[arch-commits] Commit in shadow/trunk (3 files)
Dave Reisner
dreisner at archlinux.org
Mon Feb 13 21:55:51 UTC 2012
Date: Monday, February 13, 2012 @ 16:55:51
Author: dreisner
Revision: 150163
upgpkg: shadow 4.1.5-1
- remove CVE patch
- refactor remaining patches
- add source gpg .sig
- build static libmisc (avoids build breakage)
- assorted PKGBUILD cleanup
Modified:
shadow/trunk/PKGBUILD
shadow/trunk/shadow-strncpy-usage.patch
Deleted:
shadow/trunk/shadow_CVE-2011-0721.patch
----------------------------+
PKGBUILD | 74 +++++++++++++++++++++++--------------------
shadow-strncpy-usage.patch | 36 +++++++++-----------
shadow_CVE-2011-0721.patch | 57 ---------------------------------
3 files changed, 57 insertions(+), 110 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2012-02-13 21:03:16 UTC (rev 150162)
+++ PKGBUILD 2012-02-13 21:55:51 UTC (rev 150163)
@@ -3,8 +3,8 @@
# Maintainer: Aaron Griffin <aaron at archlinux.org>
pkgname=shadow
-pkgver=4.1.4.3
-pkgrel=5
+pkgver=4.1.5
+pkgrel=1
pkgdesc="Password and account management tool suite with support for shadow files and PAM"
arch=('i686' 'x86_64')
url='http://pkg-shadow.alioth.debian.org/'
@@ -17,15 +17,25 @@
etc/pam.d/{chfn,chgpasswd,groupmems,chsh}
etc/default/useradd)
options=('!libtool')
-install=shadow.install
-#http://pkg-shadow.alioth.debian.org/releases/shadow-$pkgver.tar.bz2
-# shadow 4.1.4.3 is just shadow 4.1.4.2 with shadow_CVE-2011-0721.patch applied
-source=(ftp://ftp.archlinux.org/other/shadow/shadow_4.1.4.2+svn3283.orig.tar.gz
- adduser chgpasswd chpasswd defaults.pam login login.defs newusers
- passwd shadow.cron.daily useradd.defaults LICENSE
- xstrdup.patch shadow_CVE-2011-0721.patch shadow-strncpy-usage.patch
+install='shadow.install'
+source=("http://pkg-shadow.alioth.debian.org/releases/$pkgname-$pkgver.tar.bz2"{,.sig}
+ LICENSE
+ adduser
+ chgpasswd
+ chpasswd
+ defaults.pam
+ login
+ login.defs
+ newusers
+ passwd
+ shadow.cron.daily
+ useradd.defaults
+ xstrdup.patch
+ shadow-strncpy-usage.patch
shadow-add-missing-include.patch)
-sha1sums=('8b704b8f07718e329205f23d457c3121c0f3679e'
+sha1sums=('3ab1ae0e30af36d04445314fcb5a079bdf05de41'
+ '0a31aafceb948a91fe7370a6378cafd6fd883145'
+ '33a6cf1e44a1410e5c9726c89e5de68b78f5f922'
'78ec184a499f9708adcfcf0b7a3b22a60bf39f91'
'4ad0e059406a305c8640ed30d93c2a1f62c2f4ad'
'12427b1ca92a9b85ca8202239f0d9f50198b818f'
@@ -36,42 +46,40 @@
'611be25d91c3f8f307c7fe2485d5f781e5dee75f'
'5d83ba7e11c765c951867cbe00b0ae7ff57148fa'
'9ae93de5987dd0ae428f0cc1a5a5a5cd53583f19'
- '33a6cf1e44a1410e5c9726c89e5de68b78f5f922'
'6010fffeed1fc6673ad9875492e1193b1a847b53'
- '6bfe6528391eb38d338beacedd620407877b637d'
- '9db9e62ad173f31e1039121c0124cf60826ffd7e'
+ '21e12966a6befb25ec123b403cd9b5c492fe5b16'
'0697a21f7519de30821da7772677035652df4ad2')
build() {
- cd "$srcdir/$pkgname-4.1.4.2+svn3283"
+ cd "$pkgname-$pkgver"
- # fix linking issues with binutils 2.22
