diff options
-rw-r--r-- | system/shadow/APKBUILD | 64 | ||||
-rw-r--r-- | system/shadow/support-m4-dirs.patch | 9 | ||||
-rw-r--r-- | system/shadow/utmpx.patch | 206 |
3 files changed, 249 insertions, 30 deletions
diff --git a/system/shadow/APKBUILD b/system/shadow/APKBUILD index 13dc98d7a..6b8723bf6 100644 --- a/system/shadow/APKBUILD +++ b/system/shadow/APKBUILD @@ -1,21 +1,24 @@ # Contributor: William Pitcock <nenolod@dereferenced.org> # Contributor: Jakub Jirutka <jakub@jirutka.cz> -# Maintainer: Stuart Cardall <developer@it-offshore.co.uk> +# Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=shadow -pkgver=4.5 +pkgver=4.6 pkgrel=0 -pkgdesc="PAM-using login and passwd utilities (usermod, useradd, ...)" -url="http://pkg-shadow.alioth.debian.org/" +pkgdesc="Login and password management utilities" +url="https://github.com/shadow-maint/shadow" arch="all" -license="GPL" +options="suid" +license="BSD-3-Clause OR Artistic-1.0-Perl" depends="" -makedepends="linux-pam-dev" -subpackages="$pkgname-doc $pkgname-dbg $pkgname-uidmap" +makedepends="linux-pam-dev autoconf automake" +subpackages="$pkgname-doc $pkgname-dbg $pkgname-lang $pkgname-uidmap" source="https://github.com/shadow-maint/shadow/releases/download/$pkgver/shadow-$pkgver.tar.xz login.pamd dots-in-usernames.patch useradd-usergroups.patch pam-useradd.patch + utmpx.patch + support-m4-dirs.patch " # secfixes: # 4.5-r0: @@ -25,13 +28,16 @@ source="https://github.com/shadow-maint/shadow/releases/download/$pkgver/shadow- # 4.2.1-r7: # - CVE-2016-6252 -options="suid" -builddir="$srcdir/shadow-$pkgver" +prepare() { + cd "$builddir" + default_prepare + autoreconf -v -f --install +} build() { cd "$builddir" - ./configure \ + LIBS="-lutmps -lskarnet" ./configure \ --build=$CBUILD \ --host=$CHOST \ --target=$CTARGET \ @@ -40,7 +46,7 @@ build() { --mandir=/usr/share/man \ --infodir=/usr/share/info \ --localstatedir=/var \ - --disable-nls \ + --enable-utmpx \ --with-libpam \ --without-audit \ --without-selinux \ @@ -48,9 +54,8 @@ build() { --without-attr \ --without-tcb \ --without-nscd \ - --without-group-name-max-length \ - || return 1 - make || return 1 + --without-group-name-max-length + make } check() { @@ -61,23 +66,23 @@ check() { package() { cd "$builddir" - make DESTDIR="$pkgdir" install || return 1 + make DESTDIR="$pkgdir" install # Do not install these pam.d files they are broken and outdated. - rm "$pkgdir"/etc/pam.d/* || return 1 + rm "$pkgdir"/etc/pam.d/* # install some pam.d files based on a patched useradd for pamf in groupadd groupdel groupmems groupmod \ useradd userdel usermod do install -m0644 etc/pam.d/useradd \ - "$pkgdir/etc/pam.d/$pamf" || return 1 + "$pkgdir/etc/pam.d/$pamf" done # nologin is provided by util-linux. - rm "$pkgdir"/sbin/nologin || return 1 + rm "$pkgdir"/sbin/nologin # However, install our own for login. - cp "$srcdir"/login.pamd "$pkgdir"/etc/pam.d/login || return 1 + cp "$srcdir"/login.pamd "$pkgdir"/etc/pam.d/login # /etc/login.defs is not very useful - replace it with an *almost* blank file. rm "$pkgdir"/etc/login.defs @@ -85,26 +90,25 @@ package() { # Avoid conflict with man-pages. rm "$pkgdir"/usr/share/man/man3/getspnam.3* \ - "$pkgdir"/usr/share/man/man5/passwd.5* || return 1 + "$pkgdir"/usr/share/man/man5/passwd.5* } uidmap() { pkgdesc="Utilities for using subordinate UIDs and GIDs" - mkdir -p "$subpkgdir" - cd "$subpkgdir" - - mkdir -p usr/bin - mv "$pkgdir"/usr/bin/new*idmap usr/bin/ || return 1 - chmod 4711 usr/bin/new*idmap || return 1 + mkdir -p "$subpkgdir"/usr/bin + mv "$pkgdir"/usr/bin/new*idmap "$subpkgdir"/usr/bin/ + chmod 4711 "$subpkgdir"/usr/bin/new*idmap # Used e.g. for unprivileged LXC containers. - mkdir etc - touch etc/subuid etc/subgid + mkdir "$subpkgdir"/etc + touch "$subpkgdir"/etc/subuid "$subpkgdir"/etc/subgid } -sha512sums="e57f8db54df23301c229d4be30d4cbb67efa1d1809cffcff79adc480b6019fb2b5fd09e112e82a3f00ad5a6b2994592adac93f70a631cf666b6f4723b61c87b5 shadow-4.5.tar.xz +sha512sums="e8eee52c649d9973f724bc2d5aeee71fa2e6a2e41ec3487cd6cf6d47af70c32e0cdf304df29b32eae2b6eb6f9066866b5f2c891add0ec87ba583bea3207b3631 shadow-4.6.tar.xz 46a6f83f3698e101b58b8682852da749619412f75dfa85cecad03d0847f6c3dc452d984510db7094220e4570a0565b83b0556e16198ad894a3ec84b3e513d58d login.pamd 745eea04c054226feba165b635dbb8570b8a04537d41e914400a4c54633c3a9cf350da0aabfec754fb8cf3e58fc1c8cf597b895506312f19469071760c11f31d dots-in-usernames.patch 49f1d5ded82d2d479805c77d7cc6274c30233596e375b28306b31a33f8fbfc3611dbc77d606081b8300247908c267297dbb6c5d1a30d56095dda53c6a636fb56 useradd-usergroups.patch -0b4587e263cb6be12fa5ae6bc3b3fc4d3696dae355bc67d085dc58c52ff96edb4d163b95db2092b8c2f3310839430cac03c7af356641b42e24ee4aa6410f5cf1 pam-useradd.patch" +0b4587e263cb6be12fa5ae6bc3b3fc4d3696dae355bc67d085dc58c52ff96edb4d163b95db2092b8c2f3310839430cac03c7af356641b42e24ee4aa6410f5cf1 pam-useradd.patch +0ae5df1a287b8fa07fa9b9061dd3d5e6198527a6d9e9d4a9e2885f7a3884d1935e56856e25f1c092475aa31cee31b11d3bc7f9efe0347b0811ae53a805b2f26e utmpx.patch +ec0ef7038b385954b7e47b0414839d30c99edcc96863a06a8e90f04bcc943c6c30274fc382f15ca74ceca57bef36c90feae6e7d363ed8c6408ae4f2bf938dacb support-m4-dirs.patch" diff --git a/system/shadow/support-m4-dirs.patch b/system/shadow/support-m4-dirs.patch new file mode 100644 index 000000000..6a2d34198 --- /dev/null +++ b/system/shadow/support-m4-dirs.patch @@ -0,0 +1,9 @@ +--- shadow-4.6/configure.ac.old 2018-06-23 22:09:31.067117872 -0500 ++++ shadow-4.6/configure.ac 2018-06-23 22:13:44.496866959 -0500 +@@ -1,5 +1,6 @@ + dnl Process this file with autoconf to produce a configure script. + AC_PREREQ([2.64]) ++AC_CONFIG_MACRO_DIR([m4]) + AC_INIT([shadow], [4.6], [pkg-shadow-devel@lists.alioth.debian.org], [], + [https://github.com/shadow-maint/shadow]) + AM_INIT_AUTOMAKE([1.11 