From 37112ff6dd482edb8af60f110971e4c91d035f30 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Wed, 26 Jun 2024 18:18:38 +0200 Subject: Adding debian version 1:4.15.2-1. Signed-off-by: Daniel Baumann --- debian/changelog | 41 + debian/control | 14 +- debian/copyright | 26 +- debian/login.defs | 74 +- debian/not-installed | 3 - .../patches/0001-gpasswd-1-Fix-password-leak.patch | 137 -- .../0002-Added-control-character-check.patch | 45 - debian/patches/0003-Overhaul-valid_field.patch | 61 - debian/patches/008_login_log_failure_in_FTMP | 51 - debian/patches/401_cppw_src.dpatch | 276 --- debian/patches/402_cppw_selinux | 64 - debian/patches/429_login_FAILLOG_ENAB | 84 - debian/patches/463_login_delay_obeys_to_PAM | 97 - debian/patches/501_commonio_group_shadow | 60 - debian/patches/502_debian_useradd_defaults | 41 - debian/patches/503_shadowconfig.8 | 201 -- debian/patches/505_useradd_recommend_adduser | 36 - debian/patches/506_relaxed_usernames | 111 -- debian/patches/542_useradd-O_option | 40 - debian/patches/900_testsuite_groupmems | 81 - debian/patches/901_testsuite_gcov | 76 - .../Document-the-shadowconfig-utility.patch | 222 +++ .../Keep-using-Debian-adduser-defaults.patch | 54 + .../Let-pam_unix-handle-login-failure-delays.patch | 108 + debian/patches/README.patches | 22 - .../Recommend-using-adduser-and-deluser.patch | 48 + .../Relax-usernames-groupnames-checking.patch | 124 ++ .../Set-group-and-mode-for-g-shadow-files.patch | 77 + debian/patches/ccpw-add-selinux-support.patch | 65 + debian/patches/cppw-Add-tool.patch | 288 +++ debian/patches/series | 32 +- ...ept-the-O-flag-for-backward-compatibility.patch | 52 + debian/rules | 16 +- debian/upstream/signing-key.asc | 2063 +++++++++++++++++++- 34 files changed, 3100 insertions(+), 1690 deletions(-) delete mode 100644 debian/patches/0001-gpasswd-1-Fix-password-leak.patch delete mode 100644 debian/patches/0002-Added-control-character-check.patch delete mode 100644 debian/patches/0003-Overhaul-valid_field.patch delete mode 100644 debian/patches/008_login_log_failure_in_FTMP delete mode 100644 debian/patches/401_cppw_src.dpatch delete mode 100644 debian/patches/402_cppw_selinux delete mode 100644 debian/patches/429_login_FAILLOG_ENAB delete mode 100644 debian/patches/463_login_delay_obeys_to_PAM delete mode 100644 debian/patches/501_commonio_group_shadow delete mode 100644 debian/patches/502_debian_useradd_defaults delete mode 100644 debian/patches/503_shadowconfig.8 delete mode 100644 debian/patches/505_useradd_recommend_adduser delete mode 100644 debian/patches/506_relaxed_usernames delete mode 100644 debian/patches/542_useradd-O_option delete mode 100644 debian/patches/900_testsuite_groupmems delete mode 100644 debian/patches/901_testsuite_gcov create mode 100644 debian/patches/Document-the-shadowconfig-utility.patch create mode 100644 debian/patches/Keep-using-Debian-adduser-defaults.patch create mode 100644 debian/patches/Let-pam_unix-handle-login-failure-delays.patch delete mode 100644 debian/patches/README.patches create mode 100644 debian/patches/Recommend-using-adduser-and-deluser.patch create mode 100644 debian/patches/Relax-usernames-groupnames-checking.patch create mode 100644 debian/patches/Set-group-and-mode-for-g-shadow-files.patch create mode 100644 debian/patches/ccpw-add-selinux-support.patch create mode 100644 debian/patches/cppw-Add-tool.patch create mode 100644 debian/patches/useradd-accept-the-O-flag-for-backward-compatibility.patch (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index fd8cf01..e337434 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,44 @@ +shadow (1:4.15.2-1) unstable; urgency=medium + + * New upstream version 4.15.2 + Includes fix for csrand_uniform(). + + -- Chris Hofstaedtler Sat, 22 Jun 2024 17:37:34 +0200 + +shadow (1:4.15.1-1) unstable; urgency=medium + + * New upstream version 4.15.1 + Closes: #832047, #812127, #1034312, #856902, #791806 + Closes: #1006216, #1006225, #1006208 + * contrib/atudel, non-DFSG-compliant was removed upstream + * Remove obsolete configure flag --without-libcrack + * Use functions from libbsd (Closes: #1032393) + * Build-Depend: libltdl-dev for LT_LIB_DLLOAD + (Closes: #1065350) + * Build-Depend: pkgconf + * Drop upstream applied patches + * Disable FTMP_FILE by default, drop login failure logging + * Rebase patch 401_cppw_src.dpatch + * Rename patch 402_cppw_selinux + * Use upstream FAILLOG_ENAB code, incompatible with PAM + (Closes: #776314) + * Rebase patch 463_login_delay_obeys_to_PAM + * Rebase patch 501_commonio_group_shadow + * Rebase patch 502_debian_useradd_defaults + * Rebase patch 506_relaxed_usernames + * Rebase patch 542_useradd-O_option + * Update upstream signing keys + * Tag build with dh-package-notes + * Turn off --enable-lastlog, drop lastlog from not-installed + * Explicitly enable logind on linux-any + * Update default ENCRYPT_METHOD (Closes: #1043236) + * login: switch from Essential to Protected: yes (Closes: #960638) + Moves Pre-Depends to Depends. + * Enable acl, xattr support (Closes: #745796) + * login.defs: remove PAM-unsupported crypt settings (Closes: #1055582) + + -- Chris Hofstaedtler Sat, 22 Jun 2024 16:08:41 +0200 + shadow (1:4.13+dfsg1-5) unstable; urgency=medium * Add myself to Uploaders, per discussion with Serge Hallyn diff --git a/debian/control b/debian/control index 96a1b42..e10fe36 100644 --- a/debian/control +++ b/debian/control @@ -8,18 +8,26 @@ Priority: required Build-Depends: bison, debhelper-compat (= 13), + dh-package-notes, dh-sequence-zz-debputy-rrr (>= 0.1.23~), docbook-xml , docbook-xsl , gettext, itstool , + libacl1-dev, + libattr1-dev, libaudit-dev [linux-any], + libbsd-dev, libcrypt-dev, + libltdl-dev, libpam0g-dev, libselinux1-dev [linux-any], libsemanage-dev [linux-any], + libsystemd-dev [linux-any], libxml2-utils , + pkgconf, quilt, + systemd-dev [linux-any], xsltproc Standards-Version: 4.6.1 Vcs-Git: https://salsa.debian.org/debian/shadow.git -b master @@ -43,8 +51,8 @@ Description: change and administer password and group data Package: login Architecture: any Multi-Arch: foreign -Essential: yes -Pre-Depends: +Protected: yes +Depends: libpam-modules, libpam-runtime Breaks: @@ -54,7 +62,7 @@ Conflicts: Replaces: hurd (<< 20140206~) [hurd-any] Description: system login tools - This package provides some required infrastructure for logins and for + This package provides support for console-based logins and for changing effective user or group IDs, including: * login, the program that invokes a user shell on a virtual terminal; * nologin, a dummy shell for disabled user accounts; diff --git a/debian/copyright b/debian/copyright index 7b7ab2b..13c9b73 100644 --- a/debian/copyright +++ b/debian/copyright @@ -1,8 +1,6 @@ Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: Shadow Source: https://github.com/shadow-maint/shadow -Note: atudel is licensed under BSD-4-Clause which is not DFSG compatible -Files-Excluded: contrib/atudel Files: * Copyright: 1989-1994, Julianne Frances Haugh @@ -85,10 +83,6 @@ Copyright: 1993, Michael Haardt 1993, Scorpio, www.linuxforum.net License: GPL-2+ -Files: contrib/udbachk.tgz -Copyright: 1999, Sami Kerola and Janne Riihijärvi -License: GPL-2+ - Files: man/hu/man5/* Copyright: 1993, Michael Haardt License: GPL-2+ @@ -97,18 +91,10 @@ Files: contrib/adduser2.sh Copyright: 1996, Petri Mattila, Prihateam Networks License: GPL-2+ -Files: contrib/pwdauth.c -Copyright: 1996, Marek Michalkiewicz -License: BSD-3-clause - Files: lib/subordinateio.h Copyright: 2012, Eric W. Biederman License: BSD-3-clause -Files: libmisc/date_to_str.c -Copyright: 2021, Alejandro Colomar -License: BSD-3-clause - Files: man/hu/man1/su.1 Copyright: 1999, Ragnar Hojland Espinosa License: BSD-3-clause @@ -139,16 +125,6 @@ Copyright: 1997, Guy Maor 2007 - 2013, Nicolas François License: GPL-2+ -Files: libmisc/getdate.y -Copyright: Steven M. Bellovin -License: public-domain - Originally written by Steven M. Bellovin while - at the University of North Carolina at Chapel Hill. Later tweaked by - a couple of people on Usenet. Completely overhauled by Rich $alz - and Jim Berets in August, 1990; - . - This code is in the public domain and has no copyright. - Files: man/ko/man5/* Copyright: 2000, ASPLINUX License: GPL-2+ @@ -167,7 +143,7 @@ Copyright: 1991-1993, Chip Rosenthal 2007-2009, Nicolas François License: BSD-3-clause -Files: debian/patches/401_cppw_src.dpatch +Files: debian/patches/cppw-Add-tool.patch Copyright: 1997, Guy Maor 1999, Stephen Frost License: GPL-2+ diff --git a/debian/login.defs b/debian/login.defs index 142e5b0..3a933b7 100644 --- a/debian/login.defs +++ b/debian/login.defs @@ -35,12 +35,6 @@ MAIL_DIR /var/mail #MAIL_FILE .mail -# -# Enable logging and display of /var/log/faillog login failure info. -# This option conflicts with the pam_tally PAM module. -# -FAILLOG_ENAB yes - # # Enable display of unknown usernames when login failures are recorded. # @@ -72,12 +66,6 @@ SYSLOG_SG_ENAB yes # #TTYTYPE_FILE /etc/ttytype -# -# If defined, login failures will be logged here in a utmp format -# last, when invoked as lastb, will read /var/log/btmp, so... -# -FTMP_FILE /var/log/btmp - # # If defined, the command name to display when running "su -". For # example, if this is defined as "su" then a "ps" will display the @@ -128,32 +116,15 @@ TTYPERM 0600 # # ERASECHAR Terminal ERASE character ('\010' = backspace). # KILLCHAR Terminal KILL character ('\025' = CTRL/U). -# UMASK Default "umask" value. # # The ERASECHAR and KILLCHAR are used only on System V machines. # -# UMASK is the default umask