[arch-commits] Commit in shadow/trunk (3 files)

Dave Reisner dreisner at archlinux.org
Mon Feb 13 16:55:51 EST 2012


    Date: Monday, February 13, 2012 @ 16:55:51
  Author: dreisner
Revision: 150163

upgpkg: shadow 4.1.5-1

- remove CVE patch
- refactor remaining patches
- add source gpg .sig
- build static libmisc (avoids build breakage)
- assorted PKGBUILD cleanup

Modified:
  shadow/trunk/PKGBUILD
  shadow/trunk/shadow-strncpy-usage.patch
Deleted:
  shadow/trunk/shadow_CVE-2011-0721.patch

----------------------------+
 PKGBUILD                   |   74 +++++++++++++++++++++++--------------------
 shadow-strncpy-usage.patch |   36 +++++++++-----------
 shadow_CVE-2011-0721.patch |   57 ---------------------------------
 3 files changed, 57 insertions(+), 110 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2012-02-13 21:03:16 UTC (rev 150162)
+++ PKGBUILD	2012-02-13 21:55:51 UTC (rev 150163)
@@ -3,8 +3,8 @@
 # Maintainer: Aaron Griffin <aaron at archlinux.org>
 
 pkgname=shadow
-pkgver=4.1.4.3
-pkgrel=5
+pkgver=4.1.5
+pkgrel=1
 pkgdesc="Password and account management tool suite with support for shadow files and PAM"
 arch=('i686' 'x86_64')
 url='http://pkg-shadow.alioth.debian.org/'
@@ -17,15 +17,25 @@
         etc/pam.d/{chfn,chgpasswd,groupmems,chsh}
         etc/default/useradd)
 options=('!libtool')
-install=shadow.install
-#http://pkg-shadow.alioth.debian.org/releases/shadow-$pkgver.tar.bz2
-# shadow 4.1.4.3 is just shadow 4.1.4.2 with shadow_CVE-2011-0721.patch applied
-source=(ftp://ftp.archlinux.org/other/shadow/shadow_4.1.4.2+svn3283.orig.tar.gz
-        adduser chgpasswd chpasswd defaults.pam login login.defs newusers
-        passwd shadow.cron.daily useradd.defaults LICENSE
-        xstrdup.patch shadow_CVE-2011-0721.patch shadow-strncpy-usage.patch
+install='shadow.install'
+source=("http://pkg-shadow.alioth.debian.org/releases/$pkgname-$pkgver.tar.bz2"{,.sig}
+        LICENSE
+        adduser
+        chgpasswd
+        chpasswd
+        defaults.pam
+        login
+        login.defs
+        newusers
+        passwd
+        shadow.cron.daily
+        useradd.defaults
+        xstrdup.patch
+        shadow-strncpy-usage.patch
         shadow-add-missing-include.patch)
-sha1sums=('8b704b8f07718e329205f23d457c3121c0f3679e'
+sha1sums=('3ab1ae0e30af36d04445314fcb5a079bdf05de41'
+          '0a31aafceb948a91fe7370a6378cafd6fd883145'
+          '33a6cf1e44a1410e5c9726c89e5de68b78f5f922'
           '78ec184a499f9708adcfcf0b7a3b22a60bf39f91'
           '4ad0e059406a305c8640ed30d93c2a1f62c2f4ad'
           '12427b1ca92a9b85ca8202239f0d9f50198b818f'
@@ -36,42 +46,40 @@
           '611be25d91c3f8f307c7fe2485d5f781e5dee75f'
           '5d83ba7e11c765c951867cbe00b0ae7ff57148fa'
           '9ae93de5987dd0ae428f0cc1a5a5a5cd53583f19'
-          '33a6cf1e44a1410e5c9726c89e5de68b78f5f922'
           '6010fffeed1fc6673ad9875492e1193b1a847b53'
-          '6bfe6528391eb38d338beacedd620407877b637d'
-          '9db9e62ad173f31e1039121c0124cf60826ffd7e'
+          '21e12966a6befb25ec123b403cd9b5c492fe5b16'
           '0697a21f7519de30821da7772677035652df4ad2')
 
 build() {
-  cd "$srcdir/$pkgname-4.1.4.2+svn3283"
+  cd "$pkgname-$pkgver"
 
