diff options
Diffstat (limited to 'debian/patches')
18 files changed, 383 insertions, 842 deletions
diff --git a/debian/patches/0001-gpasswd-1-Fix-password-leak.patch b/debian/patches/0001-gpasswd-1-Fix-password-leak.patch deleted file mode 100644 index 1596b2d..0000000 --- a/debian/patches/0001-gpasswd-1-Fix-password-leak.patch +++ /dev/null @@ -1,137 +0,0 @@ -From 65c88a43a23c2391dcc90c0abda3e839e9c57904 Mon Sep 17 00:00:00 2001 -From: Alejandro Colomar <alx@kernel.org> -Date: Sat, 10 Jun 2023 16:20:05 +0200 -Subject: [PATCH] gpasswd(1): Fix password leak - -How to trigger this password leak? -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -When gpasswd(1) asks for the new password, it asks twice (as is usual -for confirming the new password). Each of those 2 password prompts -uses agetpass() to get the password. If the second agetpass() fails, -the first password, which has been copied into the 'static' buffer -'pass' via STRFCPY(), wasn't being zeroed. - -agetpass() is defined in <./libmisc/agetpass.c> (around line 91), and -can fail for any of the following reasons: - -- malloc(3) or readpassphrase(3) failure. - - These are going to be difficult to trigger. Maybe getting the system - to the limits of memory utilization at that exact point, so that the - next malloc(3) gets ENOMEM, and possibly even the OOM is triggered. - About readpassphrase(3), ENFILE and EINTR seem the only plausible - ones, and EINTR probably requires privilege or being the same user; - but I wouldn't discard ENFILE so easily, if a process starts opening - files. - -- The password is longer than PASS_MAX. - - The is plausible with physical access. However, at that point, a - keylogger will be a much simpler attack. - -And, the attacker must be able to know when the second password is being -introduced, which is not going to be easy. - -How to read the password after the leak? -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Provoking the leak yourself at the right point by entering a very long -password is easy, and inspecting the process stack at that point should -be doable. Try to find some consistent patterns. - -Then, search for those patterns in free memory, right after the victim -leaks their password. - -Once you get the leak, a program should read all the free memory -searching for patterns that gpasswd(1) leaves nearby the leaked -password. - -On 6/10/23 03:14, Seth Arnold wrote: -> An attacker process wouldn't be able to use malloc(3) for this task. -> There's a handful of tools available for userspace to allocate memory: -> -> - brk / sbrk -> - mmap MAP_ANONYMOUS -> - mmap /dev/zero -> - mmap some other file -> - shm_open -> - shmget -> -> Most of these return only pages of zeros to a process. Using mmap of an -> existing file, you can get some of the contents of the file demand-loaded -> into the memory space on the first use. -> -> The MAP_UNINITIALIZED flag only works if the kernel was compiled with -> CONFIG_MMAP_ALLOW_UNINITIALIZED. This is rare. -> -> malloc(3) doesn't zero memory, to our collective frustration, but all the -> garbage in the allocations is from previous allocations in the current -> process. It isn't leftover from other processes. -> -> The avenues available for reading the memory: -> - /dev/mem and /dev/kmem (requires root, not available with Secure Boot) -> - /proc/pid/mem (requires ptrace privileges, mediated by YAMA) -> - ptrace (requires ptrace privileges, mediated by YAMA) -> - causing memory to be swapped to disk, and then inspecting the swap -> -> These all require a certain amount of privileges. - -How to fix it? -~~~~~~~~~~~~~~ - -memzero(), which internally calls explicit_bzero(3), or whatever -alternative the system provides with a slightly different name, will -make sure that the buffer is zeroed in memory, and optimizations are not -allowed to impede this zeroing. - -This is not really 100% effective, since compilers may place copies of -the string somewhere hidden in the stack. Those copies won't get zeroed -by explicit_bzero(3). However, that's arguably a compiler bug, since -compilers should make everything possible to avoid optimizing strings -that are later passed to explicit_bzero(3). But we all know that -sometimes it's impossible to have perfect knowledge in the compiler, so -this is plausible. Nevertheless, there's nothing we can do against such -issues, except minimizing the time such passwords are stored in plain -text. - -Security concerns -~~~~~~~~~~~~~~~~~ - -We believe this isn't easy to exploit. Nevertheless, and since the fix -is trivial, this fix should probably be applied soon, and backported to -all supported distributions, to prevent someone else having more -imagination than us to find a way. - -Affected versions -~~~~~~~~~~~~~~~~~ - -All. Bug introduced in shadow 19990709. That's the second commit in -the git history. - -Fixes: 45c6603cc86c ("[svn-upgrade] Integrating new upstream version, shadow (19990709)") -Reported-by: Alejandro Colomar <alx@kernel.org> -Cc: Serge Hallyn <serge@hallyn.com> -Cc: Iker Pedrosa <ipedrosa@redhat.com> -Cc: Seth Arnold <seth.arnold@canonical.com> -Cc: Christian Brauner <christian@brauner.io> -Cc: Balint Reczey <rbalint@debian.org> -Cc: Sam James <sam@gentoo.org> -Cc: David Runge <dvzrv@archlinux.org> -Cc: Andreas Jaeger <aj@suse.de> -Cc: <~hallyn/shadow@lists.sr.ht> -Signed-off-by: Alejandro Colomar <alx@kernel.org> ---- - src/gpasswd.c | 1 + - 1 file changed, 1 insertion(+) - ---- a/src/gpasswd.c -+++ b/src/gpasswd.c -@@ -896,6 +896,7 @@ - strzero (cp); - cp = getpass (_("Re-enter new password: ")); - if (NULL == cp) { -+ memzero (pass, sizeof pass); - exit (1); - } - diff --git a/debian/patches/0002-Added-control-character-check.patch b/debian/patches/0002-Added-control-character-check.patch deleted file mode 100644 index 29adce1..0000000 --- a/debian/patches/0002-Added-control-character-check.patch +++ /dev/null @@ -1,45 +0,0 @@ -From e5905c4b84d4fb90aefcd96ee618411ebfac663d Mon Sep 17 00:00:00 2001 -From: tomspiderlabs <128755403+tomspiderlabs@users.noreply.github.com> -Date: Thu, 23 Mar 2023 23:39:38 +0000 -Subject: [PATCH] Added control character check - -Added control character check, returning -1 (to "err") if control