diff options
| author |   Mike Frysinger <vapier@gentoo.org> | 2006-03-17 01:17:16 +0000 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2006-03-17 01:17:16 +0000 |
| commit | 045570027820c4636c382ec811197c7cdcfda8eb (patch) | |
| tree | c3343b66d3ac7098ad5c13e3727c04db837b7fef /sys-apps/shadow | |
| parent | Revision bump. Some general ebuild cleanup, depend on newer dante to remove o... (diff) | |
| download | gentoo-2-045570027820c4636c382ec811197c7cdcfda8eb.tar.gz gentoo-2-045570027820c4636c382ec811197c7cdcfda8eb.tar.bz2 gentoo-2-045570027820c4636c382ec811197c7cdcfda8eb.zip | |
Fix from upstream for bogus userdel warning #126432 by Gabriel Lavoie.
(Portage version: 2.1_pre6-r3)
Diffstat (limited to 'sys-apps/shadow')
| -rw-r--r-- | sys-apps/shadow/ChangeLog | 8 | ||||
| -rw-r--r-- | sys-apps/shadow/files/digest-shadow-4.0.14-r3 | 3 | ||||
| -rw-r--r-- | sys-apps/shadow/files/shadow-4.0.14-userdel-group-remove.patch | 123 | ||||
| -rw-r--r-- | sys-apps/shadow/shadow-4.0.14-r3.ebuild | 264 |
4 files changed, 397 insertions, 1 deletions
diff --git a/sys-apps/shadow/ChangeLog b/sys-apps/shadow/ChangeLog index df01312da56f..efc30dbbf329 100644 --- a/sys-apps/shadow/ChangeLog +++ b/sys-apps/shadow/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for sys-apps/shadow # Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/ChangeLog,v 1.133 2006/03/14 22:52:01 exg Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/ChangeLog,v 1.134 2006/03/17 01:17:16 vapier Exp $ + +*shadow-4.0.14-r3 (17 Mar 2006) + + 17 Mar 2006; Mike Frysinger <vapier@gentoo.org> + +files/shadow-4.0.14-userdel-group-remove.patch, +shadow-4.0.14-r3.ebuild: + Fix from upstream for bogus userdel warning #126432 by Gabriel Lavoie. 14 Mar 2006; Emanuele Giaquinta <exg@gentoo.org> shadow-4.0.14-r1.ebuild: Stable on ppc; bug #125419 diff --git a/sys-apps/shadow/files/digest-shadow-4.0.14-r3 b/sys-apps/shadow/files/digest-shadow-4.0.14-r3 new file mode 100644 index 000000000000..ac9830b87acc --- /dev/null +++ b/sys-apps/shadow/files/digest-shadow-4.0.14-r3 @@ -0,0 +1,3 @@ +MD5 903f55cf05bbe082617d3337743792fb shadow-4.0.14.tar.bz2 1246902 +RMD160 555bb154ba73b9e322ddd17517a77470cdfb7902 shadow-4.0.14.tar.bz2 1246902 +SHA256 e9beb4edf8689f94c32e9a8f53d1c6c542ef1a5678e8037d4c452c53dfbeb0ae shadow-4.0.14.tar.bz2 1246902 diff --git a/sys-apps/shadow/files/shadow-4.0.14-userdel-group-remove.patch b/sys-apps/shadow/files/shadow-4.0.14-userdel-group-remove.patch new file mode 100644 index 000000000000..1e51eed4b526 --- /dev/null +++ b/sys-apps/shadow/files/shadow-4.0.14-userdel-group-remove.patch @@ -0,0 +1,123 @@ +http://bugs.gentoo.org/126432 + +---------------------------- +revision 1.61 +date: 2006/02/07 20:19:46; author: kloczek; state: Exp; lines: +1 -70 +user's group is already removed by update_groups(). remove_group() +is not needed (bug introduced in 4.0.14 on merge FC fixes). Fixed by Nicolas +François <nicolas.francois@centraliens.net> +============================================================================= + +Index: src/userdel.c +=================================================================== +RCS file: /cvsroot/shadow/src/userdel.c,v +retrieving revision 1.60 +retrieving revision 1.61 +diff -u -p -r1.60 -r1.61 +--- src/userdel.c 7 Feb 2006 16:39:41 -0000 1.60 ++++ src/userdel.c 7 Feb 2006 20:19:46 -0000 1.61 +@@ -66,9 +66,7 @@ + #define E_HOMEDIR 12 /* can't