diff options
| author |   Mike Frysinger <vapier@gentoo.org> | 2004-10-08 00:01:35 +0000 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2004-10-08 00:01:35 +0000 |
| commit | f962da04842ba800fc58ab8af39fbd36f263c675 (patch) | |
| tree | eda189de3e7cd96b00eee55cad1fabfbb7d7c7ff /sys-apps/shadow | |
| parent | security fun #66355, take 2 (diff) | |
| download | historical-f962da04842ba800fc58ab8af39fbd36f263c675.tar.gz historical-f962da04842ba800fc58ab8af39fbd36f263c675.tar.bz2 historical-f962da04842ba800fc58ab8af39fbd36f263c675.zip | |
version bump to fix pam/userdel #66687
Diffstat (limited to 'sys-apps/shadow')
| -rw-r--r-- | sys-apps/shadow/ChangeLog | 9 | ||||
| -rw-r--r-- | sys-apps/shadow/Manifest | 19 | ||||
| -rw-r--r-- | sys-apps/shadow/files/digest-shadow-4.0.4.1-r1 | 1 | ||||
| -rw-r--r-- | sys-apps/shadow/files/digest-shadow-4.0.4.1-r2 | 1 | ||||
| -rw-r--r-- | sys-apps/shadow/files/digest-shadow-4.0.4.1-r4 (renamed from sys-apps/shadow/files/digest-shadow-4.0.4.1) | 0 | ||||
| -rw-r--r-- | sys-apps/shadow/files/shadow-4.0.4.1-userdel-missing-brackets.patch | 15 | ||||
| -rw-r--r-- | sys-apps/shadow/shadow-4.0.4.1-r1.ebuild | 211 | ||||
| -rw-r--r-- | sys-apps/shadow/shadow-4.0.4.1-r3.ebuild | 4 | ||||
| -rw-r--r-- | sys-apps/shadow/shadow-4.0.4.1-r4.ebuild (renamed from sys-apps/shadow/shadow-4.0.4.1-r2.ebuild) | 40 | ||||
| -rw-r--r-- | sys-apps/shadow/shadow-4.0.4.1.ebuild | 205 |
10 files changed, 52 insertions, 453 deletions
diff --git a/sys-apps/shadow/ChangeLog b/sys-apps/shadow/ChangeLog index 0206f9b89d91..a2734415afa1 100644 --- a/sys-apps/shadow/ChangeLog +++ b/sys-apps/shadow/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for sys-apps/shadow # Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/ChangeLog,v 1.68 2004/09/03 21:03:24 pvdabeel Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/ChangeLog,v 1.69 2004/10/08 00:01:35 vapier Exp $ + +*shadow-4.0.4.1-r4 (07 Oct 2004) + + 07 Oct 2004; Mike Frysinger <vapier@gentoo.org> +shadow-4.0.4.1-r4.ebuild + +files/shadow-4.0.4.1-userdel-missing-brackets.patch: + Add patch to fix exit status while using pam #66687 by Scott Beck/Jason + Rhinelander. 03 Sep 2004; Pieter Van den Abeele <pvdabeel@gentoo.org> shadow-4.0.4.1-r1.ebuild, shadow-4.0.4.1-r2.ebuild: diff --git a/sys-apps/shadow/Manifest b/sys-apps/shadow/Manifest index 8668a4f1f499..c10f86712346 100644 --- a/sys-apps/shadow/Manifest +++ b/sys-apps/shadow/Manifest @@ -1,20 +1,17 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -MD5 7bc6402a22037a21b6e4b844e19d7333 ChangeLog 13199 +MD5 5b423dcdf2cb80e422412e25319e878c ChangeLog 13453 MD5 9a09f8d531c582e78977dbfd96edc1f2 metadata.xml 164 -MD5 7a12eb2fb15aaefb0330c5decfa661f0 shadow-4.0.4.1.ebuild 5786 -MD5 3e75acba3a05ce187132278e7c992495 shadow-4.0.4.1-r1.ebuild 6089 -MD5 94e6fcfced1709b6f450608334092f03 shadow-4.0.4.1-r2.ebuild 5973 -MD5 a47f688cad94778fcc5b3dc628811c64 shadow-4.0.4.1-r3.ebuild 5961 +MD5 049d760ceef1080f7af1ce165ac6cf1e shadow-4.0.4.1-r4.ebuild 5988 +MD5 91635d256aa7c6804336bb55b7263d71 shadow-4.0.4.1-r3.ebuild 5961 +MD5 cef6788bc7c8c5468c1b1f68df77ed9e files/digest-shadow-4.0.4.1-r4 67 MD5 