characters are present. ---- - lib/fields.c | 11 +++++++---- - 1 file changed, 7 insertions(+), 4 deletions(-) - -diff --git a/lib/fields.c b/lib/fields.c -index 640be931..fb51b582 100644 ---- a/lib/fields.c -+++ b/lib/fields.c -@@ -21,9 +21,9 @@ - * - * The supplied field is scanned for non-printable and other illegal - * characters. -- * + -1 is returned if an illegal character is present. -- * + 1 is returned if no illegal characters are present, but the field -- * contains a non-printable character. -+ * + -1 is returned if an illegal or control character is present. -+ * + 1 is returned if no illegal or control characters are present, -+ * but the field contains a non-printable character. - * + 0 is returned otherwise. - */ - int valid_field (const char *field, const char *illegal) -@@ -45,10 +45,13 @@ int valid_field (const char *field, const char *illegal) - } - - if (0 == err) { -- /* Search if there are some non-printable characters */ -+ /* Search if there are non-printable or control characters */ - for (cp = field; '\0' != *cp; cp++) { - if (!isprint (*cp)) { - err = 1; -+ } -+ if (!iscntrl (*cp)) { -+ err = -1; - break; - } - } --- -2.34.1 - diff --git a/debian/patches/0003-Overhaul-valid_field.patch b/debian/patches/0003-Overhaul-valid_field.patch deleted file mode 100644 index b7a8428..0000000 --- a/debian/patches/0003-Overhaul-valid_field.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 2eaea70111f65b16d55998386e4ceb4273c19eb4 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com> -Date: Fri, 31 Mar 2023 14:46:50 +0200 -Subject: [PATCH] Overhaul valid_field() - -e5905c4b ("Added control character check") introduced checking for -control characters but had the logic inverted, so it rejects all -characters that are not control ones. - -Cast the character to `unsigned char` before passing to the character -checking functions to avoid UB. - -Use strpbrk(3) for the illegal character test and return early. ---- - lib/fields.c | 24 ++++++++++-------------- - 1 file changed, 10 insertions(+), 14 deletions(-) - -diff --git a/lib/fields.c b/lib/fields.c -index fb51b582..53929248 100644 ---- a/lib/fields.c -+++ b/lib/fields.c -@@ -37,26 +37,22 @@ int valid_field (const char *field, const char *illegal) - - /* For each character of field, search if it appears in the list - * of illegal characters. */ -+ if (illegal && NULL != strpbrk (field, illegal)) { -+ return -1; -+ } -+ -+ /* Search if there are non-printable or control characters */ - for (cp = field; '\0' != *cp; cp++) { -- if (strchr (illegal, *cp) != NULL) { -+ unsigned char c = *cp; -+ if (!isprint (c)) { -+ err = 1; -+ } -+ if (iscntrl (c)) { - err = -1; - break; - } - } - -- if (0 == err) { -- /* Search if there are non-printable or control characters */ -- for (cp = field; '\0' != *cp; cp++) { -- if (!isprint (*cp)) { -- err = 1; -- } -- if (!iscntrl (*cp)) { -- err = -1; -- break; -- } -- } -- } -- - return err; - } - --- -2.34.1 - diff --git a/debian/patches/008_login_log_failure_in_FTMP b/debian/patches/008_login_log_failure_in_FTMP deleted file mode 100644 index 0946ca0..0000000 --- a/debian/patches/008_login_log_failure_in_FTMP +++ /dev/null @@ -1,51 +0,0 @@ -Goal: Log login failures to the btmp file - -Notes: - * I'm not sure login should add an entry in the FTMP file when PAM is used. - (but nothing in /etc/login.defs indicates that the failure is not logged) - ---- a/src/login.c -+++ b/src/login.c -@@ -827,6 +827,24 @@ - (void) puts (""); - (void) puts (_("Login incorrect")); - -+ if (getdef_str("FTMP_FILE") != NULL) { -+#ifdef USE_UTMPX -+ struct utmpx *failent = -+ prepare_utmpx (failent_user, -+ tty, -+ /* FIXME: or fromhost? */hostname, -+ utent); -+#else /* !USE_UTMPX */ -+ struct utmp *failent = -+ prepare_utmp (failent_user, -+ tty, -+ hostname, -+ utent); -+#endif /* !USE_UTMPX */ -+ failtmp (failent_user, failent); -+ free (failent); -+ } -+ - if (failcount >= retries) { - SYSLOG ((LOG_NOTICE, - "TOO MANY LOGIN TRIES (%u)%s FOR '%s'", ---- a/lib/getdef.c -+++ b/lib/getdef.c -@@ -38,7 +38,6 @@ - {"ENVIRON_FILE", NULL}, \ - {"ENV_TZ", NULL}, \ - {"FAILLOG_ENAB", NULL}, \ -- {"FTMP_FILE", NULL}, \ - {"HMAC_CRYPTO_ALGO", NULL}, \ - {"ISSUE_FILE", NULL}, \ - {"LASTLOG_ENAB", NULL}, \ -@@ -80,6 +79,7 @@ - {"ERASECHAR", NULL}, - {"FAIL_DELAY", NULL}, - {"FAKE_SHELL", NULL}, -+ {"FTMP_FILE", NULL}, - {"GID_MAX", NULL}, - {"GID_MIN", NULL}, - {"HOME_MODE", NULL}, diff --git a/debian/patches/429_login_FAILLOG_ENAB b/debian/patches/429_login_FAILLOG_ENAB deleted file mode 100644 index d8e6034..0000000 --- a/debian/patches/429_login_FAILLOG_ENAB +++ /dev/null @@ -1,84 +0,0 @@ -Goal: Re-enable logging and displaying failures on login when login is - compiled with PAM and when FAILLOG_ENAB is set to yes. And create the - faillog file if it does not exist on postinst (as on Woody). -Depends: 008_login_more_LOG_UNKFAIL_ENAB -Fixes: #192849 - -Note: It could be removed if pam_tally could report the number of failures - preceding a successful login. - ---- a/src/login.c -+++ b/src/login.c -@@ -114,9 +114,9 @@ - #endif - ); - --#ifndef USE_PAM - static struct faillog faillog; - -+#ifndef USE_PAM - static void bad_time_notify (void); - static void check_nologin (bool login_to_root); - #else -@@ -787,6 +787,9 @@ - SYSLOG ((LOG_NOTICE, - "TOO MANY LOGIN TRIES (%u)%s FOR '%s'", - failcount, fromhost, failent_user)); -+ if ((NULL != pwd) && getdef_bool("FAILLOG_ENAB")) { -+ failure (pwd->pw_uid, tty, &faillog); -+ } - fprintf (stderr, - _("Maximum number of tries exceeded (%u)\n"), - failcount); -@@ -804,6 +807,14 @@ - pam_strerror (pamh, retcode))); - failed = true; - } -+ if ( (NULL != pwd) -+ && getdef_bool("FAILLOG_ENAB") -+ && ! failcheck (pwd->pw_uid, &faillog, failed)) { -+ SYSLOG((LOG_CRIT, -+ "exceeded failure limit for `%s' %s", -+ failent_user, fromhost)); -+ failed = 1; -+ } - - if (!failed) { - break; -@@ -827,6 +838,10 @@ - (void) puts (""); - (void) puts (_("Login incorrect")); - -+ if ((NULL != pwd) && getdef_bool("FAILLOG_ENAB")) { -+ failure (pwd->pw_uid, tty, &faillog); -+ } -+ - if (getdef_str("FTMP_FILE") != NULL) { - #ifdef USE_UTMPX - struct utmpx *failent = -@@ -1295,6 +1310,7 @@ - */ - #ifndef USE_PAM - motd (); /* print the message of the day */ -+#endif - if ( getdef_bool ("FAILLOG_ENAB") - && (0 != faillog.fail_cnt)) { - failprint (&faillog); -@@ -1307,6 +1323,7 @@ - username, (int) faillog.fail_cnt)); - } - } -+#ifndef USE_PAM - if ( getdef_bool ("LASTLOG_ENAB") - && pwd->pw_uid <= (uid_t) getdef_ulong ("LASTLOG_UID_MAX", 0xFFFFFFFFUL) - && (ll.ll_time != 0)) { ---- a/lib/getdef.c -+++ b/lib/getdef.c -@@ -78,6 +78,7 @@ - {"ENV_SUPATH", NULL}, - {"ERASECHAR", NULL}, - {"FAIL_DELAY", NULL}, -+ {"FAILLOG_ENAB", NULL}, - {"FAKE_SHELL", NULL}, - {"FTMP_FILE", NULL}, - {"GID_MAX", NULL}, diff --git a/debian/patches/900_testsuite_groupmems b/debian/patches/900_testsuite_groupmems deleted file mode 100644 index 6bdc497..0000000 --- a/debian/patches/900_testsuite_groupmems +++ /dev/null @@ -1,81 +0,0 @@ ---- a/debian/passwd.install -+++ b/debian/passwd.install -@@ -9,6 +9,7 @@ - usr/sbin/cppw - usr/sbin/groupadd - usr/sbin/groupdel -+usr/sbin/groupmems - usr/sbin/groupmod - usr/sbin/grpck - usr/sbin/grpconv -@@ -33,6 +34,7 @@ - usr/share/man/*/man8/chpasswd.8 - usr/share/man/*/man8/groupadd.8 - usr/share/man/*/man8/groupdel.8 -+usr/share/man/*/man8/groupmems.8 - usr/share/man/*/man8/groupmod.8 - usr/share/man/*/man8/grpck.8 - usr/share/man/*/man8/grpconv.8 -@@ -59,6 +61,7 @@ - usr/share/man/man8/chpasswd.8 - usr/share/man/man8/groupadd.8 - usr/share/man/man8/groupdel.8 -+usr/share/man/man8/groupmems.8 - usr/share/man/man8/groupmod.8 - usr/share/man/man8/grpck.8 - usr/share/man/man8/grpconv.8 ---- a/debian/passwd.postinst -+++ b/debian/passwd.postinst -@@ -31,6 +31,24 @@ - exit 1 - ) - fi -+ if ! getent group groupmems | grep -q '^groupmems:[^:]*:99' -+ then -+ groupadd -g 99 groupmems || ( -+ cat <<EOF -+************************ TESTSUITE ***************************** -+Group ID 99 has been allocated for the groupmems group. You have either -+used 99 yourself or created a groupmems group with a different ID. -+Please correct this problem and reconfigure with ``dpkg --configure passwd''. -+ -+Note that both user and group IDs in the range 0-99 are globally -+allocated by the Debian project and must be the same on every Debian -+system. -+EOF -+ exit 1 -+ ) -+# FIXME -+ chgrp groupmems /usr/sbin/groupmems -+ fi - ;; - esac - ---- a/debian/rules -+++ b/debian/rules -@@ -60,6 +60,7 @@ - dh_installpam -p passwd --name=chsh - dh_installpam -p passwd --name=chpasswd - dh_installpam -p passwd --name=newusers -+ dh_installpam -p passwd --name=groupmems - ifeq ($(DEB_HOST_ARCH_OS),hurd) - # login is not built on The Hurd, but some utilities of passwd depends on - # /etc/login.defs. -@@ -87,3 +88,6 @@ - chgrp shadow debian/passwd/usr/bin/expiry - chmod g+s debian/passwd/usr/bin/chage - chmod g+s debian/passwd/usr/bin/expiry -+ chgrp groupmems debian/passwd/usr/sbin/groupmems -+ chmod u+s debian/passwd/usr/sbin/groupmems -+ chmod o-x debian/passwd/usr/sbin/groupmems ---- /dev/null -+++ b/debian/passwd.groupmems.pam -@@ -0,0 +1,8 @@ -+# The PAM configuration file for the Shadow 'groupmod' service -+# -+ -+# This allows root to modify groups without being prompted for a password -+auth sufficient pam_rootok.so -+ -+@include common-auth -+@include common-account diff --git a/debian/patches/901_testsuite_gcov b/debian/patches/901_testsuite_gcov deleted file mode 100644 index 717ccca..0000000 --- a/debian/patches/901_testsuite_gcov +++ /dev/null @@ -1,76 +0,0 @@ ---- a/lib/Makefile.am -+++ b/lib/Makefile.am -@@ -1,6 +1,8 @@ - - AUTOMAKE_OPTIONS = 1.0 foreign - -+CFLAGS += -fprofile-arcs -ftest-coverage -+ - DEFS = - - noinst_LTLIBRARIES = libshadow.la ---- a/libmisc/Makefile.am -+++ b/libmisc/Makefile.am -@@ -1,6 +1,8 @@ - - EXTRA_DIST = .indent.pro xgetXXbyYY.c - -+CFLAGS += -fprofile-arcs -ftest-coverage -+ - INCLUDES = -I$(top_srcdir)/lib - - noinst_LIBRARIES = libmisc.a ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -7,6 +7,8 @@ - suidperms = 4755 - sgidperms = 2755 - -+CFLAGS += -fprofile-arcs -ftest-coverage -+ - INCLUDES = \ - -I${top_srcdir}/lib \ - -I$(top_srcdir)/libmisc ---- a/debian/rules -+++ b/debian/rules -@@ -40,6 +40,12 @@ - endif - export CFLAGS - -+clean:: clean_gcov -+ -+clean_gcov: -+ find . -name "*.gcda" -delete -+ find . -name "*.gcno" -delete -+ - # Add extras to the install process: - binary-install/login:: - dh_installpam -p login ---- a/lib/defines.h -+++ b/lib/defines.h -@@ -174,23 +174,9 @@ - trust the formatted time received from the unix domain (or worse, - UDP) socket. -MM */ - /* Avoid translated PAM error messages: Set LC_ALL to "C". -+ * This is disabled for coverage testing - * --Nekral */ --#define SYSLOG(x) \ -- do { \ -- char *old_locale = setlocale (LC_ALL, NULL); \ -- char *saved_locale = NULL; \ -- if (NULL != old_locale) { \ -- saved_locale = strdup (old_locale); \ -- } \ -- if (NULL != saved_locale) { \ -- (void) setlocale (LC_ALL, "C"); \ -- } \ -- syslog x ; \ -- if (NULL != saved_locale) { \ -- (void) setlocale (LC_ALL, saved_locale); \ -- free (saved_locale); \ -- } \ -- } while (false) -+#define SYSLOG(x) syslog x - #else /* !ENABLE_NLS */ - #define SYSLOG(x) syslog x - #endif /* !ENABLE_NLS */ diff --git a/debian/patches/503_shadowconfig.8 b/debian/patches/Document-the-shadowconfig-utility.patch index 0f0d339..a00afb2 100644 --- a/debian/patches/503_shadowconfig.8 +++ b/debian/patches/Document-the-shadowconfig-utility.patch @@ -1,12 +1,125 @@ -Goal: Document the shadowconfig utility +From: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org> +Date: Sat, 22 Jun 2024 17:39:41 +0200 +Subject: Document the shadowconfig utility Status wrt upstream: The shadowconfig utility is debian specific. - Its man page also (but it used to be distributed) +Its man page also (but it used to be distributed) -Index: git/man/shadowconfig.8 -=================================================================== +Gbp-Topic: debian +--- + man/fr/shadowconfig.8 | 26 +++++++++++++++++++++++++ + man/ja/shadowconfig.8 | 25 ++++++++++++++++++++++++ + man/pl/shadowconfig.8 | 27 ++++++++++++++++++++++++++ + man/shadowconfig.8 | 41 +++++++++++++++++++++++++++++++++++++++ + man/shadowconfig.8.xml | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++ + 5 files changed, 171 insertions(+) + create mode 100644 man/fr/shadowconfig.8 + create mode 100644 man/ja/shadowconfig.8 + create mode 100644 man/pl/shadowconfig.8 + create mode 100644 man/shadowconfig.8 + create mode 100644 man/shadowconfig.8.xml + +diff --git a/man/fr/shadowconfig.8 b/man/fr/shadowconfig.8 +new file mode 100644 +index 0000000..784da70 +--- /dev/null ++++ b/man/fr/shadowconfig.8 +@@ -0,0 +1,26 @@ ++.