1 |
commit: ec0a8306f712c40b6b84d721b4ed70d9f4703e8b |
2 |
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> |
3 |
AuthorDate: Mon Apr 30 16:02:31 2018 +0000 |
4 |
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Apr 30 16:05:03 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ec0a8306 |
7 |
|
8 |
sys-apps/shadow: Security bump to version 4.6 |
9 |
|
10 |
Bug: https://bugs.gentoo.org/647790 |
11 |
Bug: https://bugs.gentoo.org/635750 |
12 |
Package-Manager: Portage-2.3.31, Repoman-2.3.9 |
13 |
|
14 |
sys-apps/shadow/Manifest | 1 + |
15 |
sys-apps/shadow/shadow-4.6.ebuild | 211 ++++++++++++++++++++++++++++++++++++++ |
16 |
2 files changed, 212 insertions(+) |
17 |
|
18 |
diff --git a/sys-apps/shadow/Manifest b/sys-apps/shadow/Manifest |
19 |
index bb4347c1765..3aaa9d8978f 100644 |
20 |
--- a/sys-apps/shadow/Manifest |
21 |
+++ b/sys-apps/shadow/Manifest |
22 |
@@ -1 +1,2 @@ |
23 |
DIST shadow-4.5.tar.gz 3804933 BLAKE2B c4714b7fe9a1af5a5751d4274e70e7fb31994cc40058b44c401bbbdf83c238fcf48e6e6e663d8a61f614b6291ea524862d9d2425d7d839340a10f8fb7c8eaa85 SHA512 02d6482a1159689e404dd49a68b4e2db85e9ffdcdfbacc8efcbd9043f14a1ec3fc4d749700df915d375df67d589219b6b0f57a6cfd9fb5b197012888a608913b |
24 |
+DIST shadow-4.6.tar.gz 3804282 BLAKE2B 268c90e7daba138827aec6039f428f52cdcf7929743fa1f49f801cc669de7456ec5a69531194cdb29f051ce7d0b2f1e966fdf2513a9fc8f7fbdeb29d786a509f SHA512 36358333e7f03ef558772f3361bc5851a7d7fd3d85c993a6b732e37304b8068b2893d55607b9bfe8b8eed616a687264f947ff66cefc74ea1a48ba9396d464714 |
25 |
|
26 |
diff --git a/sys-apps/shadow/shadow-4.6.ebuild b/sys-apps/shadow/shadow-4.6.ebuild |
27 |
new file mode 100644 |
28 |
index 00000000000..1d0cf5b9914 |
29 |
--- /dev/null |
30 |
+++ b/sys-apps/shadow/shadow-4.6.ebuild |
31 |
@@ -0,0 +1,211 @@ |
32 |
+# Copyright 1999-2018 Gentoo Foundation |
33 |
+# Distributed under the terms of the GNU General Public License v2 |
34 |
+ |
35 |
+EAPI=6 |
36 |
+ |
37 |
+inherit libtool pam multilib |
38 |
+ |
39 |
+DESCRIPTION="Utilities to deal with user accounts" |
40 |
+HOMEPAGE="https://github.com/shadow-maint/shadow http://pkg-shadow.alioth.debian.org/" |
41 |
+SRC_URI="https://github.com/shadow-maint/shadow/releases/download/${PV}/${P}.tar.gz" |
42 |
+ |
43 |
+LICENSE="BSD GPL-2" |
44 |
+SLOT="0" |
45 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" |
46 |
+IUSE="acl audit +cracklib nls pam selinux skey xattr" |
47 |
+# Taken from the man/Makefile.am file. |
48 |
+LANGS=( cs da de es fi fr hu id it ja ko pl pt_BR ru sv tr zh_CN zh_TW ) |
49 |
+ |
50 |
+RDEPEND="acl? ( sys-apps/acl:0= ) |
51 |
+ audit? ( >=sys-process/audit-2.6:0= ) |
52 |
+ cracklib? ( >=sys-libs/cracklib-2.7-r3:0= ) |
53 |
+ pam? ( virtual/pam:0= ) |
54 |
+ skey? ( sys-auth/skey:0= ) |
55 |
+ selinux? ( |
56 |
+ >=sys-libs/libselinux-1.28:0= |
57 |
+ sys-libs/libsemanage:0= |
58 |
+ ) |
59 |
+ nls? ( virtual/libintl ) |
60 |
+ xattr? ( sys-apps/attr:0= )" |
61 |