e70a5f61d37c3c67a4b860d8a6191dbc files/securetty 230 -MD5 cef6788bc7c8c5468c1b1f68df77ed9e files/digest-shadow-4.0.4.1 67 +MD5 058f760e522ab65e270293003805fe61 files/shadow-4.0.4.1-userdel-missing-brackets.patch 380 MD5 aaf16ddabef285df169e37254b13561c files/shadow-4.0.4.1-selinux.diff 4296 MD5 201f1321262da41ccd1a0283216ae9a7 files/shadow-4.0.4.1-su-pam_open_session.patch 4886 MD5 bb55107c3a9354ef2d1977547fdb5a83 files/shadow-4.0.4.1-useradd-manpage-update.patch 958 MD5 b8efca60a25e256eebe54c3d0db0760f files/shadow-4.0.4.1-gcc34-xmalloc.patch 361 -MD5 cef6788bc7c8c5468c1b1f68df77ed9e files/digest-shadow-4.0.4.1-r1 67 -MD5 cef6788bc7c8c5468c1b1f68df77ed9e files/digest-shadow-4.0.4.1-r2 67 MD5 020e030c2d09b206e88cf9051ced6244 files/shadow-4.0.4.1-nonis.patch 1504 MD5 cef6788bc7c8c5468c1b1f68df77ed9e files/digest-shadow-4.0.4.1-r3 67 MD5 6e0bc0211949c624da0ea08d994a7038 files/default/useradd 96 @@ -28,7 +25,7 @@ MD5 1baa646400c4a596290e9d4b9e1c09b2 files/pam.d/system-auth-1.1 491 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.9.10 (GNU/Linux) -iD8DBQFBW4NBHTu7gpaalycRAkPPAJ9MQWRqfn92dBfccO073YbRjBzfIgCgnBBb -OqTsc6zJxxMzVKuQwKm6lYc= -=NuRq +iD8DBQFBZdjsHTu7gpaalycRAn1RAJwLS0LOjQDdKZvDpyvw2JFhQUnziwCgvlSn +SQ32w/TcAHFtlMB7sh07/lk= +=d9hx -----END PGP SIGNATURE----- diff --git a/sys-apps/shadow/files/digest-shadow-4.0.4.1-r1 b/sys-apps/shadow/files/digest-shadow-4.0.4.1-r1 deleted file mode 100644 index 86c719561f0b..000000000000 --- a/sys-apps/shadow/files/digest-shadow-4.0.4.1-r1 +++ /dev/null @@ -1 +0,0 @@ -MD5 3a3d17d3d7c630b602baf66ae7434c61 shadow-4.0.4.1.tar.bz2 814234 diff --git a/sys-apps/shadow/files/digest-shadow-4.0.4.1-r2 b/sys-apps/shadow/files/digest-shadow-4.0.4.1-r2 deleted file mode 100644 index 86c719561f0b..000000000000 --- a/sys-apps/shadow/files/digest-shadow-4.0.4.1-r2 +++ /dev/null @@ -1 +0,0 @@ -MD5 3a3d17d3d7c630b602baf66ae7434c61 shadow-4.0.4.1.tar.bz2 814234 diff --git a/sys-apps/shadow/files/digest-shadow-4.0.4.1 b/sys-apps/shadow/files/digest-shadow-4.0.4.1-r4 index 86c719561f0b..86c719561f0b 100644 --- a/sys-apps/shadow/files/digest-shadow-4.0.4.1 +++ b/sys-apps/shadow/files/digest-shadow-4.0.4.1-r4 diff --git a/sys-apps/shadow/files/shadow-4.0.4.1-userdel-missing-brackets.patch b/sys-apps/shadow/files/shadow-4.0.4.1-userdel-missing-brackets.patch new file mode 100644 index 000000000000..7e0393354f13 --- /dev/null +++ b/sys-apps/shadow/files/shadow-4.0.4.1-userdel-missing-brackets.patch @@ -0,0 +1,15 @@ +--- src/userdel.c.orig 2004-10-07 13:42:06.716627000 -0700 ++++ src/userdel.c 2004-10-07 14:05:03.547335810 -0700 +@@ -810,9 +810,10 @@ + pam_end (pamh, retval); + } + +- if (retval != PAM_SUCCESS) ++ if (retval != PAM_SUCCESS) { + fprintf (stderr, _("%s: PAM chauthtok failed\n"), Prog); +- exit (1); ++ exit (1); ++ } + + if (retval == PAM_SUCCESS) + pam_end (pamh, PAM_SUCCESS); diff --git a/sys-apps/shadow/shadow-4.0.4.1-r1.ebuild b/sys-apps/shadow/shadow-4.0.4.1-r1.ebuild deleted file mode 100644 index a751d9437243..000000000000 --- a/sys-apps/shadow/shadow-4.0.4.1-r1.ebuild +++ /dev/null @@ -1,211 +0,0 @@ -# Copyright 1999-2004 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/shadow-4.0.4.1-r1.ebuild,v 