\" This file was generated with po4a. Translate the source file. ++.\" ++.\"$Id: shadowconfig.8,v 1.4 2001/08/23 23:10:48 kloczek Exp $ ++.TH SHADOWCONFIG 8 "19 avril 1997" "Debian GNU/Linux" ++.SH NOM ++shadowconfig \- active ou désactive les mots de passe cachés ++.SH SYNOPSIS ++\fBshadowconfig\fP \fIon\fP | \fIoff\fP ++.SH DESCRIPTION ++.PP ++\fBshadowconfig on\fP active les mots de passe cachés («\ shadow passwords\ »)\ ; \fBshadowconfig off\fP les désactive. \fBShadowconfig\fP affiche un message ++d'erreur et quitte avec une valeur de retour non nulle s'il rencontre ++quelque chose d'inattendu. Dans ce cas, vous devrez corriger l'erreur avant ++de recommencer. ++ ++Activer les mots de passe cachés lorsqu'ils sont déjà activés, ou les ++désactiver lorsqu'ils ne sont pas actifs est sans effet. ++ ++Lisez \fI/usr/share/doc/passwd/README.Debian\fP pour une brève introduction aux ++mots de passe cachés et à leurs fonctionnalités. ++ ++Notez que désactiver puis réactiver les mots de passe cachés aura pour ++conséquence la perte des informations d'âge sur les mots de passe. ++.SH TRADUCTION ++Nicolas FRANÇOIS, 2004. ++Veuillez signaler toute erreur à <\fIdebian\-l10\-french@lists.debian.org\fR>. +diff --git a/man/ja/shadowconfig.8 b/man/ja/shadowconfig.8 +new file mode 100644 +index 0000000..a75c6f7 +--- /dev/null ++++ b/man/ja/shadowconfig.8 +@@ -0,0 +1,25 @@ ++.\" all right reserved, ++.\" Translated Tue Oct 30 11:59:11 JST 2001 ++.\" by Maki KURODA <mkuroda@aisys-jp.com> ++.\" ++.TH SHADOWCONFIG 8 "19 Apr 1997" "Debian GNU/Linux" ++.SH 名前 ++shadowconfig \- shadow パスワードの設定をオン及びオフに切替える ++.SH 書式 ++.B "shadowconfig" ++.IR on " | " off ++.SH 説明 ++.PP ++.B shadowconfig on ++は shadow パスワードを有効にする。 ++.B shadowconfig off ++は shadow パスワードを無効にする。 ++.B shadowconfig ++は何らかの間違いがあると、エラーメッセージを表示し、 ++ゼロではない返り値を返す。 ++もしそのようなことが起こった場合、エラーを修正し、再度実行しなければならない。 ++shadow パスワードの設定がすでにオンの場合にオンに設定したり、 ++すでにオフの場合にオフに設定しても、何の影響もない。 ++ ++.I /usr/share/doc/passwd/README.debian.gz ++には shadow パスワードとそれに関する特徴の簡単な紹介が書かれている。 +diff --git a/man/pl/shadowconfig.8 b/man/pl/shadowconfig.8 +new file mode 100644 +index 0000000..2016c9f +--- /dev/null ++++ b/man/pl/shadowconfig.8 +@@ -0,0 +1,27 @@ ++.\" $Id: shadowconfig.8,v 1.3 2001/08/23 23:10:51 kloczek Exp $ ++.\" {PTM/WK/1999-09-14} ++.TH SHADOWCONFIG 8 "19 kwietnia 1997" "Debian GNU/Linux" ++.SH NAZWA ++shadowconfig - przełącza ochronę haseł i grup przez pliki shadow ++.SH SKŁADNIA ++.B "shadowconfig" ++.IR on " | " off ++.SH OPIS ++.PP ++.B shadowconfig on ++włącza ochronę haseł i grup przez dodatkowe, przesłaniane pliki (shadow); ++.B shadowconfig off ++wyłącza dodatkowe pliki haseł i grup. ++.B shadowconfig ++wyświetla komunikat o błędzie i kończy pracę z niezerowym kodem jeśli ++znajdzie coś nieprawidłowego. W takim wypadku powinieneś poprawić błąd ++.\" if it finds anything awry. ++i uruchomić program ponownie. ++ ++Włączenie ochrony haseł, gdy jest ona już włączona lub jej wyłączenie, ++gdy jest wyłączona jest nieszkodliwe. ++ ++Przeczytaj ++.IR /usr/share/doc/passwd/README.debian.gz , ++gdzie znajdziesz krótkie wprowadzenie do ochrony haseł z użyciem dodatkowych ++plików haseł przesłanianych (shadow passwords) i związanych tematów. +diff --git a/man/shadowconfig.8 b/man/shadowconfig.8 +new file mode 100644 +index 0000000..c0ee0af --- /dev/null -+++ git/man/shadowconfig.8 ++++ b/man/shadowconfig.8 @@ -0,0 +1,41 @@ +.\"Generated by db2man.xsl. Don't modify this, modify the source. +.de Sh \" Subsection @@ -49,10 +162,11 @@ Index: git/man/shadowconfig.8 +.PP +Note that turning shadow passwords off and on again will lose all password aging information\&. + -Index: git/man/shadowconfig.8.xml -=================================================================== +diff --git a/man/shadowconfig.8.xml b/man/shadowconfig.8.xml +new file mode 100644 +index 0000000..b4080ea --- /dev/null -+++ git/man/shadowconfig.8.xml ++++ b/man/shadowconfig.8.xml @@ -0,0 +1,52 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" @@ -106,96 +220,3 @@ Index: git/man/shadowconfig.8.xml + </para> + </refsect1> +</refentry> -Index: git/man/fr/shadowconfig.8 -=================================================================== ---- /dev/null -+++ git/man/fr/shadowconfig.8 -@@ -0,0 +1,26 @@ -+.\" This file was generated with po4a. Translate the source file. -+.\" -+.\"$Id: shadowconfig.8,v 1.4 2001/08/23 23:10:48 kloczek Exp $ -+.TH SHADOWCONFIG 8 "19 avril 1997" "Debian GNU/Linux" -+.SH NOM -+shadowconfig \- active ou désactive les mots de passe cachés -+.SH SYNOPSIS -+\fBshadowconfig\fP \fIon\fP | \fIoff\fP -+.SH DESCRIPTION -+.PP -+\fBshadowconfig on\fP active les mots de passe cachés («\ shadow passwords\ »)\ ; \fBshadowconfig off\fP les désactive. \fBShadowconfig\fP affiche un message -+d'erreur et quitte avec une valeur de retour non nulle s'il rencontre -+quelque chose d'inattendu. Dans ce cas, vous devrez corriger l'erreur avant -+de recommencer. -+ -+Activer les mots de passe cachés lorsqu'ils sont déjà activés, ou les -+désactiver lorsqu'ils ne sont pas actifs est sans effet. -+ -+Lisez \fI/usr/share/doc/passwd/README.Debian\fP pour une brève introduction aux -+mots de passe cachés et à leurs fonctionnalités. -+ -+Notez que désactiver puis réactiver les mots de passe cachés aura pour -+conséquence la perte des informations d'âge sur les mots de passe. -+.SH TRADUCTION -+Nicolas FRANÇOIS, 2004. -+Veuillez signaler toute erreur à <\fIdebian\-l10\-french@lists.debian.org\fR>. -Index: git/man/ja/shadowconfig.8 -=================================================================== ---- /dev/null -+++ git/man/ja/shadowconfig.8 -@@ -0,0 +1,25 @@ -+.\" all right reserved, -+.\" Translated Tue Oct 30 11:59:11 JST 2001 -+.\" by Maki KURODA <mkuroda@aisys-jp.com> -+.\" -+.TH SHADOWCONFIG 8 "19 Apr 1997" "Debian GNU/Linux" -+.SH 名前 -+shadowconfig \- shadow パスワードの設定をオン及びオフに切替える -+.SH 書式 -+.B "shadowconfig" -+.IR on " | " off -+.SH 説明 -+.PP -+.B shadowconfig on -+は shadow パスワードを有効にする。 -+.B shadowconfig off -+は shadow パスワードを無効にする。 -+.B shadowconfig -+は何らかの間違いがあると、エラーメッセージを表示し、 -+ゼロではない返り値を返す。 -+もしそのようなことが起こった場合、エラーを修正し、再度実行しなければならない。 -+shadow パスワードの設定がすでにオンの場合にオンに設定したり、 -+すでにオフの場合にオフに設定しても、何の影響もない。 -+ -+.I /usr/share/doc/passwd/README.debian.gz -+には shadow パスワードとそれに関する特徴の簡単な紹介が書かれている。 -Index: git/man/pl/shadowconfig.8 -=================================================================== ---- /dev/null -+++ git/man/pl/shadowconfig.8 -@@ -0,0 +1,27 @@ -+.\" $Id: shadowconfig.8,v 1.3 2001/08/23 23:10:51 kloczek Exp $ -+.\" {PTM/WK/1999-09-14} -+.TH SHADOWCONFIG 8 "19 kwietnia 1997" "Debian GNU/Linux" -+.SH NAZWA -+shadowconfig - przełącza ochronę haseł i grup przez pliki shadow -+.SH SKŁADNIA -+.B "shadowconfig" -+.IR on " | " off -+.SH OPIS -+.PP -+.B shadowconfig on -+włącza ochronę haseł i grup przez dodatkowe, przesłaniane pliki (shadow); -+.B shadowconfig off -+wyłącza dodatkowe pliki haseł i grup. -+.B shadowconfig -+wyświetla komunikat o błędzie i kończy pracę z niezerowym kodem jeśli -+znajdzie coś nieprawidłowego. W takim wypadku powinieneś poprawić błąd -+.\" if it finds anything awry. -+i uruchomić program ponownie. -+ -+Włączenie ochrony haseł, gdy jest ona już włączona lub jej wyłączenie, -+gdy jest wyłączona jest nieszkodliwe. -+ -+Przeczytaj -+.IR /usr/share/doc/passwd/README.debian.gz , -+gdzie znajdziesz krótkie wprowadzenie do ochrony haseł z użyciem dodatkowych -+plików haseł przesłanianych (shadow passwords) i związanych tematów. diff --git a/debian/patches/502_debian_useradd_defaults b/debian/patches/Keep-using-Debian-adduser-defaults.patch index 6317ed6..51dfb88 100644 --- a/debian/patches/502_debian_useradd_defaults +++ b/debian/patches/Keep-using-Debian-adduser-defaults.patch @@ -1,41 +1,54 @@ From: Balint Reczey <balint@balintreczey.hu> -Description: Keep using Debian's adduser defaults - Upstream's bbf4b79bc49fd1826eb41f6629669ef0b647267b commit - in 4.9 merged those values from upstream's default configuration file - which is not shipped in Debian. - This patch keeps the program's compiled in defaults in sync with the - configuration files shipped in Debian (debian/default/useradd). +Date: Sat, 22 Jun 2024 17:39:41 +0200 +Subject: Keep using Debian's adduser defaults + Bug: https://github.com/shadow-maint/shadow/issues/501 Bug-Debian: https://bugs.debian.org/1004710 Forwarded: not-needed +Upstream's bbf4b79bc49fd1826eb41f6629669ef0b647267b commit +in 4.9 merged those values from upstream's default configuration file +which is not shipped in Debian. +This patch keeps the program's compiled in defaults in sync with the +configuration files shipped in Debian (debian/default/useradd). + +Gbp-Topic: debian +--- + man/useradd.8.xml | 2 +- + src/useradd.c | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/man/useradd.8.xml b/man/useradd.8.xml +index 001e7d1..4888100 100644 +--- a/man/useradd.8.xml ++++ b/man/useradd.8.xml +@@ -248,7 +248,7 @@ + command line), useradd will set the primary group of the new + user to the value specified by the <option>GROUP</option> + variable in <filename>/etc/default/useradd</filename>, or +- 1000 by default. ++ 100 by default. + </para> + </listitem> + </varlistentry> +diff --git a/src/useradd.c b/src/useradd.c +index 347334a..ac43edd 100644 --- a/src/useradd.c +++ b/src/useradd.c -@@ -79,12 +79,12 @@ +@@ -91,14 +91,14 @@ static const char Prog[] = "useradd"; /* * These defaults are used if there is no defaults file. */ -static gid_t def_group = 1000; +static gid_t def_group = 100; + static const char *def_groups = ""; static const char *def_gname = "other"; static const char *def_home = "/home"; static const char *def_shell = "/bin/bash"; static const char *def_template = SKEL_DIR; + static const char *def_usrtemplate = USRSKELDIR; -static const char *def_create_mail_spool = "yes"; +static const char *def_create_mail_spool = "no"; static const char *def_log_init = "yes"; static long def_inactive = -1; -diff --git a/man/useradd.8.xml b/man/useradd.8.xml -index af02a23f..c7f95b47 100644 ---- a/man/useradd.8.xml -+++ b/man/useradd.8.xml -@@ -248,7 +248,7 @@ - command line), useradd will set the primary group of the new - user to the value specified by the <option>GROUP</option> - variable in <filename>/etc/default/useradd</filename>, or -- 1000 by default. -+ 100 by default. - </para> - </listitem> - </varlistentry> diff --git a/debian/patches/463_login_delay_obeys_to_PAM b/debian/patches/Let-pam_unix-handle-login-failure-delays.patch index ab32c2a..66f5063 100644 --- a/debian/patches/463_login_delay_obeys_to_PAM +++ b/debian/patches/Let-pam_unix-handle-login-failure-delays.patch @@ -1,5 +1,6 @@ -Goal: Do not hardcode pam_fail_delay and let pam_unix do its - job to set a delay...or not +From: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org> +Date: Sat, 22 Jun 2024 17:39:41 +0200 +Subject: Let pam_unix handle login failure delays Fixes: #87648 @@ -7,25 +8,45 @@ Status wrt upstream: Forwarded but not applied yet Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs +Gbp-Topic: debian +--- + lib/getdef.c | 1 - + src/login.c | 19 +++++-------------- + 2 files changed, 5 insertions(+), 15 deletions(-) + +diff --git a/lib/getdef.c b/lib/getdef.c +index 30f54ba..21307bb 100644 +--- a/lib/getdef.c ++++ b/lib/getdef.c +@@ -84,7 +84,6 @@ static struct itemdef def_table[] = { + {"ENV_PATH", NULL}, + {"ENV_SUPATH", NULL}, + {"ERASECHAR", NULL}, +- {"FAIL_DELAY", NULL}, + {"FAKE_SHELL", NULL}, + {"GID_MAX", NULL}, + {"GID_MIN", NULL}, +diff --git a/src/login.c b/src/login.c +index 9fed7b3..a5512d1 100644 --- a/src/login.c +++ b/src/login.c -@@ -512,7 +512,6 @@ - #if !defined(USE_PAM) - char ptime[80]; - #endif -- unsigned int delay; - unsigned int retries; - bool subroot = false; - #ifndef USE_PAM -@@ -537,6 +536,7 @@ - pid_t child; - char *pam_user = NULL; +@@ -490,7 +490,6 @@ int main (int argc, char **argv) + const char *tmptty; + const char *cp; + const char *tmp; +- unsigned int delay; + unsigned int retries; + unsigned int timeout; + struct passwd *pwd = NULL; +@@ -500,6 +499,7 @@ int main (int argc, char **argv) + char *pam_user = NULL; + pid_t child; #else -+ unsigned int delay; ++ unsigned int delay; + bool is_console; struct spwd *spwd = NULL; - #endif - /* -@@ -701,7 +701,6 @@ + # if defined(ENABLE_LASTLOG) +@@ -669,7 +669,6 @@ int main (int argc, char **argv) } environ = newenvp; /* make new environment active */ @@ -33,7 +54,7 @@ Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs retries = getdef_unum ("LOGIN_RETRIES", RETRIES); #ifdef USE_PAM -@@ -717,8 +716,7 @@ +@@ -685,8 +684,7 @@ int main (int argc, char **argv) /* * hostname & tty are either set to NULL or their correct values, @@ -43,7 +64,7 @@ Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs * * PAM_RHOST and PAM_TTY are used for authentication, only use * information coming from login or from the caller (e.g. no utmp) -@@ -727,10 +725,6 @@ +@@ -695,10 +693,6 @@ int main (int argc, char **argv) PAM_FAIL_CHECK; retcode = pam_set_item (pamh, PAM_TTY, tty); PAM_FAIL_CHECK; @@ -53,8 +74,8 @@ Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs -#endif /* if fflg, then the user has already been authenticated */ if (!fflg) { - unsigned int failcount = 0; -@@ -771,12 +765,6 @@ + char hostn[256]; +@@ -736,12 +730,6 @@ int main (int argc, char **argv) bool failed = false; failcount++; @@ -67,7 +88,7 @@ Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs retcode = pam_authenticate (pamh, 0); -@@ -1110,14 +1098,17 @@ +@@ -1032,14 +1020,17 @@ int main (int argc, char **argv) free (username); username = NULL; @@ -85,13 +106,3 @@ Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs (void) puts (_("Login incorrect")); ---- a/lib/getdef.c -+++ b/lib/getdef.c -@@ -77,7 +77,6 @@ - {"ENV_PATH", NULL}, - {"ENV_SUPATH", NULL}, - {"ERASECHAR", NULL}, -- {"FAIL_DELAY", NULL}, - {"FAILLOG_ENAB", NULL}, - {"FAKE_SHELL", NULL}, - {"FTMP_FILE", NULL}, diff --git a/debian/patches/README.patches b/debian/patches/README.patches deleted file mode 100644 index a804fe3..0000000 --- a/debian/patches/README.patches +++ /dev/null @@ -1,22 +0,0 @@ -Small intro to the system for numbering the patches here... - --The 00xx-... patches are forwarded to upstream's git repository - --The 0xx_... series of patches are patches isolated from the latest - version of the shadow Debian package not using quilt in order to - separate upstream from Debian-specific stuff. - - NO MORE PATCHES SHOULD BE ADDED IN THESE SERIES - --The 4xx series are patches which have been applied to Debian's shadow - and have NOT been accepted and/or applied upstream. These patches MUST be kept - even after resynced with upstream - --The 5xx series are patches which are applied to Debian's shadow - and will never be proposed upstream because they're too specific - This list SHOULD BE AS SHORT AS POSSIBLE - -In short, while we are working towards synchronisation with upstream, -our goal is to make 0xx patches disappear by moving them either to 3xx -series (things already implemented upstream) or to 4xx series -(Debian-specific patches). diff --git a/debian/patches/505_useradd_recommend_adduser b/debian/patches/Recommend-using-adduser-and-deluser.patch index 9fb3fe3..79019a4 100644 --- a/debian/patches/505_useradd_recommend_adduser +++ b/debian/patches/Recommend-using-adduser-and-deluser.patch @@ -1,36 +1,48 @@ -Goal: Recommend using adduser and deluser. +From: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org> +Date: Sat, 22 Jun 2024 17:39:41 +0200 +Subject: Recommend using adduser and deluser Fixes: #406046 Status wrt upstream: Debian specific patch. +Gbp-Topic: debian +--- + man/useradd.8.xml | 6 ++++++ + man/userdel.8.xml | 6 ++++++ + 2 files changed, 12 insertions(+) + +diff --git a/man/useradd.8.xml b/man/useradd.8.xml +index 4888100..17987a6 100644 --- a/man/useradd.8.xml +++ b/man/useradd.8.xml -@@ -83,6 +83,12 @@ +@@ -82,6 +82,12 @@ + <refsect1 id='description'> <title>DESCRIPTION</title> - <para> ++ <para> + <command>useradd</command> is a low level utility for adding + users. On Debian, administrators should usually use + <citerefentry><refentrytitle>adduser</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> instead. + </para> -+ <para> + <para> When invoked without the <option>-D</option> option, the <command>useradd</command> command creates a new user account using - the values specified on the command line plus the default values from +diff --git a/man/userdel.8.xml b/man/userdel.8.xml +index 5bd2981..384cc86 100644 --- a/man/userdel.8.xml +++ b/man/userdel.8.xml -@@ -59,6 +59,12 @@ +@@ -58,6 +58,12 @@ + <refsect1 id='description'> <title>DESCRIPTION</title> - <para> ++ <para> + <command>userdel</command> is a low level utility for removing + users. On Debian, administrators should usually use + <citerefentry><refentrytitle>deluser</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> instead. + </para> -+ <para> + <para> The <command>userdel</command> command modifies the system account files, deleting all entries that refer to the user name <emphasis - remap='I'>LOGIN</emphasis>. The named user must exist. diff --git a/debian/patches/506_relaxed_usernames b/debian/patches/Relax-usernames-groupnames-checking.patch index 0e066d9..bb3c027 100644 --- a/debian/patches/506_relaxed_usernames +++ b/debian/patches/Relax-usernames-groupnames-checking.patch @@ -1,28 +1,38 @@ -Goal: Relaxed usernames/groupnames checking patch. +From: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org> +Date: Sat, 22 Jun 2024 17:39:41 +0200 +Subject: Relax usernames/groupnames checking + +Allows any non-empty user/grounames that don't contain ':', ',' or '\n' +characters and don't start with '-', '+', or '~'. This patch is more +restrictive than original Karl's version. closes: #264879 +Also closes: #377844 + +Comments from Karl Ramm (shadow 1:4.0.3-9, 20 Aug 2003 02:06:50 -0400): + +I can't come up with a good justification as to why characters other +than ':'s and '\0's should be disallowed in group and usernames (other +than '-' as the leading character). Thus, the maintenance tools don't +anymore. closes: #79682, #166798, #171179 Status wrt upstream: Debian specific. Not to be used upstream -Details: - Allows any non-empty user/grounames that don't contain ':', ',' or '\n' - characters and don't start with '-', '+', or '~'. This