-  # fix linking issues with binutils 2.22
+  # avoid transitive linking issues with binutils 2.22
   sed -i '/^user\(mod\|add\)_LDADD/s|$| -lattr|' src/Makefile.am
 
-  # Ugh, force this to build shared libraries, for god's sake
-  sed -i "s/noinst_LTLIBRARIES/lib_LTLIBRARIES/g" lib/Makefile.am
-  libtoolize
-  autoreconf
-  export LDFLAGS="$LDFLAGS -lcrypt"
+  # link to glibc's crypt(3)
+  LDFLAGS+=" -lcrypt"
 
-  patch -p1 -i "$srcdir/xstrdup.patch"
-  patch -p1 -i "$srcdir/shadow_CVE-2011-0721.patch"
-  patch -p1 -i "$srcdir/shadow-strncpy-usage.patch"
-  patch -p1 -i "$srcdir/shadow-add-missing-include.patch"
+  patch -Np1 <"$srcdir/xstrdup.patch"
+  patch -Np1 <"$srcdir/shadow-strncpy-usage.patch"
+  patch -Np1 <"$srcdir/shadow-add-missing-include.patch"
 
   # supress etc/pam.d/*, we provide our own
   sed -i '/^SUBDIRS/s/pam.d//' etc/Makefile.in
 
   ./configure \
-    --prefix=/usr --libdir=/lib \
-    --mandir=/usr/share/man --sysconfdir=/etc \
-    --enable-shared --disable-static \
-    --with-libpam --without-selinux
+    --prefix=/usr \
+    --libdir=/lib \
+    --mandir=/usr/share/man \
+    --sysconfdir=/etc \
+    --with-libpam \
+    --without-selinux
+
   make
 }
 
 package() {
-  cd "$srcdir/$pkgname-4.1.4.2+svn3283"
+  cd "$pkgname-$pkgver"
+
   make DESTDIR="$pkgdir" install
 
   # license
@@ -90,11 +98,9 @@
   install -Dm644 "$srcdir/login.defs" "$pkgdir/etc/login.defs"
 
   # PAM config - custom
-  install -Dm644 "$srcdir/login" "$pkgdir/etc/pam.d/login"
-  install -Dm644 "$srcdir/passwd" "$pkgdir/etc/pam.d/passwd"
-  install -Dm644 "$srcdir/chgpasswd" "$pkgdir/etc/pam.d/chgpasswd"
-  install -Dm644 "$srcdir/chpasswd" "$pkgdir/etc/pam.d/chpasswd"
-  install -Dm644 "$srcdir/newusers" "$pkgdir/etc/pam.d/newusers"
+  install -dm644 "$pkgdir/etc/pam.d"
+  install -t "$pkgdir/etc/pam.d" -m644 "$srcdir"/{login,passwd,chgpasswd,chpasswd,newusers}
+
   # PAM config - from tarball
   install -Dm644 etc/pam.d/groupmems "$pkgdir/etc/pam.d/groupmems"
 

Modified: shadow-strncpy-usage.patch
===================================================================
--- shadow-strncpy-usage.patch	2012-02-13 21:03:16 UTC (rev 150162)
+++ shadow-strncpy-usage.patch	2012-02-13 21:55:51 UTC (rev 150163)
@@ -1,27 +1,25 @@
-diff -ur shadow-4.1.4.3.orig/src/login.c shadow-4.1.4.3/src/login.c
---- shadow-4.1.4.3.orig/src/login.c	2011-03-05 22:17:10.032524948 -0800
-+++ shadow-4.1.4.3/src/login.c	2011-03-05 22:17:59.154342059 -0800
-@@ -748,8 +748,9 @@
- 			          sizeof (loginprompt),
+diff -u shadow-4.1.5/src/usermod.c.orig shadow-4.1.5/src/usermod.c
+--- shadow-4.1.5/src/usermod.c.orig	2012-02-13 08:19:43.792146449 -0500
++++ shadow-4.1.5/src/usermod.c	2012-02-13 08:21:19.375114500 -0500
+@@ -182,7 +182,7 @@
+ 	struct tm *tp;
+ 
+ 	if (date < 0) {
+-		strncpy (buf, "never", maxsize);
++		strncpy (buf, "never", maxsize - 1);
+ 	} else {
+ 		time_t t = (time_t) date;
+ 		tp = gmtime (&t);
+diff -u shadow-4.1.5/src/login.c.orig shadow-4.1.5/src/login.c
+--- shadow-4.1.5/src/login.c.orig	2012-02-13 08:19:50.951994454 -0500
++++ shadow-4.1.5/src/login.c	2012-02-13 08:21:04.490430937 -0500
+@@ -752,7 +752,8 @@
  			          _("%s login: "), hostn);
  		} else {
-+		        loginprompt[sizeof (loginprompt) - 1] = '\0';
  			strncpy (loginprompt, _("login: "),
 -			         sizeof (loginprompt));
 +			         sizeof (loginprompt) - 1);
++			loginprompt[sizeof (loginprompt) - 1] = '\0';
  		}
  