1.5 2004/09/03 21:03:24 pvdabeel Exp $ - -inherit eutils libtool gnuconfig 64-bit flag-o-matic - -FORCE_SYSTEMAUTH_UPDATE="no" - -SELINUX_PATCH="shadow-4.0.4.1-selinux.diff" - -HOMEPAGE="http://shadow.pld.org.pl/" -DESCRIPTION="Utilities to deal with user accounts" -SRC_URI="ftp://ftp.pld.org.pl/software/shadow/${P}.tar.bz2" - -LICENSE="BSD" -SLOT="0" -KEYWORDS="~x86 ppc ~sparc ~mips alpha arm ~mips ~hppa ~amd64 ~ia64 ~ppc64 s390" -IUSE="pam selinux nls" - -DEPEND=">=sys-libs/cracklib-2.7-r3 - pam? ( >=sys-libs/pam-0.75-r4 ) - nls? ( sys-devel/gettext ) - selinux? ( sys-libs/libselinux )" -RDEPEND=">=sys-libs/cracklib-2.7-r3 - pam? ( >=sys-libs/pam-0.75-r4 ) - selinux? ( sys-libs/libselinux )" - -pkg_preinst() { - rm -f ${ROOT}/etc/pam.d/system-auth.new -} - -src_unpack() { - unpack ${A} - - cd ${S} - - use selinux && epatch ${FILESDIR}/${SELINUX_PATCH} - - # Get su to call pam_open_session(), and also set DISPLAY and XAUTHORITY, - # else the session entries in /etc/pam.d/su never get executed, and - # pam_xauth for one, is then never used. This should close bug #8831. - # - # <azarah@gentoo.org> (19 Oct 2002) - use pam && epatch ${FILESDIR}/${P}-su-pam_open_session.patch - - # If su should not simulate a login shell, use '/bin/sh' as shell to enable - # running of commands as user with /bin/false as shell, closing bug #15015. - # - # <azarah@gentoo.org> (23 Feb 2003) -# This one could be a security hole ... -# cd ${S}; epatch ${FILESDIR}/${P}-nologin-run-sh.patch - - # Patch the useradd manpage to be a bit more clear, closing bug #13203. - # Thanks to Guy <guycad@mindspring.com>. - epatch ${FILESDIR}/${P}-useradd-manpage-update.patch - - # Patch to correct the definition if malloc, so that shadow can compile - # using gcc 3.4. see bug #47455 for more information - epatch ${FILESDIR}/${P}-gcc34-xmalloc.patch -} - -src_compile() { - # Allows shadow configure detect mips systems properly - gnuconfig_update - - elibtoolize - - # Fix this library for 64-bit systems that need -fPIC to link the - # libshadow.a into freeradius shared objects. Normally we'd - # just fix it for everybody but don't want to hurt performance for - # other arches. See bug 35736 (06 May 2004 agriffis) - 64-bit && append-flags -fPIC - - local myconf - use pam \ - && myconf="${myconf} --with-libpam --with-libcrack" \ - || myconf="${myconf} --without-libpam" - - ./configure --disable-desrpc \ - --with-libcrypt \ - --with-libcrack \ - --enable-shared=no \ - --enable-static=yes \ - --host=${CHOST} \ - `use_enable nls` \ - ${myconf} || die "bad configure" - - # Parallel make fails sometimes - emake -j1 || die "compile problem" -} - -src_install() { - dodir /etc/default /etc/skel - - make prefix=${D}/usr \ - exec_prefix=${D} \ - mandir=${D}/usr/share/man \ - install || die "install problem" - - # Do not install this login, but rather the one from - # pam-login, as this one have a serious root exploit - # with pam_limits in use. - use pam && rm ${D}/bin/login - - mv ${D}/lib ${D}/usr - dosed "s:/lib':/usr/lib':g" /usr/lib/libshadow.la - dosed "s:/lib/:/usr/lib/:g" /usr/lib/libshadow.la - dosed "s:/lib':/usr/lib':g" /usr/lib/libmisc.la - dosed "s:/lib/:/usr/lib/:g" /usr/lib/libmisc.la - dosym newgrp /usr/bin/sg - dosym useradd /usr/sbin/adduser - dosym vipw /usr/sbin/vigr - # Remove dead links - rm -f ${D}/bin/{sg,vipw,vigr} - - insinto /etc - # Using a securetty with devfs device names added - # (compat names kept for non-devfs compatibility) - insopts -m0600 ; doins ${FILESDIR}/securetty - insopts -m0600 ; doins ${S}/etc/login.access - insopts -m0644 ; doins ${S}/etc/limits - - # needed for 'adduser -D' - insinto /etc/default - insopts -m0600 - doins ${FILESDIR}/default/useradd -# From sys-apps/pam-login now -# insopts -m0644 ; doins ${FILESDIR}/login.defs - - if use pam ; then - insinto /etc/pam.d ; insopts -m0644 - for x in ${FILESDIR}/pam.d/* - do - [ -f ${x} ] && doins ${x} - done - cd ${FILESDIR}/pam.d - # Make sure /etc/pam.d/system-auth is the new version .. - mv ${D}/etc/pam.d/system-auth-1.1 ${D}/etc/pam.d/system-auth - newins system-auth-1.1 system-auth.new || die - newins shadow chage - newins shadow chsh - newins shadow chfn - newins shadow useradd - newins shadow groupadd - fi - - cd ${S} - # The manpage install is beyond my comprehension, and - # also broken. Just do it over. - rm -rf ${D}/usr/share/man/* - - rm -f man/id.1 man/getspnam.3 man/passwd.5 - for x in man/*.[0-9] - do - [ -f ${x} ] && doman ${x} - done - - if ! use pam ; then - # Dont install the manpage, since we dont use - # login with shadow - rm -f ${D}/usr/share/man/man1/login.* - # We use pam, so this is not applicable. - rm -f ${D}/usr/share/man/man5/suauth.* - fi - - cd ${S}/doc - dodoc ANNOUNCE INSTALL LICENSE README WISHLIST - docinto txt - dodoc HOWTO LSM README.* *.txt - - # Fix sparc serial console - if [ "${ARCH}" = "sparc" ] - then - # ttyS0 and its devfsd counterpart (Sparc serial port "A") - dosed 's:\(vc/1\)$:tts/0\n\1:' /etc/securetty - dosed 's:\(tty1\)$:ttyS0\n\1:' /etc/securetty - fi - - # fix hppa serial console - if [ "${ARCH}" = "hppa" ] - then - # ttyB0 is the PDC software console - dosed 's:\(vc/1\)$:tts/0\n\1:' /etc/securetty - dosed 's:\(tty1\)$:ttyS0\n\1:' /etc/securetty - dosed 's:\(tty1\)$:ttyB0\n\1:' /etc/securetty - fi -} - -pkg_postinst() { - use pam || return 0; - local CHECK1="$(md5sum ${ROOT}/etc/pam.d/system-auth | cut -d ' ' -f 1)" - local CHECK2="$(md5sum ${ROOT}/etc/pam.d/system-auth.new | cut -d ' ' -f 1)" - - if [ "${CHECK1}" != "${CHECK2}" -a "${FORCE_SYSTEMAUTH_UPDATE}" = "yes" ] - then - ewarn "Due to a security issue, ${ROOT}etc/pam.d/system-auth " - ewarn "is being updated automatically. Your old " - ewarn "system-auth will be backed up as:" - ewarn - ewarn " ${ROOT}etc/pam.d/system-auth.bak" - echo - - cp -a ${ROOT}/etc/pam.d/system-auth \ - ${ROOT}/etc/pam.d/system-auth.bak; - mv -f ${ROOT}/etc/pam.d/system-auth.new \ - ${ROOT}/etc/pam.d/system-auth - rm -f ${ROOT}/etc/pam.d/._cfg????_system-auth - else - rm -f ${ROOT}/etc/pam.d/system-auth.new - fi -} diff --git a/sys-apps/shadow/shadow-4.0.4.1-r3.ebuild b/sys-apps/shadow/shadow-4.0.4.1-r3.ebuild index 9aed9631e199..41ef63061f42 100644 --- a/sys-apps/shadow/shadow-4.0.4.1-r3.ebuild +++ b/sys-apps/shadow/shadow-4.0.4.1-r3.