value for pam_umask and is used by -# useradd and newusers to set the mode of the new home directories. -# 022 is the "historical" value in Debian for UMASK -# 027, or even 077, could be considered better for privacy -# There is no One True Answer here : each sysadmin must make up his/her -# mind. -# -# If USERGROUPS_ENAB is set to "yes", that will modify this UMASK default value -# for private user groups, i. e. the uid is the same as gid, and username is -# the same as the primary group name: for these, the user permissions will be -# used as group permissions, e. g. 022 will become 002. -# -# Prefix these values with "0" to get octal, "0x" to get hexadecimal. -# ERASECHAR 0177 KILLCHAR 025 -UMASK 022 # HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new # home directories. -# If HOME_MODE is not set, the value of UMASK is used to create the mode. -#HOME_MODE 0700 +HOME_MODE 0700 # # Password aging controls: @@ -267,17 +238,6 @@ USERGROUPS_ENAB yes # #CONSOLE_GROUPS floppy:audio:cdrom -# -# If set to "yes", new passwords will be encrypted using the MD5-based -# algorithm compatible with the one used by recent releases of FreeBSD. -# It supports passwords of unlimited length and longer salt strings. -# Set to "no" if you need to copy encrypted passwords to other systems -# which don't understand the new algorithm. Default is "no". -# -# This variable is deprecated. You should use ENCRYPT_METHOD. -# -#MD5_CRYPT_ENAB no - # # If set to MD5, MD5-based algorithm will be used for encrypting password # If set to SHA256, SHA256-based algorithm will be used for encrypting password @@ -291,37 +251,7 @@ USERGROUPS_ENAB yes # Note: It is recommended to use a value consistent with # the PAM modules configuration. # -ENCRYPT_METHOD SHA512 - -# -# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512. -# -# Define the number of SHA rounds. -# With a lot of rounds, it is more difficult to brute-force the password. -# However, more CPU resources will be needed to authenticate users if -# this value is increased. -# -# If not specified, the libc will choose the default number of rounds (5000), -# which is orders of magnitude too low for modern hardware. -# The values must be within the 1000-999999999 range. -# If only one of the MIN or MAX values is set, then this value will be used. -# If MIN > MAX, the highest value will be used. -# -#SHA_CRYPT_MIN_ROUNDS 5000 -#SHA_CRYPT_MAX_ROUNDS 5000 - -# -# Only works if ENCRYPT_METHOD is set to YESCRYPT. -# -# Define the YESCRYPT cost factor. -# With a higher cost factor, it is more difficult to brute-force the password. -# However, more CPU time and more memory will be needed to authenticate users -# if this value is increased. -# -# If not specified, a cost factor of 5 will be used. -# The value must be within the 1-11 range. -# -#YESCRYPT_COST_FACTOR 5 +ENCRYPT_METHOD YESCRYPT # # The pwck(8) utility emits a warning for any system account with a home diff --git a/debian/not-installed b/debian/not-installed index e542a49..9d7299a 100644 --- a/debian/not-installed +++ b/debian/not-installed @@ -15,7 +15,6 @@ etc/pam.d/passwd etc/pam.d/useradd etc/pam.d/userdel etc/pam.d/usermod -usr/bin/lastlog usr/bin/sg usr/lib/*/libsubid.la usr/sbin/logoutd @@ -26,7 +25,6 @@ usr/share/man/*/man1/su.1 usr/share/man/*/man3/getspnam.3 usr/share/man/*/man3/shadow.3 usr/share/man/*/man5/suauth.5 -usr/share/man/*/man8/lastlog.8 usr/share/man/*/man8/logoutd.8 usr/share/man/man1/groups.1 usr/share/man/man1/logoutd.1 @@ -34,6 +32,5 @@ usr/share/man/man1/su.1 usr/share/man/man3/getspnam.3 usr/share/man/man3/shadow.3 usr/share/man/man5/suauth.5 -usr/share/man/man8/lastlog.8 usr/share/man/man8/logoutd.8 diff --git a/debian/patches/0001-gpasswd-1-Fix-password-leak.patch b/debian/patches/0001-gpasswd-1-Fix-password-leak.patch deleted file mode 100644 index 1596b2d..0000000 --- a/debian/patches/0001-gpasswd-1-Fix-password-leak.patch +++ /dev/null @@ -1,137 +0,0 @@ -From 65c88a43a23c2391dcc90c0abda3e839e9c57904 Mon Sep 17 00:00:00 2001 -From: Alejandro Colomar -Date: Sat, 10 Jun 2023 16:20:05 +0200 -Subject: [PATCH] gpasswd(1): Fix password leak - -How to trigger this password leak? -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -When gpasswd(1) asks for the new password, it asks twice (as is usual -for confirming the new password). Each of those 2 password prompts -uses agetpass() to get the password. If the second agetpass() fails, -the first password, which has been copied into the 'static' buffer -'pass' via STRFCPY(), wasn't being zeroed. - -agetpass() is defined in <./libmisc/agetpass.c> (around line 91), and -can fail for any of the following reasons: - -- malloc(3) or readpassphrase(3) failure. - - These are going to be difficult to trigger. Maybe getting the system - to the limits of memory utilization at that exact point, so that the - next malloc(3) gets ENOMEM, and possibly even the OOM is triggered. - About readpassphrase(3), ENFILE and EINTR seem the only plausible - ones, and EINTR probably requires privilege or being the same user; - but I wouldn't discard ENFILE so easily, if a process starts opening - files. - -- The password is longer than PASS_MAX. - - The is plausible with physical access. However, at that point, a - keylogger will be a much simpler attack. - -And, the attacker must be able to know when the second password is being -introduced, which is not going to be easy. - -How to read the password after the leak? -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Provoking the leak yourself at the right point by entering a very long -password is easy, and inspecting the process stack at that point should -be doable. Try to find some consistent patterns. - -Then, search for those patterns in free memory, right after the victim -leaks their password. - -Once you get the leak, a program should read all the free memory -searching for patterns that gpasswd(1) leaves nearby the leaked -password. - -On 6/10/23 03:14, Seth Arnold wrote: -> An attacker process wouldn't be able to use malloc(3) for this task. -> There's a handful of tools available for userspace to allocate memory: -> -> - brk / sbrk -> - mmap MAP_ANONYMOUS -> - mmap /dev/zero -> - mmap some other file -> - shm_open -> - shmget -> -> Most of these return only pages of zeros to a process. Using mmap of an -> existing file, you can get some of the contents of the file demand-loaded -> into the memory space on the first use. -> -> The MAP_UNINITIALIZED flag only works if the kernel was compiled with -> CONFIG_MMAP_ALLOW_UNINITIALIZED. This is rare. -> -> malloc(3) doesn't zero memory, to our collective frustration, but all the -> garbage in the allocations is from previous allocations in the current -> process. It isn't leftover from other processes. -> -> The avenues available for reading the memory: -> - /dev/mem and /dev/kmem (requires root, not available with Secure Boot) -> - /proc/pid/mem (requires ptrace privileges, mediated by YAMA) -> - ptrace (requires ptrace privileges, mediated by YAMA) -> - causing memory to be swapped to disk, and then inspecting the swap -> -> These all require a certain amount of privileges. - -How to fix it? -~~~~~~~~~~~~~~ - -memzero(), which internally calls explicit_bzero(3), or whatever -alternative the system provides with a slightly different name, will -make sure that the buffer is zeroed in memory, and optimizations are not -allowed to impede this zeroing. - -This is not really 100% effective, since compilers may place copies of -the string somewhere hidden in the stack. Those copies won't get zeroed -by explicit_bzero(3). However, that's arguably a compiler bug, since -compilers should make everything possible to avoid optimizing strings -that are later passed to explicit_bzero(3). But we all know that -sometimes it's impossible to have perfect knowledge in the compiler, so -this is plausible. Nevertheless, there's nothing we can do against such -issues, except minimizing the time such passwords are stored in plain -text. - -Security concerns -~~~~~~~~~~~~~~~~~ - -We believe this isn't easy to exploit. Nevertheless, and since the fix -is trivial, this fix should probably be applied soon, and backported to -all supported distributions, to prevent someone else having more -imagination than us to find a way. - -Affected versions -~~~~~~~~~~~~~~~~~ - -All. Bug introduced in shadow 19990709. That's the second commit in -the git history. - -Fixes: 45c6603cc86c ("[svn-upgrade] Integrating new upstream version, shadow (19990709)") -Reported-by: Alejandro Colomar -Cc: Serge Hallyn -Cc: Iker Pedrosa -Cc: Seth Arnold -Cc: Christian Brauner -Cc: Balint Reczey -Cc: Sam James -Cc: David Runge -Cc: Andreas Jaeger -Cc: <~hallyn/shadow@lists.sr.ht> -Signed-off-by: Alejandro Colomar ---- - src/gpasswd.c | 1 + - 1 file changed, 1 insertion(+) - ---- a/src/gpasswd.c -+++ b/src/gpasswd.c -@@ -896,6 +896,7 @@ - strzero (cp); - cp = getpass (_("Re-enter new password: ")); - if (NULL == cp) { -+ memzero (pass, sizeof pass); - exit (1); - } - diff --git a/debian/patches/0002-Added-control-character-check.patch b/debian/patches/0002-Added-control-character-check.patch deleted file mode 100644 index 29adce1..0000000 --- a/debian/patches/0002-Added-control-character-check.patch +++ /dev/null @@ -1,45 +0,0 @@ -From e5905c4b84d4fb90aefcd96ee618411ebfac663d Mon Sep 17 00:00:00 2001 -From: tomspiderlabs <128755403+tomspiderlabs@users.noreply.github.com> -Date: Thu, 23 Mar 2023 23:39:38 +0000 -Subject: [PATCH] Added control character check - -Added control character check, returning -1 (to "err") if control characters are present. ---- - lib/fields.c | 11 +++++++---- - 1 file changed, 7 insertions(+), 4 deletions(-) - -diff --git a/lib/fields.c b/lib/fields.c -index 640be931..fb51b582 100644 ---- a/lib/fields.c -+++ b/lib/fields.c -@@ -21,9 +21,9 @@ - * - * The supplied field is scanned for non-printable and other illegal - * characters. -- * + -1 is returned if an illegal character is present. -- * + 1 is returned if no illegal characters are present, but the field -- * contains a non-printable character. -+ * + -1 is returned if an illegal or control character is present. -+ * + 1 is returned if no illegal or control characters are present, -+ * but the field contains a non-printable character. - * + 0 is returned otherwise. - */ - int valid_field (const char *field, const char *illegal) -@@ -45,10 +45,13 @@ int valid_field (const char *field, const char *illegal) - } - - if (0 == err) { -- /* Search if there are some non-printable characters */ -+ /* Search if there are non-printable or control characters */ - for (cp = field; '\0' != *cp; cp++) { - if (!isprint (*cp)) { - err = 1; -+ } -+ if (!iscntrl (*cp)) { -+ err = -1; - break; - } - } --- -2.34.1 - diff --git a/debian/patches/0003-Overhaul-valid_field.patch b/debian/patches/0003-Overhaul-valid_field.patch deleted file mode 100644 index b7a8428..0000000 --- a/debian/patches/0003-Overhaul-valid_field.