -Dm644 "$srcdir/chpasswd" "$pkgdir/etc/pam.d/chpasswd" - install -Dm644 "$srcdir/newusers" "$pkgdir/etc/pam.d/newusers" + install -dm755 "$pkgdir/etc/pam.d" + install -t "$pkgdir/etc/pam.d" -m644 "$srcdir"/{login,passwd,chgpasswd,chpasswd,newusers} + # PAM config - from tarball install -Dm644 etc/pam.d/groupmems "$pkgdir/etc/pam.d/groupmems" diff --git a/core/shadow/nscd-error-reporting.patch b/core/shadow/nscd-error-reporting.patch new file mode 100644 index 000000000..a4075756e --- /dev/null +++ b/core/shadow/nscd-error-reporting.patch @@ -0,0 +1,17 @@ +diff --git a/upstream/trunk/lib/nscd.c b/upstream/trunk/lib/nscd.c +index 227c205..7adb58f 100644 +--- a/lib/nscd.c ++++ b/lib/nscd.c +@@ -39,8 +39,11 @@ int nscd_flush_cache (const char *service) + /* nscd is not installed, or it is installed but uses an + interpreter that is missing. Probably the former. */ + return 0; ++ } else if (code == 1) { ++ /* nscd is installed, but it isn't active. */ ++ return 0; + } else if (code != 0) { +- (void) fprintf (stderr, _("%s: nscd exited with status %d"), ++ (void) fprintf (stderr, _("%s: nscd exited with status %d\n"), + Prog, code); + (void) fprintf (stderr, _(MSG_NSCD_FLUSH_CACHE_FAILED), Prog); + return -1; diff --git a/core/shadow/shadow-strncpy-usage.patch b/core/shadow/shadow-strncpy-usage.patch index 46df74ace..5aba8fa01 100644 --- a/core/shadow/shadow-strncpy-usage.patch +++ b/core/shadow/shadow-strncpy-usage.patch @@ -1,27 +1,25 @@ -diff -ur shadow-4.1.4.3.orig/src/login.c shadow-4.1.4.3/src/login.c ---- shadow-4.1.4.3.orig/src/login.c 2011-03-05 22:17:10.032524948 -0800 -+++ shadow-4.1.4.3/src/login.c 2011-03-05 22:17:59.154342059 -0800 -@@ -748,8 +748,9 @@ - sizeof (loginprompt), +diff -u shadow-4.1.5/src/usermod.c.orig shadow-4.1.5/src/usermod.c +--- shadow-4.1.5/src/usermod.c.orig 2012-02-13 08:19:43.792146449 -0500 ++++ shadow-4.1.5/src/usermod.c 2012-02-13 08:21:19.375114500 -0500 +@@ -182,7 +182,7 @@ + struct tm *tp; + + if (date < 0) { +- strncpy (buf, "never", maxsize); ++ strncpy (buf, "never", maxsize - 1); + } else { + time_t t = (time_t) date; + tp = gmtime (&t); +diff -u shadow-4.1.5/src/login.c.orig shadow-4.1.5/src/login.c +--- shadow-4.1.5/src/login.c.orig 2012-02-13 08:19:50.951994454 -0500 ++++ shadow-4.1.5/src/login.c 2012-02-13 08:21:04.490430937 -0500 +@@ -752,7 +752,8 @@ _("%s login: "), hostn); } else { -+ loginprompt[sizeof (loginprompt) - 1] = '\0'; strncpy (loginprompt, _("login: "), - sizeof (loginprompt)); + sizeof (loginprompt) - 1); ++ loginprompt[sizeof (loginprompt) - 1] = '\0'; } retcode = pam_set_item (pamh, PAM_USER_PROMPT, loginprompt); -diff -ur shadow-4.1.4.3.orig/src/usermod.c shadow-4.1.4.3/src/usermod.c ---- shadow-4.1.4.3.orig/src/usermod.c 2011-03-05 22:17:10.029191265 -0800 -+++ shadow-4.1.4.3/src/usermod.c 2011-03-05 22:18:42.665576968 -0800 -@@ -182,7 +182,8 @@ - struct tm *tp; - - if ((negativ != NULL) && (date < 0)) { -- strncpy (buf, negativ, maxsize); -+ buf[maxsize - 1] = '\0'; -+ strncpy (buf, negativ, maxsize - 1); - } else { - time_t t = (time_t) date; - tp = gmtime (&t); diff --git a/core/shadow/shadow.install b/core/shadow/shadow.install index e990bfe39..14384c333 100644 --- a/core/shadow/shadow.install +++ b/core/shadow/shadow.install @@ -2,7 +2,7 @@ post_upgrade() { grpck -r >/dev/null 2>&1 if [ $? -eq 2 ]; then printf '%s\n' \ - "==> Warning: /etc/group or /etc/gshadow are inconsistant." \ + "==> Warning: /etc/group or /etc/gshadow are inconsistent." \ " Run 'grpck' to correct this." fi return 0 |