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2004 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/shadow-4.0.4.1-r3.ebuild,v 1.4 2004/09/30 03:31:17 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/shadow-4.0.4.1-r3.ebuild,v 1.5 2004/10/08 00:01:35 vapier Exp $ inherit eutils libtool gnuconfig flag-o-matic @@ -8,8 +8,8 @@ FORCE_SYSTEMAUTH_UPDATE="no" SELINUX_PATCH="shadow-4.0.4.1-selinux.diff" -HOMEPAGE="http://shadow.pld.org.pl/" DESCRIPTION="Utilities to deal with user accounts" +HOMEPAGE="http://shadow.pld.org.pl/" SRC_URI="ftp://ftp.pld.org.pl/software/shadow/${P}.tar.bz2" LICENSE="BSD" diff --git a/sys-apps/shadow/shadow-4.0.4.1-r2.ebuild b/sys-apps/shadow/shadow-4.0.4.1-r4.ebuild index d9f55a640aab..2f30b9f30948 100644 --- a/sys-apps/shadow/shadow-4.0.4.1-r2.ebuild +++ b/sys-apps/shadow/shadow-4.0.4.1-r4.ebuild @@ -1,20 +1,19 @@ # Copyright 1999-2004 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/shadow-4.0.4.1-r2.ebuild,v 1.8 2004/09/03 21:03:24 pvdabeel Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/shadow-4.0.4.1-r4.ebuild,v 1.1 2004/10/08 00:01:35 vapier Exp $ inherit eutils libtool gnuconfig flag-o-matic FORCE_SYSTEMAUTH_UPDATE="no" - SELINUX_PATCH="shadow-4.0.4.1-selinux.diff" -HOMEPAGE="http://shadow.pld.org.pl/" DESCRIPTION="Utilities to deal with user accounts" +HOMEPAGE="http://shadow.pld.org.pl/" SRC_URI="ftp://ftp.pld.org.pl/software/shadow/${P}.tar.bz2" LICENSE="BSD" SLOT="0" -KEYWORDS="x86 ppc ~sparc mips alpha ~arm ~mips hppa amd64 ia64 ~ppc64 ~s390" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86" IUSE="pam selinux nls uclibc" DEPEND=">=sys-libs/cracklib-2.7-r3 @@ -31,9 +30,9 @@ pkg_preinst() { src_unpack() { unpack ${A} - cd ${S} + # selinux loving use selinux && epatch ${FILESDIR}/${SELINUX_PATCH} # uclibc support, corrects NIS usage @@ -60,38 +59,37 @@ src_unpack() { # Patch to correct the definition if malloc, so that shadow can compile # using gcc 3.4. see bug #47455 for more information epatch ${FILESDIR}/${P}-gcc34-xmalloc.patch -} -src_compile() { - # Allows shadow configure detect mips systems properly + # userdel has a bug when PAM is enabled that causes it to always exit + # with an exit status of 1 #66687 + epatch ${FILESDIR}/${P}-userdel-missing-brackets.patch + + # Allows shadow configure detect newer systems properly gnuconfig_update elibtoolize +} - local myconf - use pam \ - && myconf="${myconf} --with-libpam --with-libcrack" \ - || myconf="${myconf} --without-libpam" +src_compile() { + append-ldflags -Wl,-z,now - ./configure --disable-desrpc \ + econf \ + --disable-desrpc \ --with-libcrypt \ --with-libcrack \ --enable-shared=no \ --enable-static=yes \ - --host=${CHOST} \ + $(use_with pam libpam) \ $(use_enable nls) \ - ${myconf} || die "bad configure" + || die "bad configure" # Parallel make fails sometimes emake -j1 || die "compile problem" } src_install() { - dodir /etc/default /etc/skel + make DESTDIR=${D} install || die "install problem" - make prefix=${D}/usr \ - exec_prefix=${D} \ - mandir=${D}/usr/share/man \ - install || die "install problem" +# dodir /etc/default /etc/skel # Remove libshadow and libmisc; see bug 37725 and the following # comment from shadow's README.linux: @@ -161,7 +159,7 @@ src_install() { fi cd ${S}/doc - dodoc ANNOUNCE INSTALL LICENSE README WISHLIST + dodoc ANNOUNCE INSTALL README WISHLIST docinto txt dodoc HOWTO LSM README.