patch is more - restrictive than original Karl's version. closes: #264879 - Also closes: #377844 - - Comments from Karl Ramm (shadow 1:4.0.3-9, 20 Aug 2003 02:06:50 -0400): - - I can't come up with a good justification as to why characters other - than ':'s and '\0's should be disallowed in group and usernames (other - than '-' as the leading character). Thus, the maintenance tools don't - anymore. closes: #79682, #166798, #171179 +Gbp-Topic: debian +--- + lib/chkname.c | 47 +++++++++++++++-------------------------------- + man/groupadd.8.xml | 6 ++++++ + man/useradd.8.xml | 7 ++++++- + 3 files changed, 27 insertions(+), 33 deletions(-) ---- a/libmisc/chkname.c -+++ b/libmisc/chkname.c -@@ -32,44 +32,26 @@ +diff --git a/lib/chkname.c b/lib/chkname.c +index 995562f..d9678c6 100644 +--- a/lib/chkname.c ++++ b/lib/chkname.c +@@ -54,44 +54,27 @@ static bool is_valid_name (const char *name) } /* -- * User/group names must match gnu e-regex: -- * [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]? +- * User/group names must match BRE regex: +- * [a-zA-Z0-9_.][a-zA-Z0-9_.-]*$\? - * - * as a non-POSIX, extension, allow "$" as the last char for - * sake of Samba 3.x "add machine script" @@ -51,7 +61,7 @@ Details: + || ('+' == *name)) { return false; } -- + - numeric = isdigit(*name); - - while ('\0' != *++name) { @@ -76,36 +86,39 @@ Details: + return true; } - bool is_valid_user_name (const char *name) + +diff --git a/man/groupadd.8.xml b/man/groupadd.8.xml +index 61a548f..d472bd0 100644 +--- a/man/groupadd.8.xml ++++ b/man/groupadd.8.xml +@@ -71,6 +71,12 @@ + Fully numeric groupnames and groupnames . or .. are + also disallowed. + </para> ++ <para> ++ On Debian, the only constraints are that groupnames must neither start ++ with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a ++ colon (':'), a comma (','), or a whitespace (space:' ', ++ end of line: '\n', tabulation: '\t', etc.). ++ </para> + <para> + Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long. + </para> +diff --git a/man/useradd.8.xml b/man/useradd.8.xml +index 17987a6..4fc95d1 100644 --- a/man/useradd.8.xml +++ b/man/useradd.8.xml -@@ -708,6 +708,14 @@ +@@ -733,7 +733,12 @@ the <command>ls</command> output. </para> <para> +- Usernames may only be up to 256 characters long. + On Debian, the only constraints are that usernames must neither start + with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a + colon (':'), a comma (','), or a whitespace (space: ' ', + end of line: '\n', tabulation: '\t', etc.). Note that using a slash + ('/') may break the default algorithm for the definition of the + user's home directory. -+ </para> -+ <para> - Usernames may only be up to 32 characters long. </para> </refsect1> ---- a/man/groupadd.8.xml -+++ b/man/groupadd.8.xml -@@ -72,6 +72,12 @@ - also disallowed. - </para> - <para> -+ On Debian, the only constraints are that groupnames must neither start -+ with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a -+ colon (':'), a comma (','), or a whitespace (space:' ', -+ end of line: '\n', tabulation: '\t', etc.). -+ </para> -+ <para> - Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long. - </para> - </refsect1> + diff --git a/debian/patches/501_commonio_group_shadow b/debian/patches/Set-group-and-mode-for-g-shadow-files.patch index cfdf10c..c5e21ac 100644 --- a/debian/patches/501_commonio_group_shadow +++ b/debian/patches/Set-group-and-mode-for-g-shadow-files.patch @@ -1,7 +1,20 @@ -Goal: save the [g]shadow files with the 'shadow' group and mode 0440 +From: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org> +Date: Sat, 22 Jun 2024 17:39:41 +0200 +Subject: Set group and mode for [g]shadow files + +Set group 'shadow' and mode 0400. Fixes: #166793 +Gbp-Topic: debian +--- + lib/commonio.c | 12 ++++++++++++ + lib/sgroupio.c | 2 +- + lib/shadowio.c | 2 +- + 3 files changed, 14 insertions(+), 2 deletions(-) + +diff --git a/lib/commonio.c b/lib/commonio.c +index 01a26c9..72e53b0 100644 --- a/lib/commonio.c +++ b/lib/commonio.c @@ -21,6 +21,7 @@ @@ -9,12 +22,12 @@ Fixes: #166793 #include <stdio.h> #include <signal.h> +#include <grp.h> - #include "nscd.h" - #include "sssd.h" - #ifdef WITH_TCB -@@ -970,12 +971,23 @@ + + #include "alloc.h" + #include "memzero.h" +@@ -956,12 +957,23 @@ int commonio_close (struct commonio_db *db) + if (errors != 0) goto fail; - } } else { + struct group *grp; /* @@ -35,10 +48,12 @@ Fixes: #166793 + } } - snprintf (buf, sizeof buf, "%s+", db->filename); + if (SNPRINTF(buf, "%s+", db->filename) == -1) +diff --git a/lib/sgroupio.c b/lib/sgroupio.c +index 0297df4..107b1e5 100644 --- a/lib/sgroupio.c +++ b/lib/sgroupio.c -@@ -206,7 +206,7 @@ +@@ -209,7 +209,7 @@ static struct commonio_db gshadow_db = { #ifdef WITH_SELINUX NULL, /* scontext */ #endif @@ -47,9 +62,11 @@ Fixes: #166793 0, /* st_uid */ 0, /* st_gid */ NULL, /* head */ +diff --git a/lib/shadowio.c b/lib/shadowio.c +index d2c3b47..53dac0b 100644 --- a/lib/shadowio.c +++ b/lib/shadowio.c -@@ -84,7 +84,7 @@ +@@ -85,7 +85,7 @@ static struct commonio_db shadow_db = { #ifdef WITH_SELINUX NULL, /* scontext */ #endif /* WITH_SELINUX */ diff --git a/debian/patches/402_cppw_selinux b/debian/patches/ccpw-add-selinux-support.patch index 5f2da1b..d64210f 100644 --- a/debian/patches/402_cppw_selinux +++ b/debian/patches/ccpw-add-selinux-support.patch @@ -1,18 +1,19 @@ -Goal: Add selinux support to cppw - -Fix: +From: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org> +Date: Sat, 22 Jun 2024 17:39:41 +0200 +Subject: ccpw: add selinux support Status wrt upstream: cppw is not available upstream. - The patch was made based on the - 302_vim_selinux_support patch. It needs to be - reviewed by an SE-Linux aware person. +Needs to be reviewed by an SE-Linux aware person. -Depends on 401_cppw_src.dpatch +Gbp-Topic: debian +--- + src/cppw.c | 28 ++++++++++++++++++++++++++++ + 1 file changed, 28 insertions(+) -Index: git/src/cppw.c -=================================================================== ---- git.orig/src/cppw.c -+++ git/src/cppw.c +diff --git a/src/cppw.c b/src/cppw.c +index beb4c36..2cbbbc0 100644 +--- a/src/cppw.c ++++ b/src/cppw.c @@ -34,6 +34,9 @@ #include <sys/types.h> #include <signal.h> @@ -23,7 +24,7 @@ Index: