Gentoo Archives: gentoo-commits

From: Lars Wendler <polynomial-c@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: sys-apps/shadow/
Date: Mon, 30 Apr 2018 16:05:18
Message-Id: 1525104303.ec0a8306f712c40b6b84d721b4ed70d9f4703e8b.polynomial-c@gentoo
1 commit: ec0a8306f712c40b6b84d721b4ed70d9f4703e8b
2 Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
3 AuthorDate: Mon Apr 30 16:02:31 2018 +0000
4 Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
5 CommitDate: Mon Apr 30 16:05:03 2018 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ec0a8306
7
8 sys-apps/shadow: Security bump to version 4.6
9
10 Bug: https://bugs.gentoo.org/647790
11 Bug: https://bugs.gentoo.org/635750
12 Package-Manager: Portage-2.3.31, Repoman-2.3.9
13
14 sys-apps/shadow/Manifest | 1 +
15 sys-apps/shadow/shadow-4.6.ebuild | 211 ++++++++++++++++++++++++++++++++++++++
16 2 files changed, 212 insertions(+)
17
18 diff --git a/sys-apps/shadow/Manifest b/sys-apps/shadow/Manifest
19 index bb4347c1765..3aaa9d8978f 100644
20 --- a/sys-apps/shadow/Manifest
21 +++ b/sys-apps/shadow/Manifest
22 @@ -1 +1,2 @@
23 DIST shadow-4.5.tar.gz 3804933 BLAKE2B c4714b7fe9a1af5a5751d4274e70e7fb31994cc40058b44c401bbbdf83c238fcf48e6e6e663d8a61f614b6291ea524862d9d2425d7d839340a10f8fb7c8eaa85 SHA512 02d6482a1159689e404dd49a68b4e2db85e9ffdcdfbacc8efcbd9043f14a1ec3fc4d749700df915d375df67d589219b6b0f57a6cfd9fb5b197012888a608913b
24 +DIST shadow-4.6.tar.gz 3804282 BLAKE2B 268c90e7daba138827aec6039f428f52cdcf7929743fa1f49f801cc669de7456ec5a69531194cdb29f051ce7d0b2f1e966fdf2513a9fc8f7fbdeb29d786a509f SHA512 36358333e7f03ef558772f3361bc5851a7d7fd3d85c993a6b732e37304b8068b2893d55607b9bfe8b8eed616a687264f947ff66cefc74ea1a48ba9396d464714
25
26 diff --git a/sys-apps/shadow/shadow-4.6.ebuild b/sys-apps/shadow/shadow-4.6.ebuild
27 new file mode 100644
28 index 00000000000..1d0cf5b9914
29 --- /dev/null
30 +++ b/sys-apps/shadow/shadow-4.6.ebuild
31 @@ -0,0 +1,211 @@
32 +# Copyright 1999-2018 Gentoo Foundation
33 +# Distributed under the terms of the GNU General Public License v2
34 +
35 +EAPI=6
36 +
37 +inherit libtool pam multilib
38 +
39 +DESCRIPTION="Utilities to deal with user accounts"
40 +HOMEPAGE="https://github.com/shadow-maint/shadow http://pkg-shadow.alioth.debian.org/"
41 +SRC_URI="https://github.com/shadow-maint/shadow/releases/download/${PV}/${P}.tar.gz"
42 +
43 +LICENSE="BSD GPL-2"
44 +SLOT="0"
45 +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
46 +IUSE="acl audit +cracklib nls pam selinux skey xattr"
47 +# Taken from the man/Makefile.am file.
48 +LANGS=( cs da de es fi fr hu id it ja ko pl pt_BR ru sv tr zh_CN zh_TW )
49 +
50 +RDEPEND="acl? ( sys-apps/acl:0= )
51 + audit? ( >=sys-process/audit-2.6:0= )
52 + cracklib? ( >=sys-libs/cracklib-2.7-r3:0= )
53 + pam? ( virtual/pam:0= )
54 + skey? ( sys-auth/skey:0= )
55 + selinux? (
56 + >=sys-libs/libselinux-1.28:0=
57 + sys-libs/libsemanage:0=
58 + )
59 + nls? ( virtual/libintl )
60 + xattr? ( sys-apps/attr:0= )"
61 +DEPEND="${RDEPEND}
62 + app-arch/xz-utils
63 + nls? ( sys-devel/gettext )"
64 +RDEPEND="${RDEPEND}
65 + pam? ( >=sys-auth/pambase-20150213 )"
66 +
67 +PATCHES=(
68 + "${FILESDIR}/${PN}-4.1.3-dots-in-usernames.patch"
69 +)
70 +
71 +src_prepare() {
72 + default
73 + #eautoreconf
74 + elibtoolize
75 +}
76 +
77 +src_configure() {
78 + local myeconfargs=(
79 + --without-group-name-max-length
80 + --without-tcb
81 + --enable-shared=no
82 + --enable-static=yes
83 + $(use_with acl)
84 + $(use_with audit)
85 + $(use_with cracklib libcrack)
86 + $(use_with pam libpam)
87 + $(use_with skey)
88 + $(use_with selinux)
89 + $(use_enable nls)
90 + $(use_with elibc_glibc nscd)
91 + $(use_with xattr attr)
92 + )
93 + econf "${myeconfargs[@]}"
94 +
95 + has_version 'sys-libs/uclibc[-rpc]' && sed -i '/RLOGIN/d' config.h #425052
96 +
97 + if use nls ; then
98 + local l langs="po" # These are the pot files.