* *.txt diff --git a/sys-apps/shadow/shadow-4.0.4.1.ebuild b/sys-apps/shadow/shadow-4.0.4.1.ebuild deleted file mode 100644 index 980431478730..000000000000 --- a/sys-apps/shadow/shadow-4.0.4.1.ebuild +++ /dev/null @@ -1,205 +0,0 @@ -# Copyright 1999-2004 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/shadow-4.0.4.1.ebuild,v 1.15 2004/06/27 20:11:46 agriffis Exp $ - -inherit eutils libtool gnuconfig - -FORCE_SYSTEMAUTH_UPDATE="no" - -SELINUX_PATCH="shadow-4.0.4.1-selinux.diff" - -HOMEPAGE="http://shadow.pld.org.pl/" -DESCRIPTION="Utilities to deal with user accounts" -SRC_URI="ftp://ftp.pld.org.pl/software/shadow/${P}.tar.bz2" - -LICENSE="BSD" -SLOT="0" -KEYWORDS="~x86 ~ppc ~sparc ~mips ~alpha arm ~mips ~hppa ~amd64 ~ia64 ~ppc64 s390" -IUSE="pam selinux nls" - -DEPEND=">=sys-libs/cracklib-2.7-r3 - pam? ( >=sys-libs/pam-0.75-r4 ) - nls? ( sys-devel/gettext ) - selinux? ( sys-libs/libselinux )" -RDEPEND=">=sys-libs/cracklib-2.7-r3 - pam? ( >=sys-libs/pam-0.75-r4 ) - selinux? ( sys-libs/libselinux )" - -pkg_preinst() { - rm -f ${ROOT}/etc/pam.d/system-auth.new -} - -src_unpack() { - unpack ${A} - - cd ${S} - - use selinux && epatch ${FILESDIR}/${SELINUX_PATCH} - - # Get su to call pam_open_session(), and also set DISPLAY and XAUTHORITY, - # else the session entries in /etc/pam.d/su never get executed, and - # pam_xauth for one, is then never used. This should close bug #8831. - # - # <azarah@gentoo.org> (19 Oct 2002) - use pam && epatch ${FILESDIR}/${P}-su-pam_open_session.patch - - # If su should not simulate a login shell, use '/bin/sh' as shell to enable - # running of commands as user with /bin/false as shell, closing bug #15015. - # - # <azarah@gentoo.org> (23 Feb 2003) -# This one could be a security hole ... -# cd ${S}; epatch ${FILESDIR}/${P}-nologin-run-sh.patch - - # Patch the useradd manpage to be a bit more clear, closing bug #13203. - # Thanks to Guy <guycad@mindspring.com>. - epatch ${FILESDIR}/${P}-useradd-manpage-update.patch - - # Patch to correct the definition if malloc, so that shadow can compile - # using gcc 3.4. see bug #47455 for more information - epatch ${FILESDIR}/${P}-gcc34-xmalloc.patch -} - -src_compile() { - # Allows shadow configure detect mips systems properly - gnuconfig_update - - elibtoolize - - local myconf - use pam \ - && myconf="${myconf} --with-libpam --with-libcrack" \ - || myconf="${myconf} --without-libpam" - - ./configure --disable-desrpc \ - --with-libcrypt \ - --with-libcrack \ - --enable-shared=no \ - --enable-static=yes \ - --host=${CHOST} \ - `use_enable nls` \ - ${myconf} || die "bad configure" - - # Parallel make fails sometimes - emake -j1 || die "compile problem" -} - -src_install() { - dodir /etc/default /etc/skel - - make prefix=${D}/usr \ - exec_prefix=${D} \ - mandir=${D}/usr/share/man \ - install || die "install problem" - - # Do not install this login, but rather the one from - # pam-login, as this one have a