remove home directory */ + static char *user_name; + static uid_t user_id; +-static gid_t user_gid; + static char *user_home; +-static char *user_group; + + static char *Prog; + static int fflg = 0, rflg = 0; +@@ -265,65 +263,6 @@ static void update_groups (void) + } + + /* +- * remove_group - remove the user's group unless it is not really a user-private group +- */ +-static void remove_group () +-{ +- char *glist_name; +- struct group *gr; +- struct passwd *pwd; +- +- if (user_group == NULL || user_name == NULL) +- return; +- +- if (strcmp (user_name, user_group)) { +- return; +- } +- +- glist_name = NULL; +- gr = getgrnam (user_group); +- if (gr) +- glist_name = *(gr->gr_mem); +- while (glist_name) { +- while (glist_name && *glist_name) { +- if (strncmp (glist_name, user_name, 16)) { +- return; +- } +- glist_name++; +- } +- } +- +- setpwent (); +- while ((pwd = getpwent ())) { +- if (strcmp (pwd->pw_name, user_name) == 0) +- continue; +- +- if (pwd->pw_gid == user_gid) { +- return; +- } +- } +- +- /* now actually do the removal if we haven't already returned */ +- +- if (!gr_remove (user_group)) { +- fprintf (stderr, _("%s: error removing group entry\n"), Prog); +- } +-#ifdef SHADOWGRP +- +- /* +- * Delete the shadow group entries as well. +- */ +- +- if (is_shadow_grp && !sgr_remove (user_group)) { +- fprintf (stderr, _("%s: error removing shadow group entry\n"), +- Prog); +- } +-#endif /* SHADOWGRP */ +- SYSLOG ((LOG_INFO, "remove group `%s'\n", user_group)); +- return; +-} +- +-/* + * close_files - close all of the files that were opened + * + * close_files() closes all of the files that were opened for this +@@ -652,7 +591,6 @@ static void remove_mailbox (void) + int main (int argc, char **argv) + { + struct passwd *pwd; +- struct group *grp; + int arg; + int errors = 0; + +@@ -760,10 +698,6 @@ int main (int argc, char **argv) + #endif + user_id = pwd->pw_uid; + user_home = xstrdup (pwd->pw_dir); +- user_gid = pwd->pw_gid; +- grp = getgrgid (user_gid); +- if (grp) +- user_group = xstrdup (grp->gr_name); + /* + * Check to make certain the user isn't logged in. + */ +@@ -817,9 +751,6 @@ int main (int argc, char **argv) + } + #endif + +- /* Remove the user's group if appropriate. */ +- remove_group (); +- + if (rflg) { + if (remove_tree (user_home) + || rmdir (user_home)) { diff --git a/sys-apps/shadow/shadow-4.0.14-r3.ebuild b/sys-apps/shadow/shadow-4.0.14-r3.ebuild new file mode 100644 index 000000000000..2974b76aee43 --- /dev/null +++ b/sys-apps/shadow/shadow-4.0.14-r3.ebuild @@ -0,0 +1,264 @@ +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/shadow-4.0.14-r3.ebuild,v 1.1 2006/03/17 01:17:16 vapier Exp $ + +inherit eutils libtool toolchain-funcs flag-o-matic autotools pam + +# We should remove this login after pam-0.78 goes stable. +FORCE_SYSTEMAUTH_UPDATE="no" + +DESCRIPTION="Utilities to deal with user accounts" +HOMEPAGE="http://shadow.pld.org.pl/" +SRC_URI="ftp://ftp.pld.org.pl/software/${PN}/${P}.tar.bz2" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="nls pam selinux skey nousuid" + +RDEPEND=">=sys-libs/cracklib-2.7-r3 + pam? ( virtual/pam ) + !sys-apps/pam-login + skey? ( app-admin/skey ) + selinux? ( >=sys-libs/libselinux-1.28 ) + nls? ( virtual/libintl )" +DEPEND="${RDEPEND} + >=sys-apps/portage-2.0.51-r2 + nls? ( sys-devel/gettext )" + +src_unpack() { + unpack ${A} + cd "${S}" + + # uclibc support, corrects NIS