git/src/cppw.c #include "exitcodes.h" #include "prototypes.h" #include "pwio.h" -@@ -139,6 +142,22 @@ +@@ -139,6 +142,22 @@ static void cppwcopy (const char *file, if (access (file, F_OK) != 0) { cppwexit (file, 1, 1); } @@ -46,7 +47,7 @@ Index: git/src/cppw.c if (file_lock () == 0) { cppwexit (_("Couldn't lock file"), 0, 5); } -@@ -167,6 +186,15 @@ +@@ -167,6 +186,15 @@ static void cppwcopy (const char *file, cppwexit (NULL,0,1); } diff --git a/debian/patches/401_cppw_src.dpatch b/debian/patches/cppw-Add-tool.patch index 5244702..a738898 100644 --- a/debian/patches/401_cppw_src.dpatch +++ b/debian/patches/cppw-Add-tool.patch @@ -1,10 +1,50 @@ -#! /bin/sh /usr/share/dpatch/dpatch-run -## 401_cppw_src.dpatch by Nicolas FRANCOIS <nicolas.francois@centraliens.net> -## -## All lines beginning with `## DP:' are a description of the patch. -## DP: Add cppw / cpgr +From: Nicolas FRANCOIS <nicolas.francois@centraliens.net> +Date: Sat, 22 Jun 2024 17:39:41 +0200 +Subject: cppw: Add tool -@DPATCH@ +Gbp-Topic: debian +--- + po/POTFILES.in | 1 + + src/Makefile.am | 2 + + src/cppw.c | 238 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 241 insertions(+) + create mode 100644 src/cppw.c + +diff --git a/po/POTFILES.in b/po/POTFILES.in +index 9ff6100..a60c93e 100644 +--- a/po/POTFILES.in ++++ b/po/POTFILES.in +@@ -86,6 +86,7 @@ src/chfn.c + src/chgpasswd.c + src/chpasswd.c + src/chsh.c ++src/cppw.c + src/expiry.c + src/faillog.c + src/gpasswd.c +diff --git a/src/Makefile.am b/src/Makefile.am +index b6cb09e..c86ba52 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -39,6 +39,7 @@ if WITH_SU + bin_PROGRAMS += su + endif + usbin_PROGRAMS = \ ++ cppw \ + chgpasswd \ + chpasswd \ + groupadd \ +@@ -104,6 +105,7 @@ newuidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) $(LIBECONF) -l + newgidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) $(LIBECONF) -ldl + chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF) + chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) ++cppw_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) + chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF) + chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) -ldl + expiry_LDADD = $(LDADD) $(LIBECONF) +diff --git a/src/cppw.c b/src/cppw.c +new file mode 100644 +index 0000000..beb4c36 --- /dev/null +++ b/src/cppw.c @@ -0,0 +1,238 @@ @@ -246,31 +286,3 @@ + return 0; +} + ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -34,6 +34,7 @@ - bin_PROGRAMS += su - endif - usbin_PROGRAMS = \ -+ cppw \ - chgpasswd \ - chpasswd \ - groupadd \ -@@ -102,6 +103,7 @@ - chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) - chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF) - chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) -+cppw_LDADD = $(LDADD) $(LIBSELINUX) $(LIBAUDIT) - expiry_LDADD = $(LDADD) $(LIBECONF) - gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) - groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) -ldl ---- a/po/POTFILES.in -+++ b/po/POTFILES.in -@@ -91,6 +91,7 @@ - src/chgpasswd.c - src/chpasswd.c - src/chsh.c -+src/cppw.c - src/expiry.c - src/faillog.c - src/gpasswd.c diff --git a/debian/patches/series b/debian/patches/series index ba058e0..d4bee87 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,23 +1,9 @@ -# CVE-2023-4641 -0001-gpasswd-1-Fix-password-leak.patch - -# CVE-2023-29383 -0002-Added-control-character-check.patch -0003-Overhaul-valid_field.patch - -# These patches are only for the testsuite: -#900_testsuite_groupmems -#901_testsuite_gcov - -008_login_log_failure_in_FTMP -401_cppw_src.dpatch -# 402 should be merged in 401, but should be reviewed by SE Linux experts first -402_cppw_selinux -429_login_FAILLOG_ENAB -463_login_delay_obeys_to_PAM -501_commonio_group_shadow -502_debian_useradd_defaults -503_shadowconfig.8 -505_useradd_recommend_adduser -506_relaxed_usernames -542_useradd-O_option +cppw-Add-tool.patch +ccpw-add-selinux-support.patch +Let-pam_unix-handle-login-failure-delays.patch +Set-group-and-mode-for-g-shadow-files.patch +Keep-using-Debian-adduser-defaults.patch +Document-the-shadowconfig-utility.patch +Recommend-using-adduser-and-deluser.patch +Relax-usernames-groupnames-checking.patch +useradd-accept-the-O-flag-for-backward-compatibility.patch diff --git a/debian/patches/542_useradd-O_option b/debian/patches/useradd-accept-the-O-flag-for-backward-compatibility.patch index 3745826..74b41c8 100644 --- a/debian/patches/542_useradd-O_option +++ b/debian/patches/useradd-accept-the-O-flag-for-backward-compatibility.patch @@ -1,13 +1,23 @@ -Goal: accepts the -O flag for backward compatibility. (was used by adduser?) +From: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org> +Date: Sat, 22 Jun 2024 17:39:41 +0200 +Subject: useradd: accept the -O flag for backward compatibility Note: useradd.8 needs to be regenerated. -Status wrt upstream: not included as this is just specific +Status wrt upstream: not included as this is just specific backward compatibility for Debian +Gbp-Topic: debian +--- + man/useradd.8.xml | 5 +++++ + src/useradd.c | 3 ++- + 2 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/man/useradd.8.xml b/man/useradd.8.xml +index 4fc95d1..c513e56 100644 --- a/man/useradd.8.xml +++ b/man/useradd.8.xml -@@ -326,6 +326,11 @@ +@@ -333,6 +333,11 @@ =<replaceable>100</replaceable> <option>-K</option> <replaceable>UID_MAX</replaceable>=<replaceable>499</replaceable> </para> @@ -19,9 +29,11 @@ Status wrt upstream: not included as this is just specific <!--para> Note: <option>-K</option> <replaceable>UID_MIN</replaceable>=<replaceable>10</replaceable>,<replaceable>UID_MAX</replaceable>=<replaceable>499</replaceable> doesn't work yet. +diff --git a/src/useradd.c b/src/useradd.c +index ac43edd..1cf3349 100644 --- a/src/useradd.c +++ b/src/useradd.c -@@ -1227,7 +1227,7 @@ +@@ -1215,7 +1215,7 @@ static void process_flags (int argc, char **argv) {NULL, 0, NULL, '\0'} }; while ((c = getopt_long (argc, argv, @@ -30,7 +42,7 @@ Status wrt upstream: not included as this is just specific #ifdef WITH_SELINUX "Z:" #endif /* WITH_SELINUX */ -@@ -1367,6 +1367,7 @@ +@@ -1355,6 +1355,7 @@ static void process_flags (int argc, char **argv) kflg = true; break; case 'K': |