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 2eaea70111f65b16d55998386e4ceb4273c19eb4 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= -Date: Fri, 31 Mar 2023 14:46:50 +0200 -Subject: [PATCH] Overhaul valid_field() - -e5905c4b ("Added control character check") introduced checking for -control characters but had the logic inverted, so it rejects all -characters that are not control ones. - -Cast the character to `unsigned char` before passing to the character -checking functions to avoid UB. - -Use strpbrk(3) for the illegal character test and return early. ---- - lib/fields.c | 24 ++++++++++-------------- - 1 file changed, 10 insertions(+), 14 deletions(-) - -diff --git a/lib/fields.c b/lib/fields.c -index fb51b582..53929248 100644 ---- a/lib/fields.c -+++ b/lib/fields.c -@@ -37,26 +37,22 @@ int valid_field (const char *field, const char *illegal) - - /* For each character of field, search if it appears in the list - * of illegal characters. */ -+ if (illegal && NULL != strpbrk (field, illegal)) { -+ return -1; -+ } -+ -+ /* Search if there are non-printable or control characters */ - for (cp = field; '\0' != *cp; cp++) { -- if (strchr (illegal, *cp) != NULL) { -+ unsigned char c = *cp; -+ if (!isprint (c)) { -+ err = 1; -+ } -+ if (iscntrl (c)) { - err = -1; - break; - } - } - -- if (0 == err) { -- /* Search if there are non-printable or control characters */ -- for (cp = field; '\0' != *cp; cp++) { -- if (!isprint (*cp)) { -- err = 1; -- } -- if (!iscntrl (*cp)) { -- err = -1; -- break; -- } -- } -- } -- - return err; - } - --- -2.34.1 - diff --git a/debian/patches/008_login_log_failure_in_FTMP b/debian/patches/008_login_log_failure_in_FTMP deleted file mode 100644 index 0946ca0..0000000 --- a/debian/patches/008_login_log_failure_in_FTMP +++ /dev/null @@ -1,51 +0,0 @@ -Goal: Log login failures to the btmp file - -Notes: - * I'm not sure login should add an entry in the FTMP file when PAM is used. - (but nothing in /etc/login.defs indicates that the failure is not logged) - ---- a/src/login.c -+++ b/src/login.c -@@ -827,6 +827,24 @@ - (void) puts (""); - (void) puts (_("Login incorrect")); - -+ if (getdef_str("FTMP_FILE") != NULL) { -+#ifdef USE_UTMPX -+ struct utmpx *failent = -+ prepare_utmpx (failent_user, -+ tty, -+ /* FIXME: or fromhost? */hostname, -+ utent); -+#else /* !USE_UTMPX */ -+ struct utmp *failent = -+ prepare_utmp (failent_user, -+ tty, -+ hostname, -+ utent); -+#endif /* !USE_UTMPX */ -+ failtmp (failent_user, failent); -+ free (failent); -+ } -+ - if (failcount >= retries) { - SYSLOG ((LOG_NOTICE, - "TOO MANY LOGIN TRIES (%u)%s FOR '%s'", ---- a/lib/getdef.c -+++ b/lib/getdef.c -@@ -38,7 +38,6 @@ - {"ENVIRON_FILE", NULL}, \ - {"ENV_TZ", NULL}, \ - {"FAILLOG_ENAB", NULL}, \ -- {"FTMP_FILE", NULL}, \ - {"HMAC_CRYPTO_ALGO", NULL}, \ - {"ISSUE_FILE", NULL}, \ - {"LASTLOG_ENAB", NULL}, \ -@@ -80,6 +79,7 @@ - {"ERASECHAR", NULL}, - {"FAIL_DELAY", NULL}, - {"FAKE_SHELL", NULL}, -+ {"FTMP_FILE", NULL}, - {"GID_MAX", NULL}, - {"GID_MIN", NULL}, - {"HOME_MODE", NULL}, diff --git a/debian/patches/401_cppw_src.dpatch b/debian/patches/401_cppw_src.dpatch deleted file mode 100644 index 5244702..0000000 --- a/debian/patches/401_cppw_src.dpatch +++ /dev/null @@ -1,276 +0,0 @@ -#! /bin/sh /usr/share/dpatch/dpatch-run -## 401_cppw_src.dpatch by Nicolas FRANCOIS -## -## All lines beginning with `## DP:' are a description of the patch. -## DP: Add cppw / cpgr - -@DPATCH@ ---- /dev/null -+++ b/src/cppw.c -@@ -0,0 +1,238 @@ -+/* -+ cppw, cpgr copy with locking given file over the password or group file -+ with -s will copy with locking given file over shadow or gshadow file -+ -+ Copyright (C) 1999 Stephen Frost -+ -+ Based on vipw, vigr by: -+ Copyright (C) 1997 Guy Maor -+ -+ This program is free software; you can redistribute it and/or modify -+ it under the terms of the GNU General Public License as published by -+ the Free Software Foundation; either version 2 of the License, or -+ (at your option) any later version. -+ -+ This program is distributed in the hope that it will be useful, but -+ WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ General Public License for more details. -+ -+ You should have received a copy of the GNU General Public License -+ along with this program; if not, write to the Free Software -+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -+ -+ */ -+ -+#include -+#include "defines.h" -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include "exitcodes.h" -+#include "prototypes.h" -+#include "pwio.h" -+#include "shadowio.h" -+#include "groupio.h" -+#include "sgroupio.h" -+ -+ -+const char *Prog; -+ -+const char *filename, *filenewname; -+static bool filelocked = false; -+static int (*unlock) (void); -+ -+/* local function prototypes */ -+static int create_copy (FILE *fp, const char *dest, struct stat *sb); -+static void cppwexit (const char *msg, int syserr, int ret); -+static void cppwcopy (const char *file, -+ const char *in_file, -+ int (*file_lock) (void), -+ int (*file_unlock) (void)); -+ -+static int create_copy (FILE *fp, const char *dest, struct stat *sb) -+{ -+ struct utimbuf ub; -+ FILE *bkfp; -+ int c; -+ mode_t mask; -+ -+ mask = umask (077); -+ bkfp = fopen (dest, "w"); -+ (void) umask (mask); -+ if (NULL == bkfp) { -+ return -1; -+ } -+ -+ rewind (fp); -+ while ((c = getc (fp)) != EOF) { -+ if (putc (c, bkfp) == EOF) { -+ break; -+ } -+ } -+ -+ if ( (c != EOF) -+ || (fflush (bkfp) != 0)) { -+ (void) fclose (bkfp); -+ (void) unlink (dest); -+ return -1; -+ } -+ if ( (fsync (fileno (bkfp)) != 0) -+ || (fclose (bkfp) != 0)) { -+ (void) unlink (dest); -+ return -1; -+ } -+ -+ ub.actime = sb->st_atime; -+ ub.modtime = sb->st_mtime; -+ if ( (utime (dest, &ub) != 0) -+ || (chmod (dest, sb->st_mode) != 0) -+ || (chown (dest, sb->st_uid, sb->st_gid) != 0)) { -+ (void) unlink (dest); -+ return -1; -+ } -+ return 0; -+} -+ -+static void cppwexit (const char *msg, int syserr, int ret) -+{ -+ int err = errno; -+ if (filelocked) { -+ (*unlock) (); -+ } -+ if (NULL != msg) { -+ fprintf (stderr, "%s: %s", Prog, msg); -+ if (0 != syserr) { -+ fprintf (stderr, ": %s", strerror (err)); -+ } -+ (void) fputs ("\n", stderr); -+ } -+ if (NULL != filename) { -+ fprintf (stderr, _("%s: %s is unchanged\n"), Prog, filename); -+ } else { -+ fprintf (stderr, _("%s: no changes\n"), Prog); -+ } -+ -+ exit (ret); -+} -+ -+static void cppwcopy (const char *file, -+ const char *in_file, -+ int (*file_lock) (void), -+ int (*file_unlock) (void)) -+{ -+ struct stat st1; -+ FILE *f; -+ char filenew[1024]; -+ -+ snprintf (filenew, sizeof filenew, "%s.new", file); -+ unlock = file_unlock; -+ filename = file; -+ filenewname = filenew; -+ -+ if (access (file, F_OK) != 0) { -+ cppwexit (file, 1, 1); -+ } -+ if (file_lock () == 0) { -+ cppwexit (_("Couldn't lock file"), 0, 5); -+ } -+ filelocked = true; -+ -+ /* file to copy has same owners, perm */ -+ if (stat (file, &st1) != 0) { -+ cppwexit (file, 1, 1); -+ } -+ f = fopen (in_file, "r"); -+ if (NULL == f) { -+ cppwexit (in_file, 1, 1); -+ } -+ if (create_copy (f, filenew, &st1) != 0) { -+ cppwexit (_("Couldn't make copy"), errno, 1); -+ } -+ -+ /* XXX - here we should check filenew for errors; if there are any, -+ * fail w/ an appropriate error code and let the user manually fix -+ * it. Use pwck or grpck to do the check. - Stephen (Shamelessly -+ * stolen from '--marekm's comment) */ -+ -+ if (rename (filenew, file) != 0) { -+ fprintf (stderr, _("%s: can't copy %s: %s)\n"), -+ Prog, filenew, strerror (errno)); -+ cppwexit (NULL,0,1); -+ } -+ -+ (*file_unlock) (); -+} -+ -+int main (int argc, char **argv) -+{ -+ int flag; -+ bool cpshadow = false; -+ char *in_file; -+ int e = E_USAGE; -+ bool do_cppw = true; -+ -+ (void) setlocale (LC_ALL, ""); -+ (void) bindtextdomain (PACKAGE, LOCALEDIR); -+ (void) textdomain (PACKAGE); -+ -+ Prog = Basename (argv[0]); -+ if (strcmp (Prog, "cpgr") == 0) { -+ do_cppw = false; -+ } -+ -+ while ((flag = getopt (argc, argv, "ghps")) != EOF) { -+ switch (flag) { -+ case 'p': -+ do_cppw = true; -+ break; -+ case 'g': -+ do_cppw = false; -+ break; -+ case 's': -+ cpshadow = true; -+ break; -+ case 'h': -+ e = E_SUCCESS; -+ /*pass through*/ -+ default: -+ (void) fputs (_("Usage:\n\ -+`cppw ' copys over /etc/passwd `cppw -s ' copys over /etc/shadow\n\ -+`cpgr ' copys over /etc/group `cpgr -s ' copys over /etc/gshadow\n\ -+"), (E_SUCCESS != e) ? stderr : stdout); -+ exit (e); -+ } -+ } -+ -+ if (argc != optind + 1) { -+ cppwexit (_("wrong number of arguments, -h for usage"),0,1); -+ } -+ -+ in_file = argv[optind]; -+ -+ if (do_cppw) { -+ if (cpshadow) { -+ cppwcopy (SHADOW_FILE, in_file, spw_lock, spw_unlock); -+ } else { -+ cppwcopy (PASSWD_FILE, in_file, pw_lock, pw_unlock); -+ } -+ } else { -+#ifdef SHADOWGRP -+ if (cpshadow) { -+ cppwcopy (SGROUP_FILE, in_file, sgr_lock, sgr_unlock); -+ } else -+#endif /* SHADOWGRP */ -+ { -+ cppwcopy (GROUP_FILE, in_file, gr_lock, gr_unlock); -+ } -+ } -+ -+ return 0; -+} -+ ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -34,6 +34,7 @@ - bin_PROGRAMS += su - endif - usbin_PROGRAMS = \ -+ cppw \ - chgpasswd \ - chpasswd \ - groupadd \ -@@ -102,6 +103,7 @@ - chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) - chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF) - chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) -+cppw_LDADD = $(LDADD) $(LIBSELINUX) $(LIBAUDIT) - expiry_LDADD = $(LDADD) $(LIBECONF) - gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) - groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) -ldl ---- a/po/POTFILES.in -+++ b/po/POTFILES.in -@@ -91,6 +91,7 @@ - src/chgpasswd.c - src/chpasswd.c - src/chsh.c -+src/cppw.c - src/expiry.c - src/faillog.c - src/gpasswd.c diff --git a/debian/patches/402_cppw_selinux b/debian/patches/402_cppw_selinux deleted file mode 100644 index 5f2da1b..0000000 --- a/debian/patches/402_cppw_selinux +++ /dev/null @@ -1,64 +0,0 @@ -Goal: Add selinux support to cppw - -Fix: - -Status wrt upstream: cppw is not available upstream. - The patch was made based on the - 302_vim_selinux_support patch. It needs to be - reviewed by an SE-Linux aware person. - -Depends on 401_cppw_src.dpatch - -Index: git/src/cppw.c -=================================================================== ---- git.orig/src/cppw.c -+++ git/src/cppw.c -@@ -34,6 +34,9 @@ - #include - #include - #include -+#ifdef WITH_SELINUX -+#include -+#endif /* WITH_SELINUX */ - #include "exitcodes.h" - #include "prototypes.h" - #include "pwio.h" -@@ -139,6 +142,22 @@ - if (access (file, F_OK) != 0) { - cppwexit (file, 1, 1); - } -+#ifdef WITH_SELINUX -+ /* if SE Linux is enabled then set the context of all new files -+ * to be the context of the file we are editing */ -+ if (is_selinux_enabled () > 0) { -+ security_context_t passwd_context=NULL; -+ int ret = 0; -+ if (getfilecon (file, &passwd_context) < 0) { -+ cppwexit (_("Couldn't get file context"), errno, 1); -+ } -+ ret = setfscreatecon (passwd_context); -+ freecon (passwd_context); -+ if (0 != ret) { -+ cppwexit (_("setfscreatecon () failed"), errno, 1); -+ } -+ } -+#endif /* WITH_SELINUX */ - if (file_lock () == 0) { - cppwexit (_("Couldn't lock file"), 0, 5); - } -@@ -167,6 +186,15 @@ - cppwexit (NULL,0,1); - } - -+#ifdef WITH_SELINUX -+ /* unset the fscreatecon */ -+ if (is_selinux_enabled () > 0) { -+ if (setfscreatecon (NULL)) { -+ cppwexit (_("setfscreatecon() failed"), errno, 1); -+ } -+ } -+#endif /* WITH_SELINUX */ -+ - (*file_unlock) (); - } - diff --git a/debian/patches/429_login_FAILLOG_ENAB b/debian/patches/429_login_FAILLOG_ENAB deleted file mode 100644 index d8e6034..0000000 --- a/debian/patches/429_login_FAILLOG_ENAB +++ /dev/null @@ -1,84 +0,0 @@ -Goal: Re-enable logging and displaying failures on login when login is - compiled with PAM and when FAILLOG_ENAB is set to yes. And create the - faillog file if it does not exist on postinst (as on Woody). -Depends: 008_login_more_LOG_UNKFAIL_ENAB -Fixes: #192849 - -Note: It could be removed if pam_tally could report the number of failures - preceding a successful login. - ---- a/src/login.c -+++ b/src/login.c -@@ -114,9 +114,9 @@ - #endif - ); - --#ifndef USE_PAM - static struct faillog faillog; - -+#ifndef USE_PAM - static void bad_time_notify (void); - static void check_nologin (bool login_to_root); - #else -@@ -787,6 +787,9 @@ - SYSLOG ((LOG_NOTICE, - "TOO MANY LOGIN TRIES (%u)%s FOR '%s'", - failcount, fromhost, failent_user)); -+ if ((NULL != pwd) && getdef_bool("FAILLOG_ENAB")) { -+ failure (pwd->pw_uid, tty, &faillog); -+ } - fprintf (stderr, - _("Maximum number of tries exceeded (%u)\n"), - failcount); -@@ -804,6 +807,14 @@ - pam_strerror (pamh, retcode))); - failed = true; - } -+ if ( (NULL != pwd) -+ && getdef_bool("FAILLOG_ENAB") -+ && ! failcheck (pwd->pw_uid, &faillog, failed)) { -+ SYSLOG((LOG_CRIT, -+ "exceeded failure limit for `%s' %s", -+ failent_user, fromhost)); -+ failed = 1; -+ } - - if (!failed) { - break; -@@ -827,6 +838,10 @@ - (void) puts (""); - (void) puts (_("Login incorrect")); - -+ if ((NULL != pwd) && getdef_bool("FAILLOG_ENAB")) { -+ failure (pwd->pw_uid, tty, &faillog); -+ } -+ - if (getdef_str("FTMP_FILE") != NULL) { - #ifdef USE_UTMPX - struct utmpx *failent = -@@ -1295,6 +1310,7 @@ - */ - #ifndef USE_PAM - motd (); /* print the message of the day */ -+#endif - if ( getdef_bool ("FAILLOG_ENAB") - && (0 != faillog.fail_cnt)) { - failprint (&faillog); -@@ -1307,6 +1323,7 @@ - username, (int) faillog.fail_cnt)); - } - } -+#ifndef USE_PAM - if ( getdef_bool ("LASTLOG_ENAB") - && pwd->pw_uid <= (uid_t) getdef_ulong ("LASTLOG_UID_MAX", 0xFFFFFFFFUL) - && (ll.ll_time != 0)) { ---- a/lib/getdef.c -+++ b/lib/getdef.c -@@ -78,6 +78,7 @@ - {"ENV_SUPATH", NULL}, - {"ERASECHAR", NULL}, - {"FAIL_DELAY", NULL}, -+ {"FAILLOG_ENAB", NULL}, - {"FAKE_SHELL", NULL}, - {"FTMP_FILE", NULL}, - {"GID_MAX", NULL}, diff --git a/debian/patches/463_login_delay_obeys_to_PAM b/debian/patches/463_login_delay_obeys_to_PAM deleted file mode 100644 index ab32c2a..0000000 --- a/debian/patches/463_login_delay_obeys_to_PAM +++ /dev/null @@ -1,97 +0,0 @@ -Goal: Do not hardcode pam_fail_delay and let pam_unix do its - job to set a delay...or not - -Fixes: #87648 - -Status wrt upstream: Forwarded but not applied yet - -Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs - ---- a/src/login.c -+++ b/src/login.c -@@ -512,7 +512,6 @@ - #if !defined(USE_PAM) - char ptime[80]; - #endif -- unsigned int delay; - unsigned int retries; - bool subroot = false; - #ifndef USE_PAM -@@ -537,6 +536,7 @@ - pid_t child; - char *pam_user = NULL; - #else -+ unsigned int delay; - struct spwd *spwd = NULL; - #endif - /* -@@ -701,7 +701,6 @@ - } - - environ = newenvp; /* make new environment active */ -- delay = getdef_unum ("FAIL_DELAY", 1); - retries = getdef_unum ("LOGIN_RETRIES", RETRIES); - - #ifdef USE_PAM -@@ -717,8 +716,7 @@ - - /* - * hostname & tty are either set to NULL or their correct values, -- * depending on how much we know. We also set PAM's fail delay to -- * ours. -+ * depending on how much we know. - * - * PAM_RHOST and PAM_TTY are used for authentication, only use - * information coming from login or from the caller (e.g. no utmp) -@@ -727,10 +725,6 @@ - PAM_FAIL_CHECK; - retcode = pam_set_item (pamh, PAM_TTY, tty); - PAM_FAIL_CHECK; --#ifdef HAS_PAM_FAIL_DELAY -- retcode = pam_fail_delay (pamh, 1000000 * delay); -- PAM_FAIL_CHECK; --#endif - /* if fflg, then the user has already been authenticated */ - if (!fflg) { - unsigned int failcount = 0; -@@ -771,12 +765,6 @@ - bool failed = false; - - failcount++; --#ifdef HAS_PAM_FAIL_DELAY -- if (delay > 0) { -- retcode = pam_fail_delay(pamh, 1000000*delay); -- PAM_FAIL_CHECK; -- } --#endif - - retcode = pam_authenticate (pamh, 0); - -@@ -1110,14 +1098,17 @@ - free (username); - username = NULL; - -+#ifndef USE_PAM - /* - * Wait a while (a la SVR4 /usr/bin/login) before attempting - * to login the user again. If the earlier alarm occurs - * before the sleep() below completes, login will exit. - */ -+ delay = getdef_unum ("FAIL_DELAY", 1); - if (delay > 0) { - (void) sleep (delay); - } -+#endif - - (void) puts (_("Login incorrect")); - ---- a/lib/getdef.c -+++ b/lib/getdef.c -@@ -77,7 +77,6 @@ - {"ENV_PATH", NULL}, - {"ENV_SUPATH", NULL}, - {"ERASECHAR", NULL}, -- {"FAIL_DELAY", NULL}, - {"FAILLOG_ENAB", NULL}, - {"FAKE_SHELL", NULL}, - {"FTMP_FILE", NULL}, diff --git a/debian/patches/501_commonio_group_shadow b/debian/patches/501_commonio_group_shadow deleted file mode 100644 index cfdf10c..0000000 --- a/debian/patches/501_commonio_group_shadow +++ /dev/null @@ -1,60 +0,0 @@ -Goal: save the [g]shadow files with the 'shadow' group and mode 0440 - -Fixes: #166793 - ---- a/lib/commonio.c -+++ b/lib/commonio.c -@@ -21,6 +21,7 @@ - #include - #include - #include -+#include - #include "nscd.h" - #include "sssd.h" - #ifdef WITH_TCB -@@ -970,12 +971,23 @@ - goto fail; - } - } else { -+ struct group *grp; - /* - * Default permissions for new [g]shadow files. - */ - sb.st_mode = db->st_mode; - sb.st_uid = db->st_uid; - sb.st_gid = db->st_gid; -+ -+ /* -+ * Try to retrieve the shadow's GID, and fall back to GID 0. -+ */ -+ if (sb.st_gid == 0) { -+ if ((grp = getgrnam("shadow")) != NULL) -+ sb.st_gid = grp->gr_gid; -+ else -+ sb.st_gid = 0; -+ } - } - - snprintf (buf, sizeof buf, "%s+", db->filename); ---- a/lib/sgroupio.c -+++ b/lib/sgroupio.c -@@ -206,7 +206,7 @@ - #ifdef WITH_SELINUX - NULL, /* scontext */ - #endif -- 0400, /* st_mode */ -+ 0440, /* st_mode */ - 0, /* st_uid */ - 0, /* st_gid */ - NULL, /* head */ ---- a/lib/shadowio.c -+++ b/lib/shadowio.c -@@ -84,7 +84,7 @@ - #ifdef WITH_SELINUX - NULL, /* scontext */ - #endif /* WITH_SELINUX */ -- 0400, /* st_mode */ -+ 0440, /* st_mode */ - 