+DEPEND="${RDEPEND} |
62 |
+ app-arch/xz-utils |
63 |
+ nls? ( sys-devel/gettext )" |
64 |
+RDEPEND="${RDEPEND} |
65 |
+ pam? ( >=sys-auth/pambase-20150213 )" |
66 |
+ |
67 |
+PATCHES=( |
68 |
+ "${FILESDIR}/${PN}-4.1.3-dots-in-usernames.patch" |
69 |
+) |
70 |
+ |
71 |
+src_prepare() { |
72 |
+ default |
73 |
+ #eautoreconf |
74 |
+ elibtoolize |
75 |
+} |
76 |
+ |
77 |
+src_configure() { |
78 |
+ local myeconfargs=( |
79 |
+ --without-group-name-max-length |
80 |
+ --without-tcb |
81 |
+ --enable-shared=no |
82 |
+ --enable-static=yes |
83 |
+ $(use_with acl) |
84 |
+ $(use_with audit) |
85 |
+ $(use_with cracklib libcrack) |
86 |
+ $(use_with pam libpam) |
87 |
+ $(use_with skey) |
88 |
+ $(use_with selinux) |
89 |
+ $(use_enable nls) |
90 |
+ $(use_with elibc_glibc nscd) |
91 |
+ $(use_with xattr attr) |
92 |
+ ) |
93 |
+ econf "${myeconfargs[@]}" |
94 |
+ |
95 |
+ has_version 'sys-libs/uclibc[-rpc]' && sed -i '/RLOGIN/d' config.h #425052 |
96 |
+ |
97 |
+ if use nls ; then |
98 |
+ local l langs="po" # These are the pot files. |
99 |
+ for l in ${LANGS[*]} ; do |
100 |
+ has ${l} ${LINGUAS-${l}} && langs+=" ${l}" |
101 |
+ done |
102 |
+ sed -i "/^SUBDIRS = /s:=.*:= ${langs}:" man/Makefile || die |
103 |
+ fi |
104 |
+} |
105 |
+ |
106 |
+set_login_opt() { |
107 |
+ local comment="" opt=$1 val=$2 |
108 |
+ if [[ -z ${val} ]]; then |
109 |
+ comment="#" |
110 |
+ sed -i \ |
111 |
+ -e "/^${opt}\>/s:^:#:" \ |
112 |
+ "${ED%/}"/etc/login.defs || die |
113 |
+ else |
114 |
+ sed -i -r \ |
115 |
+ -e "/^#?${opt}\>/s:.*:${opt} ${val}:" \ |
116 |
+ "${ED%/}"/etc/login.defs |
117 |
+ fi |
118 |
+ local res=$(grep "^${comment}${opt}\>" "${ED%/}"/etc/login.defs) |
119 |
+ einfo "${res:-Unable to find ${opt} in /etc/login.defs}" |
120 |
+} |
121 |
+ |
122 |
+src_install() { |
123 |
+ emake DESTDIR="${D}" suidperms=4711 install |
124 |
+ |
125 |
+ # Remove libshadow and libmisc; see bug 37725 and the following |
126 |
+ # comment from shadow's README.linux: |
127 |
+ # Currently, libshadow.a is for internal use only, so if you see |
128 |
+ # -lshadow in a Makefile of some other package, it is safe to |
129 |
+ # remove it. |
130 |
+ rm -f "${ED%/}"/{,usr/}$(get_libdir)/lib{misc,shadow}.{a,la} |
131 |
+ |
132 |
+ insinto /etc |
133 |
+ if ! use pam ; then |
134 |
+ insopts -m0600 |
135 |
+ doins etc/login.access etc/limits |
136 |
+ fi |
137 |
+ |
138 |
+ # needed for 'useradd -D' |
139 |
+ insinto /etc/default |
140 |
+ insopts -m0600 |
141 |
+ doins "${FILESDIR}"/default/useradd |
142 |
+ |
143 |
+ # move passwd to / to help recover broke systems #64441 |
144 |
+ mv "${ED%/}"/usr/bin/passwd "${ED%/}"/bin/ || die |
145 |
+ dosym ../../bin/passwd /usr/bin/passwd |
146 |
+ |
147 |
+ cd "${S}" || die |
148 |
+ insinto /etc |
149 |
+ insopts -m0644 |
150 |
+ newins etc/login.defs login.defs |
151 |
+ |
152 |
+ set_login_opt CREATE_HOME yes |
153 |
+ if ! use pam ; then |
154 |