foreign dist-xz]) diff --git a/system/shadow/utmpx.patch b/system/shadow/utmpx.patch new file mode 100644 index 000000000..d2ba0d4ec --- /dev/null +++ b/system/shadow/utmpx.patch @@ -0,0 +1,206 @@ +diff --git a/configure.ac b/configure.ac +index 41068a5d..6bc88cfd 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -74,12 +74,6 @@ AC_CHECK_MEMBERS([struct utmp.ut_type, + struct utmp.ut_time, + struct utmp.ut_xtime, + struct utmp.ut_tv],,,[[#include <utmp.h>]]) +-dnl There are dependencies: +-dnl If UTMPX has to be used, the utmp structure shall have a ut_id field. +-if test "$ac_cv_header_utmpx_h" = "yes" && +- test "$ac_cv_member_struct_utmp_ut_id" != "yes"; then +- AC_MSG_ERROR(Systems with UTMPX and no ut_id field in the utmp structure are not supported) +-fi + + AC_CHECK_MEMBERS([struct utmpx.ut_name, + struct utmpx.ut_host, +diff --git a/lib/prototypes.h b/lib/prototypes.h +index b7d48881..d9e7f6f4 100644 +--- a/lib/prototypes.h ++++ b/lib/prototypes.h +@@ -416,17 +416,19 @@ extern int set_filesize_limit (int blocks); + extern int user_busy (const char *name, uid_t uid); + + /* utmp.c */ ++#ifndef USE_UTMPX + extern /*@null@*/struct utmp *get_current_utmp (void); + extern struct utmp *prepare_utmp (const char *name, + const char *line, + const char *host, + /*@null@*/const struct utmp *ut); + extern int setutmp (struct utmp *ut); +-#ifdef USE_UTMPX ++#else ++extern /*@null@*/struct utmpx *get_current_utmp (void); + extern struct utmpx *prepare_utmpx (const char *name, + const char *line, + const char *host, +- /*@null@*/const struct utmp *ut); ++ /*@null@*/const struct utmpx *ut); + extern int setutmpx (struct utmpx *utx); + #endif /* USE_UTMPX */ + +diff --git a/libmisc/utmp.c b/libmisc/utmp.c +index f5614a22..ba69cf61 100644 +--- a/libmisc/utmp.c ++++ b/libmisc/utmp.c +@@ -35,10 +35,10 @@ + #include "defines.h" + #include "prototypes.h" + +-#include <utmp.h> +- + #ifdef USE_UTMPX + #include <utmpx.h> ++#else ++#include <utmp.h> + #endif + + #include <assert.h> +@@ -97,6 +97,7 @@ static bool is_my_tty (const char *tty) + * + * Return NULL if no entries exist in utmp for the current process. + */ ++#ifndef USE_UTMPX + /*@null@*/ /*@only@*/struct utmp *get_current_utmp (void) + { + struct utmp *ut; +@@ -130,6 +131,36 @@ static bool is_my_tty (const char *tty) + + return ret; + } ++#else ++/*@null@*/ /*@only*/struct utmpx *get_current_utmp(void) ++{ ++ struct utmpx *ut; ++ struct utmpx *ret = NULL; ++ ++ setutxent (); ++ ++ /* Find the utmpx entry for this PID. */ ++ while ((ut = getutxent ()) != NULL) { ++ if ( (ut->ut_pid == getpid ()) ++ && ('\0' != ut->ut_id[0]) ++ && ( (LOGIN_PROCESS == ut->ut_type) ++ || (USER_PROCESS == ut->ut_type)) ++ && is_my_tty (ut->ut_line)) { ++ break; ++ } ++ } ++ ++ if (NULL != ut) { ++ ret = (struct utmpx *) xmalloc (sizeof (*ret)); ++ memcpy (ret, ut, sizeof (*ret)); ++ } ++ ++ endutxent (); ++ ++ return ret; ++} ++#endif ++ + + #ifndef USE_PAM + /* +@@ -166,6 +197,7 @@ static void updwtmpx (const char *filename, const struct utmpx *utx) + #endif /* ! USE_PAM */ + + ++#ifndef USE_UTMPX + /* + * prepare_utmp - prepare an utmp entry so that it can be logged in a + * utmp/wtmp file. +@@ -325,14 +357,14 @@ int setutmp (struct utmp *ut) + return err; + } + +-#ifdef USE_UTMPX ++#else + /* + * prepare_utmpx - the UTMPX version for prepare_utmp + */ + /*@only@*/struct utmpx *prepare_utmpx (const char *name, + const char *line, + const char *host, +- /*@null@*/const struct utmp *ut) ++ /*@null@*/const struct utmpx *ut) + { + struct timeval tv; + char *hostname = NULL; +@@ -398,7 +430,7 @@ int setutmp (struct utmp *ut) + struct sockaddr_in *sa = + (struct sockaddr_in *) info->ai_addr; + #ifdef HAVE_STRUCT_UTMPX_UT_ADDR +- memcpy (utxent->ut_addr, ++ memcpy (&utxent->ut_addr, + &(sa->sin_addr), + MIN (sizeof (utxent->ut_addr), + sizeof (sa->sin_addr))); +diff --git a/src/login.c b/src/login.c +index e287cb0b..7677adf1 100644 +--- a/src/login.c ++++ b/src/login.c +@@ -129,7 +129,12 @@ static /*@observer@*/const char *get_failent_user (/*@returned@*/const char *use + static void update_utmp (const char *user, + const char *tty, + const char *host, +- /*@null@*/const struct utmp *utent); ++#ifdef USE_UTMPX ++ /*@null@*/const struct utmpx *utent ++#else ++ /*@null@*/const struct utmp *utent ++#endif ++ ); + + #ifndef USE_PAM + static struct faillog faillog; +@@ -481,17 +486,23 @@ static /*@observer@*/const char *get_failent_user (/*@returned@*/const char *use + static void update_utmp (const char *user, + const char *tty, + const char *host, +- /*@null@*/const struct utmp *utent) ++#ifdef USE_UTMPX ++ /*@null@*/const struct utmpx *utent ++#else ++ /*@null@*/const struct utmp *utent ++#endif ++ ) + { +- struct utmp *ut = prepare_utmp (user, tty, host, utent); + #ifdef USE_UTMPX + struct utmpx *utx = prepare_utmpx (user, tty, host, utent); ++#else ++ struct utmp *ut = prepare_utmp (user, tty, host, utent); + #endif /* USE_UTMPX */ + ++#ifndef USE_UTMPX + (void) setutmp (ut); /* make entry in the utmp & wtmp files */ + free (ut); +- +-#ifdef USE_UTMPX ++#else + (void) setutmpx (utx); /* make entry in the utmpx & wtmpx files */ + free (utx); + #endif /* USE_UTMPX */ +@@ -539,7 +550,11 @@ int main (int argc, char **argv) + struct passwd *pwd = NULL; + char **envp = environ; + const char *failent_user; ++#ifdef USE_UTMPX ++ /*@null@*/struct utmpx *utent; ++#else + /*@null@*/struct utmp *utent; ++#endif + + #ifdef USE_PAM + int retcode; +@@ -681,7 +696,7 @@ int main (int argc, char **argv) + + if (rflg || hflg) { + cp = hostname; +-#ifdef HAVE_STRUCT_UTMP_UT_HOST ++#if defined(HAVE_STRUCT_UTMP_UT_HOST) || defined(USE_UTMPX) + } else if ((NULL != utent) && ('\0' != utent->ut_host[0])) { + cp = utent->ut_host; + #endif /* HAVE_STRUCT_UTMP_UT_HOST */ |