+ # avoid transitive linking issues with binutils 2.22
sed -i '/^user\(mod\|add\)_LDADD/s|$| -lattr|' src/Makefile.am
- # Ugh, force this to build shared libraries, for god's sake
- sed -i "s/noinst_LTLIBRARIES/lib_LTLIBRARIES/g" lib/Makefile.am
- libtoolize
- autoreconf
- export LDFLAGS="$LDFLAGS -lcrypt"
+ # link to glibc's crypt(3)
+ LDFLAGS+=" -lcrypt"
- patch -p1 -i "$srcdir/xstrdup.patch"
- patch -p1 -i "$srcdir/shadow_CVE-2011-0721.patch"
- patch -p1 -i "$srcdir/shadow-strncpy-usage.patch"
- patch -p1 -i "$srcdir/shadow-add-missing-include.patch"
+ patch -Np1 <"$srcdir/xstrdup.patch"
+ patch -Np1 <"$srcdir/shadow-strncpy-usage.patch"
+ patch -Np1 <"$srcdir/shadow-add-missing-include.patch"
# supress etc/pam.d/*, we provide our own
sed -i '/^SUBDIRS/s/pam.d//' etc/Makefile.in
./configure \
- --prefix=/usr --libdir=/lib \
- --mandir=/usr/share/man --sysconfdir=/etc \
- --enable-shared --disable-static \
- --with-libpam --without-selinux
+ --prefix=/usr \
+ --libdir=/lib \
+ --mandir=/usr/share/man \
+ --sysconfdir=/etc \
+ --with-libpam \
+ --without-selinux
+
make
}
package() {
- cd "$srcdir/$pkgname-4.1.4.2+svn3283"
+ cd "$pkgname-$pkgver"
+
make DESTDIR="$pkgdir" install
# license
@@ -90,11 +98,9 @@
install -Dm644 "$srcdir/login.defs" "$pkgdir/etc/login.defs"
# PAM config - custom
- install -Dm644 "$srcdir/login" "$pkgdir/etc/pam.d/login"
- install -Dm644 "$srcdir/passwd" "$pkgdir/etc/pam.d/passwd"
- install -Dm644 "$srcdir/chgpasswd" "$pkgdir/etc/pam.d/chgpasswd"
- install -Dm644 "$srcdir/chpasswd" "$pkgdir/etc/pam.d/chpasswd"
- install -Dm644 "$srcdir/newusers" "$pkgdir/etc/pam.d/newusers"
+ install -dm644 "$pkgdir/etc/pam.d"
+ install -t "$pkgdir/etc/pam.d" -m644 "$srcdir"/{login,passwd,chgpasswd,chpasswd,newusers}
+
# PAM config - from tarball
install -Dm644 etc/pam.d/groupmems "$pkgdir/etc/pam.d/groupmems"
Modified: shadow-strncpy-usage.patch
===================================================================
--- shadow-strncpy-usage.patch 2012-02-13 21:03:16 UTC (rev 150162)
+++ shadow-strncpy-usage.patch 2012-02-13 21:55:51 UTC (rev 150163)
@@ -1,27 +1,25 @@
-diff -ur shadow-4.1.4.3.orig/src/login.c shadow-4.1.4.3/src/login.c
---- shadow-4.1.4.3.orig/src/login.c 2011-03-05 22:17:10.032524948 -0800
-+++ shadow-4.1.4.3/src/login.c 2011-03-05 22:17:59.154342059 -0800
-@@ -748,8 +748,9 @@
- sizeof (loginprompt),
+diff -u shadow-4.1.5/src/usermod.c.orig shadow-4.1.5/src/usermod.c
+--- shadow-4.1.5/src/usermod.c.orig 2012-02-13 08:19:43.792146449 -0500
++++ shadow-4.1.5/src/usermod.c 2012-02-13 08:21:19.375114500 -0500
+@@ -182,7 +182,7 @@
+ struct tm *tp;
+
+ if (date < 0) {
+- strncpy (buf, "never", maxsize);
++ strncpy (buf, "never", maxsize - 1);
+ } else {
+ time_t t = (time_t) date;
+ tp = gmtime (&t);
+diff -u shadow-4.1.5/src/login.c.orig shadow-4.1.5/src/login.c
+--- shadow-4.1.5/src/login.c.orig 2012-02-13 08:19:50.951994454 -0500