  		retcode = pam_set_item (pamh, PAM_USER_PROMPT, loginprompt);
-diff -ur shadow-4.1.4.3.orig/src/usermod.c shadow-4.1.4.3/src/usermod.c
---- shadow-4.1.4.3.orig/src/usermod.c	2011-03-05 22:17:10.029191265 -0800
-+++ shadow-4.1.4.3/src/usermod.c	2011-03-05 22:18:42.665576968 -0800
-@@ -182,7 +182,8 @@
- 	struct tm *tp;
- 
- 	if ((negativ != NULL) && (date < 0)) {
--		strncpy (buf, negativ, maxsize);
-+	        buf[maxsize - 1] = '\0';
-+		strncpy (buf, negativ, maxsize - 1);
- 	} else {
- 		time_t t = (time_t) date;
- 		tp = gmtime (&t);

Deleted: shadow_CVE-2011-0721.patch
===================================================================
--- shadow_CVE-2011-0721.patch	2012-02-13 21:03:16 UTC (rev 150162)
+++ shadow_CVE-2011-0721.patch	2012-02-13 21:55:51 UTC (rev 150163)
@@ -1,57 +0,0 @@
-Goal: Input sanitization for chfn and chsh
-
-Fixes: CVE-2011-0721
-
-Status wrt upstream: Already applied upstream (4.1.4.3)
-
---- a/src/chfn.c
-+++ b/src/chfn.c
-@@ -551,14 +551,14 @@
- static void check_fields (void)
- {
- 	int err;
--	err = valid_field (fullnm, ":,=");
-+	err = valid_field (fullnm, ":,=\n");
- 	if (err > 0) {
- 		fprintf (stderr, _("%s: name with non-ASCII characters: '%s'\n"), Prog, fullnm);
- 	} else if (err < 0) {
- 		fprintf (stderr, _("%s: invalid name: '%s'\n"), Prog, fullnm);
- 		fail_exit (E_NOPERM);
- 	}
--	err = valid_field (roomno, ":,=");
-+	err = valid_field (roomno, ":,=\n");
- 	if (err > 0) {
- 		fprintf (stderr, _("%s: room number with non-ASCII characters: '%s'\n"), Prog, roomno);
- 	} else if (err < 0) {
-@@ -566,17 +566,17 @@
- 		         Prog, roomno);
- 		fail_exit (E_NOPERM);
- 	}
--	if (valid_field (workph, ":,=") != 0) {
-+	if (valid_field (workph, ":,=\n") != 0) {
- 		fprintf (stderr, _("%s: invalid work phone: '%s'\n"),
- 		         Prog, workph);
- 		fail_exit (E_NOPERM);
- 	}
--	if (valid_field (homeph, ":,=") != 0) {
-+	if (valid_field (homeph, ":,=\n") != 0) {
- 		fprintf (stderr, _("%s: invalid home phone: '%s'\n"),
- 		         Prog, homeph);
- 		fail_exit (E_NOPERM);
- 	}
--	err = valid_field (slop, ":");
-+	err = valid_field (slop, ":\n");
- 	if (err > 0) {
- 		fprintf (stderr, _("%s: '%s' contains non-ASCII characters\n"), Prog, slop);
- 	} else if (err < 0) {
---- a/src/chsh.
-+++ b/src/chsh.c
-@@ -528,7 +528,7 @@
- 	 * users are restricted to using the shells in /etc/shells.
- 	 * The shell must be executable by the user.
- 	 */
--	if (valid_field (loginsh, ":,=") != 0) {
-+	if (valid_field (loginsh, ":,=\n") != 0) {
- 		fprintf (stderr, _("%s: Invalid entry: %s\n"), Prog, loginsh);
- 		fail_exit (1);
- 	}



More information about the arch-commits mailing list