summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--debian/changelog8
-rw-r--r--debian/patches/Relax-usernames-groupnames-checking.patch125
-rw-r--r--debian/patches/series1
-rw-r--r--debian/watch1
4 files changed, 135 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index 9438205..7343c98 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+shadow (1:4.15.2-3) unstable; urgency=medium
+
+ * d/watch: add versionmangle for -rc
+ * Revert "Use upstream's restrictions on user- and group names again".
+ Breaks adduser's tests, see #1074306.
+
+ -- Chris Hofstaedtler <zeha@debian.org> Wed, 26 Jun 2024 12:40:34 +0200
+
shadow (1:4.15.2-2~progress7.99u1) graograman-backports; urgency=medium
* Uploading to graograman-backports, remaining changes:
diff --git a/debian/patches/Relax-usernames-groupnames-checking.patch b/debian/patches/Relax-usernames-groupnames-checking.patch
new file mode 100644
index 0000000..8e00d43
--- /dev/null
+++ b/debian/patches/Relax-usernames-groupnames-checking.patch
@@ -0,0 +1,125 @@
+From: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
+Date: Sat, 22 Jun 2024 17:39:41 +0200
+Subject: Relax usernames/groupnames checking
+
+Allows any non-empty user/grounames that don't contain ':', ',' or '\n'
+characters and don't start with '-', '+', or '~'. This patch is more
+restrictive than original Karl's version. closes: #264879
+Also closes: #377844
+
+Comments from Karl Ramm (shadow 1:4.0.3-9, 20 Aug 2003 02:06:50 -0400):
+
+I can't come up with a good justification as to why characters other
+than ':'s and '\0's should be disallowed in group and usernames (other
+than '-' as the leading character). Thus, the maintenance tools don't
+anymore. closes: #79682, #166798, #171179
+
+Status wrt upstream: Debian specific. Not to be used upstream
+
+Gbp-Topic: debian
+---
+ lib/chkname.c | 47 +++++++++++++++--------------------------------
+ man/groupadd.8.xml | 6 ++++++
+ man/useradd.8.xml | 8 ++++++++
+ 3 files changed, 29 insertions(+), 32 deletions(-)
+
+diff --git a/lib/chkname.c b/lib/chkname.c
+index 995562f..d9678c6 100644
+--- a/lib/chkname.c
++++ b/lib/chkname.c
+@@ -54,44 +54,27 @@ static bool is_valid_name (const char *name)
+ }
+
+ /*
+- * User/group names must match BRE regex:
+- * [a-zA-Z0-9_.][a-zA-Z0-9_.-]*$\?
+- *
+- * as a non-POSIX, extension, allow "$" as the last char for
+- * sake of Samba 3.x "add machine script"
+- *
+- * Also do not allow fully numeric names or just "." or "..".
+- */
+- int numeric;
+-
+- if ('\0' == *name ||
+- ('.' == *name && (('.' == name[1] && '\0' == name[2]) ||
+- '\0' == name[1])) ||
+- !((*name >= 'a' && *name <= 'z') ||
+- (*name >= 'A' && *name <= 'Z') ||
+- (*name >= '0' && *name <= '9') ||
+- *name == '_' ||
+- *name == '.')) {
++ * POSIX indicate that usernames are composed of characters from the
++ * portable filename character set [A-Za-z0-9._-], and that the hyphen
++ * should not be used as the first character of a portable user name.
++ *
++ * Allow more relaxed user/group names in Debian -- ^[^-~+:,\s][^:,\s]*$
++ */
++ if ( ('\0' == *name)
++ || ('-' == *name)
++ || ('~' == *name)
++ || ('+' == *name)) {
+ return false;
+ }
+
+- numeric = isdigit(*name);
+-
+- while ('\0' != *++name) {
+- if (!((*name >= 'a' && *name <= 'z') ||
+- (*name >= 'A' && *name <= 'Z') ||
+- (*name >= '0' && *name <= '9') ||
+- *name == '_' ||
+- *name == '.' ||
+- *name == '-' ||
+- (*name == '$' && name[1] == '\0')
+- )) {
++ do {
++ if ((':' == *name) || (',' == *name) || isspace(*name)) {
+ return false;
+ }
+- numeric &= isdigit(*name);
+- }
++ name++;
++ } while ('\0' != *name);
+
+- return !numeric;
++ return true;
+ }
+
+
+diff --git a/man/groupadd.8.xml b/man/groupadd.8.xml
+index 61a548f..d472bd0 100644
+--- a/man/groupadd.8.xml
++++ b/man/groupadd.8.xml
+@@ -71,6 +71,12 @@
+ Fully numeric groupnames and groupnames . or .. are
+ also disallowed.
+ </para>
++ <para>
++ On Debian, the only constraints are that groupnames must neither start
++ with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a
++ colon (':'), a comma (','), or a whitespace (space:' ',
++ end of line: '\n', tabulation: '\t', etc.).
++ </para>
+ <para>
+ Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long.
+ </para>
+diff --git a/man/useradd.8.xml b/man/useradd.8.xml
+index 17987a6..c98b214 100644
+--- a/man/useradd.8.xml
++++ b/man/useradd.8.xml
+@@ -735,6 +735,14 @@
+ <para>
+ Usernames may only be up to 256 characters long.
+ </para>
++ <para>
++ On Debian, the only constraints are that usernames must neither start
++ with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a
++ colon (':'), a comma (','), or a whitespace (space: ' ',
++ end of line: '\n', tabulation: '\t', etc.). Note that using a slash
++ ('/') may break the default algorithm for the definition of the
++ user's home directory.
++ </para>
+ </refsect1>
+
+ <refsect1 id='configuration'>
diff --git a/debian/patches/series b/debian/patches/series
index d49a36d..1c65c20 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -5,4 +5,5 @@ Set-group-and-mode-for-g-shadow-files.patch
Keep-using-Debian-adduser-defaults.patch
Document-the-shadowconfig-utility.patch
Recommend-using-adduser-and-deluser.patch
+Relax-usernames-groupnames-checking.patch
progress-linux/0001-login-prompt.patch
diff --git a/debian/watch b/debian/watch
index e71adb7..f34a05d 100644
--- a/debian/watch
+++ b/debian/watch
@@ -1,6 +1,7 @@
version=4
opts=downloadurlmangle=s/archive\/refs\/tags\/(.*)\.tar\.gz/releases\/download\/$1\/@PACKAGE@-$1\.tar\.xz/,\
pgpsigurlmangle=s/$/.asc/,\
+ versionmangle=s/-(alpha|beta|rc)/~$1/,\
dversionmangle=s/\+dfsg1//,repacksuffix=+dfsg1 \
https://github.com/shadow-maint/@PACKAGE@/tags \
/shadow-maint/@PACKAGE@/archive/refs/tags/([^v].*)\.tar\.gz