0, /* st_uid */ - 0, /* st_gid */ - NULL, /* head */ diff --git a/debian/patches/502_debian_useradd_defaults b/debian/patches/502_debian_useradd_defaults deleted file mode 100644 index 6317ed6..0000000 --- a/debian/patches/502_debian_useradd_defaults +++ /dev/null @@ -1,41 +0,0 @@ -From: Balint Reczey -Description: Keep using Debian's adduser defaults - Upstream's bbf4b79bc49fd1826eb41f6629669ef0b647267b commit - in 4.9 merged those values from upstream's default configuration file - which is not shipped in Debian. - This patch keeps the program's compiled in defaults in sync with the - configuration files shipped in Debian (debian/default/useradd). -Bug: https://github.com/shadow-maint/shadow/issues/501 -Bug-Debian: https://bugs.debian.org/1004710 -Forwarded: not-needed - ---- a/src/useradd.c -+++ b/src/useradd.c -@@ -79,12 +79,12 @@ - /* - * These defaults are used if there is no defaults file. - */ --static gid_t def_group = 1000; -+static gid_t def_group = 100; - static const char *def_gname = "other"; - static const char *def_home = "/home"; - static const char *def_shell = "/bin/bash"; - static const char *def_template = SKEL_DIR; --static const char *def_create_mail_spool = "yes"; -+static const char *def_create_mail_spool = "no"; - static const char *def_log_init = "yes"; - - static long def_inactive = -1; -diff --git a/man/useradd.8.xml b/man/useradd.8.xml -index af02a23f..c7f95b47 100644 ---- a/man/useradd.8.xml -+++ b/man/useradd.8.xml -@@ -248,7 +248,7 @@ - command line), useradd will set the primary group of the new - user to the value specified by the - variable in /etc/default/useradd, or -- 1000 by default. -+ 100 by default. - - - diff --git a/debian/patches/503_shadowconfig.8 b/debian/patches/503_shadowconfig.8 deleted file mode 100644 index 0f0d339..0000000 --- a/debian/patches/503_shadowconfig.8 +++ /dev/null @@ -1,201 +0,0 @@ -Goal: Document the shadowconfig utility - -Status wrt upstream: The shadowconfig utility is debian specific. - Its man page also (but it used to be distributed) - -Index: git/man/shadowconfig.8 -=================================================================== ---- /dev/null -+++ git/man/shadowconfig.8 -@@ -0,0 +1,41 @@ -+.\"Generated by db2man.xsl. Don't modify this, modify the source. -+.de Sh \" Subsection -+.br -+.if t .Sp -+.ne 5 -+.PP -+\fB\\$1\fR -+.PP -+.. -+.de Sp \" Vertical space (when we can't use .PP) -+.if t .sp .5v -+.if n .sp -+.. -+.de Ip \" List item -+.br -+.ie \\n(.$>=3 .ne \\$3 -+.el .ne 3 -+.IP "\\$1" \\$2 -+.. -+.TH "SHADOWCONFIG" 8 "19 Apr 1997" "" "" -+.SH NAME -+shadowconfig \- toggle shadow passwords on and off -+.SH "SYNOPSIS" -+.ad l -+.hy 0 -+.HP 13 -+\fBshadowconfig\fR \fB\fIon\fR\fR | \fB\fIoff\fR\fR -+.ad -+.hy -+ -+.SH "DESCRIPTION" -+ -+.PP -+\fBshadowconfig\fR on will turn shadow passwords on; \fIshadowconfig off\fR will turn shadow passwords off\&. \fBshadowconfig\fR will print an error message and exit with a nonzero code if it finds anything awry\&. If that happens, you should correct the error and run it again\&. Turning shadow passwords on when they are already on, or off when they are already off, is harmless\&. -+ -+.PP -+Read \fI/usr/share/doc/passwd/README\&.Debian\fR for a brief introduction to shadow passwords and related features\&. -+ -+.PP -+Note that turning shadow passwords off and on again will lose all password aging information\&. -+ -Index: git/man/shadowconfig.8.xml -=================================================================== ---- /dev/null -+++ git/man/shadowconfig.8.xml -@@ -0,0 +1,52 @@ -+ -+ -+ -+ -+ -+ 19 Apr 1997 -+ -+ -+ shadowconfig -+ 8 -+ 19 Apr 1997 -+ Debian GNU/Linux -+ -+ -+ shadowconfig -+ toggle shadow passwords on and off -+ -+ -+ -+ -+ shadowconfig -+ -+ on -+ off -+ -+ -+ -+ -+ -+ DESCRIPTION -+ shadowconfig on will turn shadow passwords on; -+ shadowconfig off will turn shadow -+ passwords off. shadowconfig will print an error -+ message and exit with a nonzero code if it finds anything awry. If -+ that happens, you should correct the error and run it again. Turning -+ shadow passwords on when they are already on, or off when they are -+ already off, is harmless. -+ -+ -+ -+ Read /usr/share/doc/passwd/README.Debian for a -+ brief introduction -+ to shadow passwords and related features. -+ -+ -+ Note that turning shadow passwords off and on again will lose all -+ password -+ aging information. -+ -+ -+ -Index: git/man/fr/shadowconfig.8 -=================================================================== ---- /dev/null -+++ git/man/fr/shadowconfig.8 -@@ -0,0 +1,26 @@ -+.\" This file was generated with po4a. Translate the source file. -+.\" -+.\"$Id: shadowconfig.8,v 1.4 2001/08/23 23:10:48 kloczek Exp $ -+.TH SHADOWCONFIG 8 "19 avril 1997" "Debian GNU/Linux" -+.SH NOM -+shadowconfig \- active ou désactive les mots de passe cachés -+.SH SYNOPSIS -+\fBshadowconfig\fP \fIon\fP | \fIoff\fP -+.SH DESCRIPTION -+.PP -+\fBshadowconfig on\fP active les mots de passe cachés («\ shadow passwords\ »)\ ; \fBshadowconfig off\fP les désactive. \fBShadowconfig\fP affiche un message -+d'erreur et quitte avec une valeur de retour non nulle s'il rencontre -+quelque chose d'inattendu. Dans ce cas, vous devrez corriger l'erreur avant -+de recommencer. -+ -+Activer les mots de passe cachés lorsqu'ils sont déjà activés, ou les -+désactiver lorsqu'ils ne sont pas actifs est sans effet. -+ -+Lisez \fI/usr/share/doc/passwd/README.Debian\fP pour une brève introduction aux -+mots de passe cachés et à leurs fonctionnalités. -+ -+Notez que désactiver puis réactiver les mots de passe cachés aura pour -+conséquence la perte des informations d'âge sur les mots de passe. -+.SH TRADUCTION -+Nicolas FRANÇOIS, 2004. -+Veuillez signaler toute erreur à <\fIdebian\-l10\-french@lists.debian.org\fR>. -Index: git/man/ja/shadowconfig.8 -=================================================================== ---- /dev/null -+++ git/man/ja/shadowconfig.8 -@@ -0,0 +1,25 @@ -+.\" all right reserved, -+.\" Translated Tue Oct 30 11:59:11 JST 2001 -+.\" by Maki KURODA -+.\" -+.TH SHADOWCONFIG 8 "19 Apr 1997" "Debian GNU/Linux" -+.SH 名前 -+shadowconfig \- shadow パスワードの設定をオン及びオフに切替える -+.SH 書式 -+.B "shadowconfig" -+.IR on " | " off -+.SH 説明 -+.PP -+.B shadowconfig on -+は shadow パスワードを有効にする。 -+.B shadowconfig off -+は shadow パスワードを無効にする。 -+.B shadowconfig -+は何らかの間違いがあると、エラーメッセージを表示し、 -+ゼロではない返り値を返す。 -+もしそのようなことが起こった場合、エラーを修正し、再度実行しなければならない。 -+shadow パスワードの設定がすでにオンの場合にオンに設定したり、 -+すでにオフの場合にオフに設定しても、何の影響もない。 -+ -+.I /usr/share/doc/passwd/README.debian.gz -+には shadow パスワードとそれに関する特徴の簡単な紹介が書かれている。 -Index: git/man/pl/shadowconfig.8 -=================================================================== ---- /dev/null -+++ git/man/pl/shadowconfig.8 -@@ -0,0 +1,27 @@ -+.\" $Id: shadowconfig.8,v 1.3 2001/08/23 23:10:51 kloczek Exp $ -+.\" {PTM/WK/1999-09-14} -+.TH SHADOWCONFIG 8 "19 kwietnia 1997" "Debian GNU/Linux" -+.SH NAZWA -+shadowconfig - przełącza ochronę haseł i grup przez pliki shadow -+.SH SKŁADNIA -+.B "shadowconfig" -+.IR on " | " off -+.SH OPIS -+.PP -+.B shadowconfig on -+włącza ochronę haseł i grup przez dodatkowe, przesłaniane pliki (shadow); -+.B shadowconfig off -+wyłącza dodatkowe pliki haseł i grup. -+.B shadowconfig -+wyświetla komunikat o błędzie i kończy pracę z niezerowym kodem jeśli -+znajdzie coś nieprawidłowego. W takim wypadku powinieneś poprawić błąd -+.\" if it finds anything awry. -+i uruchomić program ponownie. -+ -+Włączenie ochrony haseł, gdy jest ona już włączona lub jej wyłączenie, -+gdy jest wyłączona jest nieszkodliwe. -+ -+Przeczytaj -+.IR /usr/share/doc/passwd/README.debian.gz , -+gdzie znajdziesz krótkie wprowadzenie do ochrony haseł z użyciem dodatkowych -+plików haseł przesłanianych (shadow passwords) i związanych tematów. diff --git a/debian/patches/505_useradd_recommend_adduser b/debian/patches/505_useradd_recommend_adduser deleted file mode 100644 index 9fb3fe3..0000000 --- a/debian/patches/505_useradd_recommend_adduser +++ /dev/null @@ -1,36 +0,0 @@ -Goal: Recommend using adduser and deluser. - -Fixes: #406046 - -Status wrt upstream: Debian specific patch. - ---- a/man/useradd.8.xml -+++ b/man/useradd.8.xml -@@ -83,6 +83,12 @@ - - DESCRIPTION - -+ useradd is a low level utility for adding -+ users. On Debian, administrators should usually use -+ adduser -+ 8 instead. -+ -+ - When invoked without the option, the - useradd command creates a new user account using - the values specified on the command line plus the default values from ---- a/man/userdel.8.xml -+++ b/man/userdel.8.xml -@@ -59,6 +59,12 @@ - - DESCRIPTION - -+ userdel is a low level utility for removing -+ users. On Debian, administrators should usually use -+ deluser -+ 8 instead. -+ -+ - The userdel command modifies the system account - files, deleting all entries that refer to the user name LOGIN. The named user must exist. diff --git a/debian/patches/506_relaxed_usernames b/debian/patches/506_relaxed_usernames deleted file mode 100644 index 0e066d9..0000000 --- a/debian/patches/506_relaxed_usernames +++ /dev/null @@ -1,111 +0,0 @@ -Goal: Relaxed usernames/groupnames checking patch. - -Status wrt upstream: Debian specific. Not to be used upstream - -Details: - Allows any non-empty user/grounames that don't contain ':', ',' or '\n' - characters and don't start with '-', '+', or '~'. This patch is more - restrictive than original Karl's version. closes: #264879 - Also closes: #377844 - - Comments from Karl Ramm (shadow 1:4.0.3-9, 20 Aug 2003 02:06:50 -0400): - - I can't come up with a good justification as to why characters other - than ':'s and '\0's should be disallowed in group and usernames (other - than '-' as the leading character). Thus, the maintenance tools don't - anymore. closes: #79682, #166798, #171179 - ---- a/libmisc/chkname.c -+++ b/libmisc/chkname.c -@@ -32,44 +32,26 @@ - } - - /* -- * User/group names must match gnu e-regex: -- * [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]? -- * -- * as a non-POSIX, extension, allow "$" as the last char for -- * sake of Samba 3.x "add machine script" -- * -- * Also do not allow fully numeric names or just "." or "..". -- */ -- int numeric; -- -- if ('\0' == *name || -- ('.' == *name && (('.' == name[1] && '\0' == name[2]) || -- '\0' == name[1])) || -- !