serious root exploit - # with pam_limits in use. - use pam && rm ${D}/bin/login - - mv ${D}/lib ${D}/usr - dosed "s:/lib':/usr/lib':g" /usr/lib/libshadow.la - dosed "s:/lib/:/usr/lib/:g" /usr/lib/libshadow.la - dosed "s:/lib':/usr/lib':g" /usr/lib/libmisc.la - dosed "s:/lib/:/usr/lib/:g" /usr/lib/libmisc.la - dosym newgrp /usr/bin/sg - dosym useradd /usr/sbin/adduser - dosym vipw /usr/sbin/vigr - # Remove dead links - rm -f ${D}/bin/{sg,vipw,vigr} - - insinto /etc - # Using a securetty with devfs device names added - # (compat names kept for non-devfs compatibility) - insopts -m0600 ; doins ${FILESDIR}/securetty - insopts -m0600 ; doins ${S}/etc/login.access - insopts -m0644 ; doins ${S}/etc/limits - - # needed for 'adduser -D' - insinto /etc/default - insopts -m0600 - doins ${FILESDIR}/default/useradd -# From sys-apps/pam-login now -# insopts -m0644 ; doins ${FILESDIR}/login.defs - - if use pam ; then - insinto /etc/pam.d ; insopts -m0644 - for x in ${FILESDIR}/pam.d/* - do - [ -f ${x} ] && doins ${x} - done - cd ${FILESDIR}/pam.d - # Make sure /etc/pam.d/system-auth is the new version .. - mv ${D}/etc/pam.d/system-auth-1.1 ${D}/etc/pam.d/system-auth - newins system-auth-1.1 system-auth.new || die - newins shadow chage - newins shadow chsh - newins shadow chfn - newins shadow useradd - newins shadow groupadd - fi - - cd ${S} - # The manpage install is beyond my comprehension, and - # also broken. Just do it over. - rm -rf ${D}/usr/share/man/* - - rm -f man/id.1 man/getspnam.3 man/passwd.5 - for x in man/*.[0-9] - do - [ -f ${x} ] && doman ${x} - done - - if ! use pam ; then - # Dont install the manpage, since we dont use - # login with shadow - rm -f ${D}/usr/share/man/man1/login.* - # We use pam, so this is not applicable. - rm -f ${D}/usr/share/man/man5/suauth.* - fi - - cd ${S}/doc - dodoc ANNOUNCE INSTALL LICENSE README WISHLIST - docinto txt - dodoc HOWTO LSM README.* *.txt - - # Fix sparc serial console - if [ "${ARCH}" = "sparc" ] - then - # ttyS0 and its devfsd counterpart (Sparc serial port "A") - dosed 's:\(vc/1\)$:tts/0\n\1:' /etc/securetty - dosed 's:\(tty1\)$:ttyS0\n\1:' /etc/securetty - fi - - # fix hppa serial console - if [ "${ARCH}" = "hppa" ] - then - # ttyB0 is the PDC software console - dosed 's:\(vc/1\)$:tts/0\n\1:' /etc/securetty - dosed 's:\(tty1\)$:ttyS0\n\1:' /etc/securetty - dosed 's:\(tty1\)$:ttyB0\n\1:' /etc/securetty - fi -} - -pkg_postinst() { - use pam || return 0; - local CHECK1="$(md5sum ${ROOT}/etc/pam.d/system-auth | cut -d ' ' -f 1)" - local CHECK2="$(md5sum ${ROOT}/etc/pam.d/system-auth.new | cut -d ' ' -f 1)" - - if [ "${CHECK1}" != "${CHECK2}" -a "${FORCE_SYSTEMAUTH_UPDATE}" = "yes" ] - then - ewarn "Due to a security issue, ${ROOT}etc/pam.d/system-auth " - ewarn "is being updated automatically. Your old " - ewarn "system-auth will be backed up as:" - ewarn - ewarn " ${ROOT}etc/pam.d/system-auth.bak" - echo - - cp -a ${ROOT}/etc/pam.d/system-auth \ - ${ROOT}/etc/pam.d/system-auth.bak; - mv -f ${ROOT}/etc/pam.d/system-auth.new \ - ${ROOT}/etc/pam.d/system-auth - rm -f ${ROOT}/etc/pam.d/._cfg????_system-auth - else - rm -f ${ROOT}/etc/pam.d/system-auth.new - fi -} |