+ set_login_opt MAIL_CHECK_ENAB no |
155 |
+ set_login_opt SU_WHEEL_ONLY yes |
156 |
+ set_login_opt CRACKLIB_DICTPATH /usr/$(get_libdir)/cracklib_dict |
157 |
+ set_login_opt LOGIN_RETRIES 3 |
158 |
+ set_login_opt ENCRYPT_METHOD SHA512 |
159 |
+ set_login_opt CONSOLE |
160 |
+ else |
161 |
+ dopamd "${FILESDIR}"/pam.d-include/shadow |
162 |
+ |
163 |
+ for x in chpasswd chgpasswd newusers; do |
164 |
+ newpamd "${FILESDIR}"/pam.d-include/passwd ${x} |
165 |
+ done |
166 |
+ |
167 |
+ for x in chage chsh chfn \ |
168 |
+ user{add,del,mod} group{add,del,mod} ; do |
169 |
+ newpamd "${FILESDIR}"/pam.d-include/shadow ${x} |
170 |
+ done |
171 |
+ |
172 |
+ # comment out login.defs options that pam hates |
173 |
+ local opt sed_args=() |
174 |
+ for opt in \ |
175 |
+ CHFN_AUTH \ |
176 |
+ CONSOLE \ |
177 |
+ CRACKLIB_DICTPATH \ |
178 |
+ ENV_HZ \ |
179 |
+ ENVIRON_FILE \ |
180 |
+ FAILLOG_ENAB \ |
181 |
+ FTMP_FILE \ |
182 |
+ LASTLOG_ENAB \ |
183 |
+ MAIL_CHECK_ENAB \ |
184 |
+ MOTD_FILE \ |
185 |
+ NOLOGINS_FILE \ |
186 |
+ OBSCURE_CHECKS_ENAB \ |
187 |
+ PASS_ALWAYS_WARN \ |
188 |
+ PASS_CHANGE_TRIES \ |
189 |
+ PASS_MIN_LEN \ |
190 |
+ PORTTIME_CHECKS_ENAB \ |
191 |
+ QUOTAS_ENAB \ |
192 |
+ SU_WHEEL_ONLY |
193 |
+ do |
194 |
+ set_login_opt ${opt} |
195 |
+ sed_args+=( -e "/^#${opt}\>/b pamnote" ) |
196 |
+ done |
197 |
+ sed -i "${sed_args[@]}" \ |
198 |
+ -e 'b exit' \ |
199 |
+ -e ': pamnote; i# NOTE: This setting should be configured via /etc/pam.d/ and not in this file.' \ |
200 |
+ -e ': exit' \ |
201 |
+ "${ED%/}"/etc/login.defs || die |
202 |
+ |
203 |
+ # remove manpages that pam will install for us |
204 |
+ # and/or don't apply when using pam |
205 |
+ find "${ED%/}"/usr/share/man \ |
206 |
+ '(' -name 'limits.5*' -o -name 'suauth.5*' ')' \ |
207 |
+ -delete |
208 |
+ |
209 |
+ # Remove pam.d files provided by pambase. |
210 |
+ rm "${ED%/}"/etc/pam.d/{login,passwd,su} || die |
211 |
+ fi |
212 |
+ |
213 |
+ # Remove manpages that are handled by other packages |
214 |
+ find "${ED%/}"/usr/share/man \ |
215 |
+ '(' -name id.1 -o -name passwd.5 -o -name getspnam.3 ')' \ |
216 |
+ -delete |
217 |
+ |
218 |
+ cd "${S}" || die |
219 |
+ dodoc ChangeLog NEWS TODO |
220 |
+ newdoc README README.download |
221 |
+ cd doc || die |
222 |
+ dodoc HOWTO README* WISHLIST *.txt |
223 |
+} |
224 |
+ |
225 |
+pkg_preinst() { |
226 |
+ rm -f "${EROOT}"/etc/pam.d/system-auth.new \ |
227 |
+ "${EROOT}/etc/login.defs.new" |
228 |
+} |
229 |
+ |
230 |
+pkg_postinst() { |
231 |
+ # Enable shadow groups. |
232 |
+ if [ ! -f "${EROOT}"/etc/gshadow ] ; then |
233 |
+ if grpck -r -R "${EROOT}" 2>/dev/null ; then |
234 |
+ grpconv -R "${EROOT}" |
235 |
+ else |
236 |
+ ewarn "Running 'grpck' returned errors. Please run it by hand, and then" |
237 |
+ ewarn "run 'grpconv' afterwards!" |
238 |
+ fi |
239 |
+ fi |
240 |
+ |
241 |
+ einfo "The 'adduser' symlink to 'useradd' has been dropped." |
242 |
+} |