((*name >= 'a' && *name <= 'z') || -- (*name >= 'A' && *name <= 'Z') || -- (*name >= '0' && *name <= '9') || -- *name == '_' || -- *name == '.')) { -+ * POSIX indicate that usernames are composed of characters from the -+ * portable filename character set [A-Za-z0-9._-], and that the hyphen -+ * should not be used as the first character of a portable user name. -+ * -+ * Allow more relaxed user/group names in Debian -- ^[^-~+:,\s][^:,\s]*$ -+ */ -+ if ( ('\0' == *name) -+ || ('-' == *name) -+ || ('~' == *name) -+ || ('+' == *name)) { - return false; - } -- -- numeric = isdigit(*name); -- -- while ('\0' != *++name) { -- if (!((*name >= 'a' && *name <= 'z') || -- (*name >= 'A' && *name <= 'Z') || -- (*name >= '0' && *name <= '9') || -- *name == '_' || -- *name == '.' || -- *name == '-' || -- (*name == '$' && name[1] == '\0') -- )) { -+ do { -+ if ((':' == *name) || (',' == *name) || isspace(*name)) { - return false; - } -- numeric &= isdigit(*name); -- } -+ name++; -+ } while ('\0' != *name); - -- return !numeric; -+ return true; - } - - bool is_valid_user_name (const char *name) ---- a/man/useradd.8.xml -+++ b/man/useradd.8.xml -@@ -708,6 +708,14 @@ - the ls output. - - -+ On Debian, the only constraints are that usernames must neither start -+ with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a -+ colon (':'), a comma (','), or a whitespace (space: ' ', -+ end of line: '\n', tabulation: '\t', etc.). Note that using a slash -+ ('/') may break the default algorithm for the definition of the -+ user's home directory. -+ -+ - Usernames may only be up to 32 characters long. - - ---- a/man/groupadd.8.xml -+++ b/man/groupadd.8.xml -@@ -72,6 +72,12 @@ - also disallowed. - - -+ On Debian, the only constraints are that groupnames must neither start -+ with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a -+ colon (':'), a comma (','), or a whitespace (space:' ', -+ end of line: '\n', tabulation: '\t', etc.). -+ -+ - Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long. - - diff --git a/debian/patches/542_useradd-O_option b/debian/patches/542_useradd-O_option deleted file mode 100644 index 3745826..0000000 --- a/debian/patches/542_useradd-O_option +++ /dev/null @@ -1,40 +0,0 @@ -Goal: accepts the -O flag for backward compatibility. (was used by adduser?) - -Note: useradd.8 needs to be regenerated. - -Status wrt upstream: not included as this is just specific - backward compatibility for Debian - ---- a/man/useradd.8.xml -+++ b/man/useradd.8.xml -@@ -326,6 +326,11 @@ - =100   - UID_MAX=499 - -+ -+ For the compatibility with previous Debian's -+ useradd, the option is -+ also supported. -+ - ++ ++ 19 Apr 1997 ++ ++ ++ shadowconfig ++ 8 ++ 19 Apr 1997 ++ Debian GNU/Linux ++ ++ ++ shadowconfig ++ toggle shadow passwords on and off ++ ++ ++ ++ ++ shadowconfig ++ ++ on ++ off ++ ++ ++ ++ ++ ++ DESCRIPTION ++ shadowconfig on will turn shadow passwords on; ++ shadowconfig off will turn shadow ++ passwords off. shadowconfig will print an error ++ message and exit with a nonzero code if it finds anything awry. If ++ that happens, you should correct the error and run it again. Turning ++ shadow passwords on when they are already on, or off when they are ++ already off, is harmless. ++ ++ ++ ++ Read /usr/share/doc/passwd/README.Debian for a ++ brief introduction ++ to shadow passwords and related features. ++ ++ ++ Note that turning shadow passwords off and on again will lose all ++ password ++ aging information. ++ ++ ++ diff --git a/debian/patches/Keep-using-Debian-adduser-defaults.patch b/debian/patches/Keep-using-Debian-adduser-defaults.patch new file mode 100644 index 0000000..51dfb88 --- /dev/null +++ b/debian/patches/Keep-using-Debian-adduser-defaults.patch @@ -0,0 +1,54 @@ +From: Balint Reczey +Date: Sat, 22 Jun 2024 17:39:41 +0200 +Subject: Keep using Debian's adduser defaults + +Bug: https://github.com/shadow-maint/shadow/issues/501 +Bug-Debian: https://bugs.debian.org/1004710 +Forwarded: not-needed + +Upstream's bbf4b79bc49fd1826eb41f6629669ef0b647267b commit +in 4.9 merged those values from upstream's default configuration file +which is not shipped in Debian. +This patch keeps the program's compiled in defaults in sync with the +configuration files shipped in Debian (debian/default/useradd). + +Gbp-Topic: debian +--- + man/useradd.8.xml | 2 +- + src/useradd.c | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/man/useradd.8.xml b/man/useradd.8.xml +index 001e7d1..4888100 100644 +--- a/man/useradd.8.xml ++++ b/man/useradd.8.xml +@@ -248,7 +248,7 @@ + command line), useradd will set the primary group of the new + user to the value specified by the + variable in /etc/default/useradd, or +- 1000 by default. ++ 100 by default. + + + +diff --git a/src/useradd.c b/src/useradd.c +index 347334a..ac43edd 100644 +--- a/src/useradd.c ++++ b/src/useradd.c +@@ -91,14 +91,14 @@ static const char Prog[] = "useradd"; + /* + * These defaults are used if there is no defaults file. + */ +-static gid_t def_group = 1000; ++static gid_t def_group = 100; + static const char *def_groups = ""; + static const char *def_gname = "other"; + static const char *def_home = "/home"; + static const char *def_shell = "/bin/bash"; + static const char *def_template = SKEL_DIR; + static const char *def_usrtemplate = USRSKELDIR; +-static const char *def_create_mail_spool = "yes"; ++static const char *def_create_mail_spool = "no"; + static const char *def_log_init = "yes"; + + static long def_inactive = -1; diff --git a/debian/patches/Let-pam_unix-handle-login-failure-delays.patch b/debian/patches/Let-pam_unix-handle-login-failure-delays.patch new file mode 100644 index 0000000..66f5063 --- /dev/null +++ b/debian/patches/Let-pam_unix-handle-login-failure-delays.patch @@ -0,0 +1,108 @@ +From: Shadow package maintainers +Date: Sat, 22 Jun 2024 17:39:41 +0200 +Subject: Let pam_unix handle login failure delays + +Fixes: #87648 + +Status wrt upstream: Forwarded but not applied yet + +Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs + +Gbp-Topic: debian +--- + lib/getdef.c | 1 - + src/login.c | 19 +++++-------------- + 2 files changed, 5 insertions(+), 15 deletions(-) + +diff --git a/lib/getdef.c b/lib/getdef.c +index 30f54ba..21307bb 100644 +--- a/lib/getdef.c ++++ b/lib/getdef.c +@@ -84,7 +84,6 @@ static struct itemdef def_table[] = { + {"ENV_PATH", NULL}, + {"ENV_SUPATH", NULL}, + {"ERASECHAR", NULL}, +- {"FAIL_DELAY", NULL}, + {"FAKE_SHELL", NULL}, + {"GID_MAX", NULL}, + {"GID_MIN", NULL}, +diff --git a/src/login.c b/src/login.c +index 9fed7b3..a5512d1 100644 +--- a/src/login.c ++++ b/src/login.c +@@ -490,7 +490,6 @@ int main (int argc, char **argv) + const char *tmptty; + const char *cp; + const char *tmp; +- unsigned int delay; + unsigned int retries; + unsigned int timeout; + struct passwd *pwd = NULL; +@@ -500,6 +499,7 @@ int main (int argc, char **argv) + char *pam_user = NULL; + pid_t child; + #else ++ unsigned int delay; + bool is_console; + struct spwd *spwd = NULL; + # if defined(ENABLE_LASTLOG) +@@ -669,7 +669,6 @@ int main (int argc, char **argv) + } + + environ = newenvp; /* make new environment active */ +- delay = getdef_unum ("FAIL_DELAY", 1); + retries = getdef_unum ("LOGIN_RETRIES", RETRIES); + + #ifdef USE_PAM +@@ -685,8 +684,7 @@ int main (int argc, char **argv) + + /* + * hostname & tty are either set to NULL or their correct values, +- * depending on how much we know. We also set PAM's fail delay to +- * ours. ++ * depending on how much we know. + * + * PAM_RHOST and PAM_TTY are used for authentication, only use + * information coming from login or from the caller (e.g. no utmp) +@@ -695,10 +693,6 @@ int main (int argc, char **argv) + PAM_FAIL_CHECK; + retcode = pam_set_item (pamh, PAM_TTY, tty); + PAM_FAIL_CHECK; +-#ifdef HAS_PAM_FAIL_DELAY +- retcode = pam_fail_delay (pamh, 1000000 * delay); +- PAM_FAIL_CHECK; +-#endif + /* if fflg, then the user has already been authenticated */ + if (!fflg) { + char hostn[256]; +@@ -736,12 +730,6 @@ int main (int argc, char **argv) + bool failed = false; + + failcount++; +-#ifdef HAS_PAM_FAIL_DELAY +- if (delay > 0) { +- retcode = pam_fail_delay(pamh, 1000000*delay); +- PAM_FAIL_CHECK; +- } +-#endif + + retcode = pam_authenticate (pamh, 0); + +@@ -1032,14 +1020,17 @@ int main (int argc, char **argv) + free (username); + username = NULL; + ++#ifndef USE_PAM + /* + * Wait a while (a la SVR4 /usr/bin/login) before attempting + * to login the user again. If the earlier alarm occurs + * before the sleep() below completes, login will exit. + */ ++ delay = getdef_unum ("FAIL_DELAY", 1); + if (delay > 0) { + (void) sleep (delay); + } ++#endif + + (void) puts (_("Login incorrect")); + diff --git a/debian/patches/README.patches b/debian/patches/README.patches deleted file mode 100644 index a804fe3..0000000 --- a/debian/patches/README.patches +++ /dev/null @@ -1,22 +0,0 @@ -Small intro