usage + epatch "${FILESDIR}"/${PN}-4.0.13-nonis.patch + + # If su should not simulate a login shell, use '/bin/sh' as shell to enable + # running of commands as user with /bin/false as shell, closing bug #15015. + # *** This one could be a security hole; disable for now *** + #epatch "${FILESDIR}"/${P}-nologin-run-sh.patch + + # don't install manpages if USE=-nls + epatch "${FILESDIR}"/${PN}-4.0.14-nls-manpages.patch + + # tweak the default login.defs + epatch "${FILESDIR}"/${PN}-4.0.13-login.defs.patch + + # skeychallenge call needs updating #69741 + epatch "${FILESDIR}"/shadow-4.0.5-skey.patch + + # Make user/group names more flexible #3485 / #22920 + epatch "${FILESDIR}"/${PN}-4.0.13-dots-in-usernames.patch + epatch "${FILESDIR}"/${PN}-4.0.13-long-groupnames.patch + + # Fix compiling with gcc-2.95.x + epatch "${FILESDIR}"/${PN}-4.0.12-gcc2.patch + + # Patch from upstream enables the new environment too early for PAM + epatch "${FILESDIR}"/${PN}-4.0.14-su-fix-environment.patch + + # Patch from upstream fixes `su -c ls` #118342 + epatch "${FILESDIR}"/${P}-su-cvs.patch + + # Fix from upstream for `userdel foo` #126432 + epatch "${FILESDIR}"/${PN}-4.0.14-userdel-group-remove.patch + + # Some UCLIBC patches + epatch "${FILESDIR}"/${PN}-4.0.11.1-uclibc-missing-l64a.patch + + # lock down setuid perms #47208 + epatch "${FILESDIR}"/${PN}-4.0.11.1-perms.patch + + # Needed by the UCLIBC patches + eautoconf || die + + elibtoolize + epunt_cxx +} + +src_compile() { + append-ldflags $(bindnow-flags) + tc-is-cross-compiler && export ac_cv_func_setpgrp_void=yes + econf \ + --disable-desrpc \ + --with-libcrypt \ + --with-libcrack \ + --enable-shared=no \ + --enable-static=yes \ + $(use_with pam libpam) \ + $(use_with skey) \ + $(use_with selinux) \ + $(use_enable nls) \ + || die "bad configure" + emake || die "compile problem" +} + +src_install() { + local perms=4711 + use nousuid && perms=711 + make DESTDIR=${D} suiduperms=${perms} install || die "install problem" + dosym useradd /usr/sbin/adduser + + # Remove libshadow and libmisc; see bug 37725 and the following + # comment from shadow's README.linux: + # Currently, libshadow.a is for internal use only, so if you see + # -lshadow in a Makefile of some other package, it is safe to + # remove it. + rm -f "${D}"/{,usr/}$(get_libdir)/lib{misc,shadow}.{a,la} + + insinto /etc + # Using a securetty with devfs device names added + # (compat names kept for non-devfs compatibility) + insopts -m0600 ; doins "${FILESDIR}"/securetty + if ! use pam; then + insopts -m0600 + doins etc/login.access etc/limits + else + newpamd "${FILESDIR}/login.pamd" login + use selinux || sed -i -e '/@selinux@/d' ${D}/etc/pam.d/login + use selinux && sed -i -e 's:@selinux@::g' ${D}/etc/pam.d/login + + insinto /etc + insopts -m0644 + newins "${FILESDIR}/login.defs" login.defs + + # Also install another one that we can use to check if + # we need to update it if FORCE_LOGIN_DEFS = "yes" + [ "${FORCE_LOGIN_DEFS}" = "yes" ] \ + && newins "${FILESDIR}/login.defs" login.defs.new + fi + # Output arch-specific cruft + case $(tc-arch) in + ppc*) echo "hvc0" >> "${D}"/etc/securetty + echo "hvsi0" >> "${D}"/etc/securetty;; + hppa) echo "ttyB0" >> "${D}"/etc/securetty;; + arm) echo "ttyFB0" >> "${D}"/etc/securetty;; + esac + + # needed for 'adduser -D' + insinto /etc/default + insopts -m0600 + doins "${FILESDIR}"/default/useradd + + # move passwd to / to help recover broke systems #64441 + mv "${D}"/usr/bin/passwd "${D}"/bin/ + dosym /bin/passwd /usr/bin/passwd + + if use pam ; then + local INSTALL_SYSTEM_PAMD="yes" + + # Do not install below pam.d files if we have pam-0.78 or later + portageq has_version / '>=sys-libs/pam-0.78' && \ + INSTALL_SYSTEM_PAMD="no" + + for x in "${FILESDIR}"/pam.d-include/*; do + case "${x##*/}" in + "login") + # We do no longer install this one, as its from + # pam-login now. + ;; + "system-auth"|"system-auth-1.1"|"other") + # These we only install if we do not have pam-0.78 + # or later. + [ "${INSTALL_SYSTEM_PAMD}" = "yes" ] && [ -f ${x} ] && \ + dopamd ${x} + ;; + "su") + # Disable support for pam_env and pam_wheel on openpam + has_version sys-libs/pam && dopamd ${x} + ;; + "su-openpam") + has_version sys-libs/openpam && newpamd ${x} su + ;; + *) + [ -f ${x} ] && dopamd ${x} + ;; + esac + done + for x in chage chsh chfn chpasswd newusers \ + user{add,del,mod} group{add,del,mod} ; do + newpamd "${FILESDIR}"/pam.d-include/shadow ${x} + done + + # Only add this one if needed. + if [ "${FORCE_SYSTEMAUTH_UPDATE}" = "yes" ]; then + newpamd "${FILESDIR}"/pam.d-include/system-auth-1.1 system-auth.new || \ + die "Failed to install system-auth.new!" + fi + + # remove manpages that pam will install for us + # and/or don't apply when using pam + + find "${D}"/usr/share/man \ + '(' -name 'limits.5*' -o -name 'suauth.5*' ')' \ + -exec rm {} \; + else + insinto /etc + insopts -m0644 + newins etc/login.defs login.defs + fi + + # Remove manpages that are handled by other packages + find "${D}"/usr/share/man \ + '(' -name id.1 -o -name passwd.5 -o -name getspnam.3 ')' \ + -exec rm {} \; + + cd "${S}" + dodoc ChangeLog NEWS TODO + newdoc README README.download + cd doc + dodoc HOWTO LSM README* WISHLIST *.txt +} + +pkg_preinst() { + rm -f "${ROOT}"/etc/pam.d/system-auth.new \ + "${ROOT}/etc/login.defs.new" +} + +pkg_postinst() { + use pam || return 0 + + if [ "${FORCE_SYSTEMAUTH_UPDATE}" = "yes" ]; then + local CHECK1=$(md5sum "${ROOT}"/etc/pam.d/system-auth | cut -d ' ' -f 1) + local CHECK2=$(md5sum "${ROOT}"/etc/pam.d/system-auth.new | cut -d ' ' -f 1) + + if [ "${CHECK1}" != "${CHECK2}" ]; then + ewarn "Due to a security issue, ${ROOT}etc/pam.d/system-auth " + ewarn "is being updated automatically. Your old " + ewarn "system-auth will be backed up as:" + ewarn + ewarn " ${ROOT}etc/pam.d/system-auth.bak" + echo + + cp -pPR "${ROOT}"/etc/pam.d/system-auth \ + "${ROOT}"/etc/pam.d/system-auth.bak; + mv -f "${ROOT}"/etc/pam.d/system-auth.new \ + "${ROOT}"/etc/pam.d/system-auth + rm -f "${ROOT}"/etc/pam.d/._cfg????_system-auth + else + rm -f "${ROOT}"/etc/pam.d/system-auth.new + fi + fi + + [ "${FORCE_LOGIN_DEFS}" != "yes" ] && return 0 + + ewarn "Due to a compatibility issue, ${ROOT}etc/login.defs " + ewarn "is being updated automatically. Your old login.defs" + ewarn "will be backed up as: ${ROOT}etc/login.defs.bak" + echo + + local CHECK1="`md5sum ${ROOT}/etc/login.defs | cut -d ' ' -f 1`" + local CHECK2="`md5sum ${ROOT}/etc/login.defs.new | cut -d ' ' -f 1`" + + if [ "${CHECK1}" != "${CHECK2}" ] + then + cp -pPR ${ROOT}/etc/login.defs ${ROOT}/etc/login.defs.bak + mv -f ${ROOT}/etc/login.defs.new ${ROOT}/etc/login.defs + elif [ ! -f ${ROOT}/etc/login.defs ] + then + mv -f ${ROOT}/etc/login.defs.new ${ROOT}/etc/login.defs + else + rm -f ${ROOT}/etc/login.defs.new + fi +} + |