++++ shadow-4.1.5/src/login.c 2012-02-13 08:21:04.490430937 -0500
+@@ -752,7 +752,8 @@
_("%s login: "), hostn);
} else {
-+ loginprompt[sizeof (loginprompt) - 1] = '\0';
strncpy (loginprompt, _("login: "),
- sizeof (loginprompt));
+ sizeof (loginprompt) - 1);
++ loginprompt[sizeof (loginprompt) - 1] = '\0';
}
retcode = pam_set_item (pamh, PAM_USER_PROMPT, loginprompt);
-diff -ur shadow-4.1.4.3.orig/src/usermod.c shadow-4.1.4.3/src/usermod.c
---- shadow-4.1.4.3.orig/src/usermod.c 2011-03-05 22:17:10.029191265 -0800
-+++ shadow-4.1.4.3/src/usermod.c 2011-03-05 22:18:42.665576968 -0800
-@@ -182,7 +182,8 @@
- struct tm *tp;
-
- if ((negativ != NULL) && (date < 0)) {
-- strncpy (buf, negativ, maxsize);
-+ buf[maxsize - 1] = '\0';
-+ strncpy (buf, negativ, maxsize - 1);
- } else {
- time_t t = (time_t) date;
- tp = gmtime (&t);
Deleted: shadow_CVE-2011-0721.patch
===================================================================
--- shadow_CVE-2011-0721.patch 2012-02-13 21:03:16 UTC (rev 150162)
+++ shadow_CVE-2011-0721.patch 2012-02-13 21:55:51 UTC (rev 150163)
@@ -1,57 +0,0 @@
-Goal: Input sanitization for chfn and chsh
-
-Fixes: CVE-2011-0721
-
-Status wrt upstream: Already applied upstream (4.1.4.3)
-
---- a/src/chfn.c
-+++ b/src/chfn.c
-@@ -551,14 +551,14 @@
- static void check_fields (void)
- {
- int err;
-- err = valid_field (fullnm, ":,=");
-+ err = valid_field (fullnm, ":,=\n");
- if (err > 0) {
- fprintf (stderr, _("%s: name with non-ASCII characters: '%s'\n"), Prog, fullnm);
- } else if (err < 0) {
- fprintf (stderr, _("%s: invalid name: '%s'\n"), Prog, fullnm);
- fail_exit (E_NOPERM);
- }
-- err = valid_field (roomno, ":,=");
-+ err = valid_field (roomno, ":,=\n");
- if (err > 0) {
- fprintf (stderr, _("%s: room number with non-ASCII characters: '%s'\n"), Prog, roomno);
- } else if (err < 0) {
-@@ -566,17 +566,17 @@
- Prog, roomno);
- fail_exit (E_NOPERM);
- }
-- if (valid_field (workph, ":,=") != 0) {
-+ if (valid_field (workph, ":,=\n") != 0) {
- fprintf (stderr, _("%s: invalid work phone: '%s'\n"),
- Prog, workph);
- fail_exit (E_NOPERM);
- }
-- if (valid_field (homeph, ":,=") != 0) {
-+ if (valid_field (homeph, ":,=\n") != 0) {
- fprintf (stderr, _("%s: invalid home phone: '%s'\n"),
- Prog, homeph);
- fail_exit (E_NOPERM);
- }
-- err = valid_field (slop, ":");
-+ err = valid_field (slop, ":\n");
- if (err > 0) {
- fprintf (stderr, _("%s: '%s' contains non-ASCII characters\n"), Prog, slop);
- } else if (err < 0) {
---- a/src/chsh.
-+++ b/src/chsh.c
-@@ -528,7 +528,7 @@
- * users are restricted to using the shells in /etc/shells.
- * The shell must be executable by the user.
- */
-- if (valid_field (loginsh, ":,=") != 0) {
-+ if (valid_field (loginsh, ":,=\n") != 0) {
- fprintf (stderr, _("%s: Invalid entry: %s\n"), Prog, loginsh);
- fail_exit (1);
- }
More information about the arch-commits
mailing list