to the system for numbering the patches here... - --The 00xx-... patches are forwarded to upstream's git repository - --The 0xx_... series of patches are patches isolated from the latest - version of the shadow Debian package not using quilt in order to - separate upstream from Debian-specific stuff. - - NO MORE PATCHES SHOULD BE ADDED IN THESE SERIES - --The 4xx series are patches which have been applied to Debian's shadow - and have NOT been accepted and/or applied upstream. These patches MUST be kept - even after resynced with upstream - --The 5xx series are patches which are applied to Debian's shadow - and will never be proposed upstream because they're too specific - This list SHOULD BE AS SHORT AS POSSIBLE - -In short, while we are working towards synchronisation with upstream, -our goal is to make 0xx patches disappear by moving them either to 3xx -series (things already implemented upstream) or to 4xx series -(Debian-specific patches). diff --git a/debian/patches/Recommend-using-adduser-and-deluser.patch b/debian/patches/Recommend-using-adduser-and-deluser.patch new file mode 100644 index 0000000..79019a4 --- /dev/null +++ b/debian/patches/Recommend-using-adduser-and-deluser.patch @@ -0,0 +1,48 @@ +From: Shadow package maintainers +Date: Sat, 22 Jun 2024 17:39:41 +0200 +Subject: Recommend using adduser and deluser + +Fixes: #406046 + +Status wrt upstream: Debian specific patch. + +Gbp-Topic: debian +--- + man/useradd.8.xml | 6 ++++++ + man/userdel.8.xml | 6 ++++++ + 2 files changed, 12 insertions(+) + +diff --git a/man/useradd.8.xml b/man/useradd.8.xml +index 4888100..17987a6 100644 +--- a/man/useradd.8.xml ++++ b/man/useradd.8.xml +@@ -82,6 +82,12 @@ + + + DESCRIPTION ++ ++ useradd is a low level utility for adding ++ users. On Debian, administrators should usually use ++ adduser ++ 8 instead. ++ + + When invoked without the option, the + useradd command creates a new user account using +diff --git a/man/userdel.8.xml b/man/userdel.8.xml +index 5bd2981..384cc86 100644 +--- a/man/userdel.8.xml ++++ b/man/userdel.8.xml +@@ -58,6 +58,12 @@ + + + DESCRIPTION ++ ++ userdel is a low level utility for removing ++ users. On Debian, administrators should usually use ++ deluser ++ 8 instead. ++ + + The userdel command modifies the system account + files, deleting all entries that refer to the user name +Date: Sat, 22 Jun 2024 17:39:41 +0200 +Subject: Relax usernames/groupnames checking + +Allows any non-empty user/grounames that don't contain ':', ',' or '\n' +characters and don't start with '-', '+', or '~'. This patch is more +restrictive than original Karl's version. closes: #264879 +Also closes: #377844 + +Comments from Karl Ramm (shadow 1:4.0.3-9, 20 Aug 2003 02:06:50 -0400): + +I can't come up with a good justification as to why characters other +than ':'s and '\0's should be disallowed in group and usernames (other +than '-' as the leading character). Thus, the maintenance tools don't +anymore. closes: #79682, #166798, #171179 + +Status wrt upstream: Debian specific. Not to be used upstream + +Gbp-Topic: debian +--- + lib/chkname.c | 47 +++++++++++++++-------------------------------- + man/groupadd.8.xml | 6 ++++++ + man/useradd.8.xml | 7 ++++++- + 3 files changed, 27 insertions(+), 33 deletions(-) + +diff --git a/lib/chkname.c b/lib/chkname.c +index 995562f..d9678c6 100644 +--- a/lib/chkname.c ++++ b/lib/chkname.c +@@ -54,44 +54,27 @@ static bool is_valid_name (const char *name) + } + + /* +- * User/group names must match BRE regex: +- * [a-zA-Z0-9_.][a-zA-Z0-9_.-]*$\? +- * +- * as a non-POSIX, extension, allow "$" as the last char for +- * sake of Samba 3.x "add machine script" +- * +- * Also do not allow fully numeric names or just "." or "..". +- */ +- int numeric; +- +- if ('\0' == *name || +- ('.' == *name && (('.' == name[1] && '\0' == name[2]) || +- '\0' == name[1])) || +- !((*name >= 'a' && *name <= 'z') || +- (*name >= 'A' && *name <= 'Z') || +- (*name >= '0' && *name <= '9') || +- *name == '_' || +- *name == '.')) { ++ * POSIX indicate that usernames are composed of characters from the ++ * portable filename character set [A-Za-z0-9._-], and that the hyphen ++ * should not be used as the first character of a portable user name. ++ * ++ * Allow more relaxed user/group names in Debian -- ^[^-~+:,\s][^:,\s]*$ ++ */ ++ if ( ('\0' == *name) ++ || ('-' == *name) ++ || ('~' == *name) ++ || ('+' == *name)) { + return false; + } + +- numeric = isdigit(*name); +- +- while ('\0' != *++name) { +- if (!((*name >= 'a' && *name <= 'z') || +- (*name >= 'A' && *name <= 'Z') || +- (*name >= '0' && *name <= '9') || +- *name == '_' || +- *name == '.' || +- *name == '-' || +- (*name == '$' && name[1] == '\0') +- )) { ++ do { ++ if ((':' == *name) || (',' == *name) || isspace(*name)) { + return false; + } +- numeric &= isdigit(*name); +- } ++ name++; ++ } while ('\0' != *name); + +- return !numeric; ++ return true; + } + + +diff --git a/man/groupadd.8.xml b/man/groupadd.8.xml +index 61a548f..d472bd0 100644 +--- a/man/groupadd.8.xml ++++ b/man/groupadd.8.xml +@@ -71,6 +71,12 @@ + Fully numeric groupnames and groupnames . or .. are + also disallowed. + ++ ++ On Debian, the only constraints are that groupnames must neither start ++ with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a ++ colon (':'), a comma (','), or a whitespace (space:' ', ++ end of line: '\n', tabulation: '\t', etc.). ++ + + Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long. + +diff --git a/man/useradd.8.xml b/man/useradd.8.xml +index 17987a6..4fc95d1 100644 +--- a/man/useradd.8.xml ++++ b/man/useradd.8.xml +@@ -733,7 +733,12 @@ + the ls output. + + +- Usernames may only be up to 256 characters long. ++ On Debian, the only constraints are that usernames must neither start ++ with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a ++ colon (':'), a comma (','), or a whitespace (space: ' ', ++ end of line: '\n', tabulation: '\t', etc.). Note that using a slash ++ ('/') may break the default algorithm for the definition of the ++ user's home directory. + + + diff --git a/debian/patches/Set-group-and-mode-for-g-shadow-files.patch b/debian/patches/Set-group-and-mode-for-g-shadow-files.patch new file mode 100644 index 0000000..c5e21ac --- /dev/null +++ b/debian/patches/Set-group-and-mode-for-g-shadow-files.patch @@ -0,0 +1,77 @@ +From: Shadow package maintainers +Date: Sat, 22 Jun 2024 17:39:41 +0200 +Subject: Set group and mode for [g]shadow files + +Set group 'shadow' and mode 0400. + +Fixes: #166793 + +Gbp-Topic: debian +--- + lib/commonio.c | 12 ++++++++++++ + lib/sgroupio.c | 2 +- + lib/shadowio.c | 2 +- + 3 files changed, 14 insertions(+), 2 deletions(-) + +diff --git a/lib/commonio.c b/lib/commonio.c +index 01a26c9..72e53b0 100644 +--- a/lib/commonio.c ++++ b/lib/commonio.c +@@ -21,6 +21,7 @@ + #include + #include + #include ++#include + + #include "alloc.h" + #include "memzero.h" +@@ -956,12 +957,23 @@ int commonio_close (struct commonio_db *db) + if (errors != 0) + goto fail; + } else { ++ struct group *grp; + /* + * Default permissions for new [g]shadow files. + */ + sb.st_mode = db->st_mode; + sb.st_uid = db->st_uid; + sb.st_gid = db->st_gid; ++ ++ /* ++ * Try to retrieve the shadow's GID, and fall back to GID 0. ++ */ ++ if (sb.st_gid == 0) { ++ if ((grp = getgrnam("shadow")) != NULL) ++ sb.st_gid = grp->gr_gid; ++ else ++ sb.st_gid = 0; ++ } + } + + if (SNPRINTF(buf, "%s+", db->filename) == -1) +diff --git a/lib/sgroupio.c b/lib/sgroupio.c +index 0297df4..107b1e5 100644 +--- a/lib/sgroupio.c ++++ b/lib/sgroupio.c +@@ -209,7 +209,7 @@ static struct commonio_db gshadow_db = { + #ifdef WITH_SELINUX + NULL, /* scontext */ + #endif +- 0400, /* st_mode */ ++ 0440, /* st_mode */ + 0, /* st_uid */ + 0, /* st_gid */ + NULL, /* head */ +diff --git a/lib/shadowio.c b/lib/shadowio.c +index d2c3b47..53dac0b 100644 +--- a/lib/shadowio.c ++++ b/lib/shadowio.c +@@ -85,7 +85,7 @@ static struct commonio_db shadow_db = { + #ifdef WITH_SELINUX + NULL, /* scontext */ + #endif /* WITH_SELINUX */ +- 0400, /* st_mode */ ++ 0440, /* st_mode */ + 0, /* st_uid */ + 0, /* st_gid */ + NULL, /* head */ diff --git a/debian/patches/ccpw-add-selinux-support.patch b/debian/patches/ccpw-add-selinux-support.patch new file mode 100644 index 0000000..d64210f --- /dev/null +++ b/debian/patches/ccpw-add-selinux-support.patch @@ -0,0 +1,65 @@ +From: Shadow package maintainers +Date: Sat, 22 Jun 2024 17:39:41 +0200 +Subject: ccpw: add selinux support + +Status wrt upstream: cppw is not available upstream. +Needs to be reviewed by an SE-Linux aware person. + +Gbp-Topic: debian +--- + src/cppw.c | 28 ++++++++++++++++++++++++++++ + 1 file changed, 28 insertions(+) + +diff --git a/src/cppw.c b/src/cppw.c +index beb4c36..2cbbbc0 100644 +--- a/src/cppw.c ++++ b/src/cppw.c +@@ -34,6 +34,9 @@ + #include + #include + #include ++#ifdef WITH_SELINUX ++#include ++#endif /* WITH_SELINUX */ + #include "exitcodes.h" + #include "prototypes.h" + #include "pwio.h" +@@ -139,6 +142,22 @@ static void cppwcopy (const char *file, + if (access (file, F_OK) != 0) { + cppwexit (file, 1, 1); + } ++#ifdef WITH_SELINUX ++ /* if SE Linux is enabled then set the context of all new files ++ * to be the context of the file we are editing */ ++ if (is_selinux_enabled () > 0) { ++ security_context_t passwd_context=NULL; ++ int ret = 0; ++ if (getfilecon (file, &passwd_context) < 0) { ++ cppwexit (_("Couldn't get file context"), errno, 1); ++ } ++ ret = setfscreatecon (passwd_context); ++ freecon (passwd_context); ++ if (0 != ret) { ++ cppwexit (_("setfscreatecon () failed"), errno, 