99 + for l in ${LANGS[*]} ; do
100 + has ${l} ${LINGUAS-${l}} && langs+=" ${l}"
101 + done
102 + sed -i "/^SUBDIRS = /s:=.*:= ${langs}:" man/Makefile || die
103 + fi
104 +}
105 +
106 +set_login_opt() {
107 + local comment="" opt=$1 val=$2
108 + if [[ -z ${val} ]]; then
109 + comment="#"
110 + sed -i \
111 + -e "/^${opt}\>/s:^:#:" \
112 + "${ED%/}"/etc/login.defs || die
113 + else
114 + sed -i -r \
115 + -e "/^#?${opt}\>/s:.*:${opt} ${val}:" \
116 + "${ED%/}"/etc/login.defs
117 + fi
118 + local res=$(grep "^${comment}${opt}\>" "${ED%/}"/etc/login.defs)
119 + einfo "${res:-Unable to find ${opt} in /etc/login.defs}"
120 +}
121 +
122 +src_install() {
123 + emake DESTDIR="${D}" suidperms=4711 install
124 +
125 + # Remove libshadow and libmisc; see bug 37725 and the following
126 + # comment from shadow's README.linux:
127 + # Currently, libshadow.a is for internal use only, so if you see
128 + # -lshadow in a Makefile of some other package, it is safe to
129 + # remove it.
130 + rm -f "${ED%/}"/{,usr/}$(get_libdir)/lib{misc,shadow}.{a,la}
131 +
132 + insinto /etc
133 + if ! use pam ; then
134 + insopts -m0600
135 + doins etc/login.access etc/limits
136 + fi
137 +
138 + # needed for 'useradd -D'
139 + insinto /etc/default
140 + insopts -m0600
141 + doins "${FILESDIR}"/default/useradd
142 +
143 + # move passwd to / to help recover broke systems #64441
144 + mv "${ED%/}"/usr/bin/passwd "${ED%/}"/bin/ || die
145 + dosym ../../bin/passwd /usr/bin/passwd
146 +
147 + cd "${S}" || die
148 + insinto /etc
149 + insopts -m0644
150 + newins etc/login.defs login.defs
151 +
152 + set_login_opt CREATE_HOME yes
153 + if ! use pam ; then
154 + set_login_opt MAIL_CHECK_ENAB no
155 + set_login_opt SU_WHEEL_ONLY yes
156 + set_login_opt CRACKLIB_DICTPATH /usr/$(get_libdir)/cracklib_dict
157 + set_login_opt LOGIN_RETRIES 3
158 + set_login_opt ENCRYPT_METHOD SHA512
159 + set_login_opt CONSOLE
160 + else
161 + dopamd "${FILESDIR}"/pam.d-include/shadow
162 +
163 + for x in chpasswd chgpasswd newusers; do
164 + newpamd "${FILESDIR}"/pam.d-include/passwd ${x}
165 + done
166 +
167 + for x in chage chsh chfn \
168 + user{add,del,mod} group{add,del,mod} ; do
169 + newpamd "${FILESDIR}"/pam.d-include/shadow ${x}
170 + done
171 +
172 + # comment out login.defs options that pam hates
173 + local opt sed_args=()
174 + for opt in \
175 + CHFN_AUTH \
176 + CONSOLE \
177 + CRACKLIB_DICTPATH \
178 + ENV_HZ \
179 + ENVIRON_FILE \
180 + FAILLOG_ENAB \
181 + FTMP_FILE \
182 + LASTLOG_ENAB \
183 + MAIL_CHECK_ENAB \
184 + MOTD_FILE \
185 + NOLOGINS_FILE \
186 + OBSCURE_CHECKS_ENAB \
187 + PASS_ALWAYS_WARN \
188 + PASS_CHANGE_TRIES \
189 + PASS_MIN_LEN \
190 + PORTTIME_CHECKS_ENAB \
191 + QUOTAS_ENAB \
192 + SU_WHEEL_ONLY
193 + do
194 + set_login_opt ${opt}
195 + sed_args+=( -e "/^#${opt}\>/b pamnote" )
196 + done
197 + sed -i "${sed_args[@]}" \
198 + -e 'b exit' \
199 + -e ': pamnote; i# NOTE: This setting should be configured via /etc/pam.d/ and not in this file.' \
200 + -e ': exit' \
201 + "${ED%/}"/etc/login.defs || die
202 +
203 + # remove manpages that pam will install for us
204 + # and/or don't apply when using pam
205 + find "${ED%/}"/usr/share/man \
206 + '(' -name 'limits.5*' -o -name 'suauth.5*' ')' \
207 + -delete
208 +
209 + # Remove pam.d files provided by pambase.
210 + rm "${ED%/}"/etc/pam.d/{login,passwd,su} || die
211 + fi
212 +
213 + # Remove manpages that are handled by other packages
214 + find "${ED%/}"/usr/share/man \
215 + '(' -name id.1 -o -name passwd.5 -o -name getspnam.3 ')' \
216 + -delete
217 +
218 + cd "${S}" || die
219 + dodoc ChangeLog NEWS TODO
220 + newdoc README README.download
221 + cd doc || die
222 + dodoc HOWTO README* WISHLIST *.txt
223 +}
224 +
225 +pkg_preinst() {
226 + rm -f "${EROOT}"/etc/pam.d/system-auth.new \
227 + "${EROOT}/etc/login.defs.new"
228 +}
229 +
230 +pkg_postinst() {
231 + # Enable shadow groups.
232 + if [ ! -f "${EROOT}"/etc/gshadow ] ; then
233 + if grpck -r -R "${EROOT}" 2>/dev/null ; then
234 + grpconv -R "${EROOT}"
235 + else
236 + ewarn "Running 'grpck' returned errors. Please run it by hand, and then"
237 + ewarn "run 'grpconv' afterwards!"
238 + fi
239 + fi
240 +
241 + einfo "The 'adduser' symlink to 'useradd' has been dropped."
242 +}