1); ++ } ++ } ++#endif /* WITH_SELINUX */ + if (file_lock () == 0) { + cppwexit (_("Couldn't lock file"), 0, 5); + } +@@ -167,6 +186,15 @@ static void cppwcopy (const char *file, + cppwexit (NULL,0,1); + } + ++#ifdef WITH_SELINUX ++ /* unset the fscreatecon */ ++ if (is_selinux_enabled () > 0) { ++ if (setfscreatecon (NULL)) { ++ cppwexit (_("setfscreatecon() failed"), errno, 1); ++ } ++ } ++#endif /* WITH_SELINUX */ ++ + (*file_unlock) (); + } + diff --git a/debian/patches/cppw-Add-tool.patch b/debian/patches/cppw-Add-tool.patch new file mode 100644 index 0000000..a738898 --- /dev/null +++ b/debian/patches/cppw-Add-tool.patch @@ -0,0 +1,288 @@ +From: Nicolas FRANCOIS +Date: Sat, 22 Jun 2024 17:39:41 +0200 +Subject: cppw: Add tool + +Gbp-Topic: debian +--- + po/POTFILES.in | 1 + + src/Makefile.am | 2 + + src/cppw.c | 238 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 241 insertions(+) + create mode 100644 src/cppw.c + +diff --git a/po/POTFILES.in b/po/POTFILES.in +index 9ff6100..a60c93e 100644 +--- a/po/POTFILES.in ++++ b/po/POTFILES.in +@@ -86,6 +86,7 @@ src/chfn.c + src/chgpasswd.c + src/chpasswd.c + src/chsh.c ++src/cppw.c + src/expiry.c + src/faillog.c + src/gpasswd.c +diff --git a/src/Makefile.am b/src/Makefile.am +index b6cb09e..c86ba52 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -39,6 +39,7 @@ if WITH_SU + bin_PROGRAMS += su + endif + usbin_PROGRAMS = \ ++ cppw \ + chgpasswd \ + chpasswd \ + groupadd \ +@@ -104,6 +105,7 @@ newuidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) $(LIBECONF) -l + newgidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) $(LIBECONF) -ldl + chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF) + chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) ++cppw_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) + chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF) + chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) -ldl + expiry_LDADD = $(LDADD) $(LIBECONF) +diff --git a/src/cppw.c b/src/cppw.c +new file mode 100644 +index 0000000..beb4c36 +--- /dev/null ++++ b/src/cppw.c +@@ -0,0 +1,238 @@ ++/* ++ cppw, cpgr copy with locking given file over the password or group file ++ with -s will copy with locking given file over shadow or gshadow file ++ ++ Copyright (C) 1999 Stephen Frost ++ ++ Based on vipw, vigr by: ++ Copyright (C) 1997 Guy Maor ++ ++ This program is free software; you can redistribute it and/or modify ++ it under the terms of the GNU General Public License as published by ++ the Free Software Foundation; either version 2 of the License, or ++ (at your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, but ++ WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License ++ along with this program; if not, write to the Free Software ++ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. ++ ++ */ ++ ++#include ++#include "defines.h" ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include "exitcodes.h" ++#include "prototypes.h" ++#include "pwio.h" ++#include "shadowio.h" ++#include "groupio.h" ++#include "sgroupio.h" ++ ++ ++const char *Prog; ++ ++const char *filename, *filenewname; ++static bool filelocked = false; ++static int (*unlock) (void); ++ ++/* local function prototypes */ ++static int create_copy (FILE *fp, const char *dest, struct stat *sb); ++static void cppwexit (const char *msg, int syserr, int ret); ++static void cppwcopy (const char *file, ++ const char *in_file, ++ int (*file_lock) (void), ++ int (*file_unlock) (void)); ++ ++static int create_copy (FILE *fp, const char *dest, struct stat *sb) ++{ ++ struct utimbuf ub; ++ FILE *bkfp; ++ int c; ++ mode_t mask; ++ ++ mask = umask (077); ++ bkfp = fopen (dest, "w"); ++ (void) umask (mask); ++ if (NULL == bkfp) { ++ return -1; ++ } ++ ++ rewind (fp); ++ while ((c = getc (fp)) != EOF) { ++ if (putc (c, bkfp) == EOF) { ++ break; ++ } ++ } ++ ++ if ( (c != EOF) ++ || (fflush (bkfp) != 0)) { ++ (void) fclose (bkfp); ++ (void) unlink (dest); ++ return -1; ++ } ++ if ( (fsync (fileno (bkfp)) != 0) ++ || (fclose (bkfp) != 0)) { ++ (void) unlink (dest); ++ return -1; ++ } ++ ++ ub.actime = sb->st_atime; ++ ub.modtime = sb->st_mtime; ++ if ( (utime (dest, &ub) != 0) ++ || (chmod (dest, sb->st_mode) != 0) ++ || (chown (dest, sb->st_uid, sb->st_gid) != 0)) { ++ (void) unlink (dest); ++ return -1; ++ } ++ return 0; ++} ++ ++static void cppwexit (const char *msg, int syserr, int ret) ++{ ++ int err = errno; ++ if (filelocked) { ++ (*unlock) (); ++ } ++ if (NULL != msg) { ++ fprintf (stderr, "%s: %s", Prog, msg); ++ if (0 != syserr) { ++ fprintf (stderr, ": %s", strerror (err)); ++ } ++ (void) fputs ("\n", stderr); ++ } ++ if (NULL != filename) { ++ fprintf (stderr, _("%s: %s is unchanged\n"), Prog, filename); ++ } else { ++ fprintf (stderr, _("%s: no changes\n"), Prog); ++ } ++ ++ exit (ret); ++} ++ ++static void cppwcopy (const char *file, ++ const char *in_file, ++ int (*file_lock) (void), ++ int (*file_unlock) (void)) ++{ ++ struct stat st1; ++ FILE *f; ++ char filenew[1024]; ++ ++ snprintf (filenew, sizeof filenew, "%s.new", file); ++ unlock = file_unlock; ++ filename = file; ++ filenewname = filenew; ++ ++ if (access (file, F_OK) != 0) { ++ cppwexit (file, 1, 1); ++ } ++ if (file_lock () == 0) { ++ cppwexit (_("Couldn't lock file"), 0, 5); ++ } ++ filelocked = true; ++ ++ /* file to copy has same owners, perm */ ++ if (stat (file, &st1) != 0) { ++ cppwexit (file, 1, 1); ++ } ++ f = fopen (in_file, "r"); ++ if (NULL == f) { ++ cppwexit (in_file, 1, 1); ++ } ++ if (create_copy (f, filenew, &st1) != 0) { ++ cppwexit (_("Couldn't make copy"), errno, 1); ++ } ++ ++ /* XXX - here we should check filenew for errors; if there are any, ++ * fail w/ an appropriate error code and let the user manually fix ++ * it. Use pwck or grpck to do the check. - Stephen (Shamelessly ++ * stolen from '--marekm's comment) */ ++ ++ if (rename (filenew, file) != 0) { ++ fprintf (stderr, _("%s: can't copy %s: %s)\n"), ++ Prog, filenew, strerror (errno)); ++ cppwexit (NULL,0,1); ++ } ++ ++ (*file_unlock) (); ++} ++ ++int main (int argc, char **argv) ++{ ++ int flag; ++ bool cpshadow = false; ++ char *in_file; ++ int e = E_USAGE; ++ bool do_cppw = true; ++ ++ (void) setlocale (LC_ALL, ""); ++ (void) bindtextdomain (PACKAGE, LOCALEDIR); ++ (void) textdomain (PACKAGE); ++ ++ Prog = Basename (argv[0]); ++ if (strcmp (Prog, "cpgr") == 0) { ++ do_cppw = false; ++ } ++ ++ while ((flag = getopt (argc, argv, "ghps")) != EOF) { ++ switch (flag) { ++ case 'p': ++ do_cppw = true; ++ break; ++ case 'g': ++ do_cppw = false; ++ break; ++ case 's': ++ cpshadow = true; ++ break; ++ case 'h': ++ e = E_SUCCESS; ++ /*pass through*/ ++ default: ++ (void) fputs (_("Usage:\n\ ++`cppw ' copys over /etc/passwd `cppw -s ' copys over /etc/shadow\n\ ++`cpgr ' copys over /etc/group `cpgr -s ' copys over /etc/gshadow\n\ ++"), (E_SUCCESS != e) ? stderr : stdout); ++ exit (e); ++ } ++ } ++ ++ if (argc != optind + 1) { ++ cppwexit (_("wrong number of arguments, -h for usage"),0,1); ++ } ++ ++ in_file = argv[optind]; ++ ++ if (do_cppw) { ++ if (cpshadow) { ++ cppwcopy (SHADOW_FILE, in_file, spw_lock, spw_unlock); ++ } else { ++ cppwcopy (PASSWD_FILE, in_file, pw_lock, pw_unlock); ++ } ++ } else { ++#ifdef SHADOWGRP ++ if (cpshadow) { ++ cppwcopy (SGROUP_FILE, in_file, sgr_lock, sgr_unlock); ++ } else ++#endif /* SHADOWGRP */ ++ { ++ cppwcopy (GROUP_FILE, in_file, gr_lock, gr_unlock); ++ } ++ } ++ ++ return 0; ++} ++ diff --git a/debian/patches/series b/debian/patches/series index ba058e0..d4bee87 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,23 +1,9 @@ -# CVE-2023-4641 -0001-gpasswd-1-Fix-password-leak.patch - -# CVE-2023-29383 -0002-Added-control-character-check.patch -0003-Overhaul-valid_field.patch - -# These patches are only for the testsuite: -#900_testsuite_groupmems -#901_testsuite_gcov - -008_login_log_failure_in_FTMP -401_cppw_src.dpatch -# 402 should be merged in 401, but should be reviewed by SE Linux experts first -402_cppw_selinux -429_login_FAILLOG_ENAB -463_login_delay_obeys_to_PAM -501_commonio_group_shadow -502_debian_useradd_defaults -503_shadowconfig.8 -505_useradd_recommend_adduser -506_relaxed_usernames -542_useradd-O_option +cppw-Add-tool.patch +ccpw-add-selinux-support.patch +Let-pam_unix-handle-login-failure-delays.patch +Set-group-and-mode-for-g-shadow-files.patch +Keep-using-Debian-adduser-defaults.patch +Document-the-shadowconfig-utility.patch +Recommend-using-adduser-and-deluser.patch +Relax-usernames-groupnames-checking.patch +useradd-accept-the-O-flag-for-backward-compatibility.patch diff --git a/debian/patches/useradd-accept-the-O-flag-for-backward-compatibility.patch b/debian/patches/useradd-accept-the-O-flag-for-backward-compatibility.patch new file mode 100644 index 0000000..74b41c8 --- /dev/null +++ b/debian/patches/useradd-accept-the-O-flag-for-backward-compatibility.patch @@ -0,0 +1,52 @@ +From: Shadow package maintainers +Date: Sat, 22 Jun 2024 17:39:41 +0200 +Subject: useradd: accept the -O flag for backward compatibility + +Note: useradd.8 needs to be regenerated. + +Status wrt upstream: not included as this is just specific + backward compatibility for Debian + +Gbp-Topic: debian +--- + man/useradd.8.xml | 5 +++++ + src/useradd.c | 3 ++- + 2 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/man/useradd.8.xml b/man/useradd.8.xml +index 4fc95d1..c513e56 100644 +--- a/man/useradd.8.xml ++++ b/man/useradd.8.xml +@@ -333,6 +333,11 @@ + =100   + UID_MAX=499 + ++ ++ For the compatibility with previous Debian's ++ useradd, the option is ++ also supported. ++ +