From 68ee6e45ad651b8b053c55dbfa1f5810121f050f Mon Sep 17 00:00:00 2001 From: Christian Perrier Date: Sat, 15 Mar 2014 17:31:14 +0100 Subject: Unfuzz all patches --- debian/patches/008_login_log_failure_in_FTMP | 16 ++++++++----- debian/patches/401_cppw_src.dpatch | 24 ++++++++++++------- debian/patches/402_cppw_selinux | 6 +++-- debian/patches/429_login_FAILLOG_ENAB | 28 ++++++++++++---------- debian/patches/463_login_delay_obeys_to_PAM | 28 ++++++++++++---------- debian/patches/501_commonio_group_shadow | 6 +++-- debian/patches/503_shadowconfig.8 | 20 ++++++++++++---- debian/patches/505_useradd_recommend_adduser | 16 ++++++++----- debian/patches/506_relaxed_usernames | 22 ++++++++++------- debian/patches/508_nologin_in_usr_sbin | 8 ++++--- debian/patches/523_su_arguments_are_concatenated | 8 ++++--- ...u_arguments_are_no_more_concatenated_by_default | 10 ++++---- debian/patches/542_useradd-O_option | 18 ++++++++------ 13 files changed, 131 insertions(+), 79 deletions(-) mode change 100755 => 100644 debian/patches/401_cppw_src.dpatch mode change 100755 => 100644 debian/patches/506_relaxed_usernames diff --git a/debian/patches/008_login_log_failure_in_FTMP b/debian/patches/008_login_log_failure_in_FTMP index b2851cca..1f9ba228 100644 --- a/debian/patches/008_login_log_failure_in_FTMP +++ b/debian/patches/008_login_log_failure_in_FTMP @@ -4,9 +4,11 @@ Notes: * I'm not sure login should add an entry in the FTMP file when PAM is used. (but nothing in /etc/login.defs indicates that the failure is not logged) ---- a/src/login.c -+++ b/src/login.c -@@ -835,6 +835,24 @@ +Index: git/src/login.c +=================================================================== +--- git.orig/src/login.c ++++ git/src/login.c +@@ -831,6 +831,24 @@ (void) puts (""); (void) puts (_("Login incorrect")); @@ -31,8 +33,10 @@ Notes: if (failcount >= retries) { SYSLOG ((LOG_NOTICE, "TOO MANY LOGIN TRIES (%u)%s FOR '%s'", ---- a/lib/getdef.c -+++ b/lib/getdef.c +Index: git/lib/getdef.c +=================================================================== +--- git.orig/lib/getdef.c ++++ git/lib/getdef.c @@ -62,6 +62,7 @@ {"ERASECHAR", NULL}, {"FAIL_DELAY", NULL}, @@ -41,7 +45,7 @@ Notes: {"GID_MAX", NULL}, {"GID_MIN", NULL}, {"HUSHLOGIN_FILE", NULL}, -@@ -103,7 +104,6 @@ +@@ -109,7 +110,6 @@ {"ENVIRON_FILE", NULL}, {"ENV_TZ", NULL}, {"FAILLOG_ENAB", NULL}, diff --git a/debian/patches/401_cppw_src.dpatch b/debian/patches/401_cppw_src.dpatch old mode 100755 new mode 100644 index 687f9e92..6cae1bcc --- a/debian/patches/401_cppw_src.dpatch +++ b/debian/patches/401_cppw_src.dpatch @@ -5,8 +5,10 @@ ## DP: Add cppw / cpgr @DPATCH@ +Index: git/src/cppw.c +=================================================================== --- /dev/null -+++ b/src/cppw.c ++++ git/src/cppw.c @@ -0,0 +1,238 @@ +/* + cppw, cpgr copy with locking given file over the password or group file @@ -246,17 +248,19 @@ + return 0; +} + ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -26,6 +26,7 @@ - sbin_PROGRAMS = nologin - ubin_PROGRAMS = faillog lastlog chage chfn chsh expiry gpasswd newgrp passwd +Index: git/src/Makefile.am +=================================================================== +--- git.orig/src/Makefile.am ++++ git/src/Makefile.am +@@ -29,6 +29,7 @@ + ubin_PROGRAMS += newgidmap newuidmap + endif usbin_PROGRAMS = \ + cppw \ chgpasswd \ chpasswd \ groupadd \ -@@ -82,6 +83,7 @@ +@@ -87,6 +88,7 @@ chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT) chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT) @@ -264,8 +268,10 @@ gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) ---- a/po/POTFILES.in -+++ b/po/POTFILES.in +Index: git/po/POTFILES.in +=================================================================== +--- git.orig/po/POTFILES.in ++++ git/po/POTFILES.in @@ -85,6 +85,7 @@ src/chgpasswd.c src/chpasswd.c diff --git a/debian/patches/402_cppw_selinux b/debian/patches/402_cppw_selinux index b92767fe..5f2da1ba 100644 --- a/debian/patches/402_cppw_selinux +++ b/debian/patches/402_cppw_selinux @@ -9,8 +9,10 @@ Status wrt upstream: cppw is not available upstream. Depends on 401_cppw_src.dpatch ---- a/src/cppw.c -+++ b/src/cppw.c +Index: git/src/cppw.c +=================================================================== +--- git.orig/src/cppw.c ++++ git/src/cppw.c @@ -34,6 +34,9 @@ #include #include diff --git a/debian/patches/429_login_FAILLOG_ENAB b/debian/patches/429_login_FAILLOG_ENAB index 57a6d150..0d0cbb13 100644 --- a/debian/patches/429_login_FAILLOG_ENAB +++ b/debian/patches/429_login_FAILLOG_ENAB @@ -7,11 +7,13 @@ Fixes: #192849 Note: It could be removed if pam_tally could report the number of failures preceding a successful login. ---- a/src/login.c -+++ b/src/login.c -@@ -133,9 +133,9 @@ +Index: git/src/login.c +=================================================================== +--- git.orig/src/login.c ++++ git/src/login.c +@@ -131,9 +131,9 @@ + const char *host, /*@null@*/const struct utmp *utent); - #endif /* ! USE_PAM */ -#ifndef USE_PAM static struct faillog faillog; @@ -20,7 +22,7 @@ Note: It could be removed if pam_tally could report the number of failures static void bad_time_notify (void); static void check_nologin (bool login_to_root); #else -@@ -795,6 +795,9 @@ +@@ -791,6 +791,9 @@ SYSLOG ((LOG_NOTICE, "TOO MANY LOGIN TRIES (%u)%s FOR '%s'", failcount, fromhost, failent_user)); @@ -30,7 +32,7 @@ Note: It could be removed if pam_tally could report the number of failures fprintf (stderr, _("Maximum number of tries exceeded (%u)\n"), failcount); -@@ -812,6 +815,14 @@ +@@ -808,6 +811,14 @@ pam_strerror (pamh, retcode))); failed = true; } @@ -45,7 +47,7 @@ Note: It could be removed if pam_tally could report the number of failures if (!failed) { break; -@@ -835,6 +846,10 @@ +@@ -831,6 +842,10 @@ (void) puts (""); (void) puts (_("Login incorrect")); @@ -56,7 +58,7 @@ Note: It could be removed if pam_tally could report the number of failures if (getdef_str("FTMP_FILE") != NULL) { #ifdef USE_UTMPX struct utmpx *failent = -@@ -1291,6 +1306,7 @@ +@@ -1285,6 +1300,7 @@ */ #ifndef USE_PAM motd (); /* print the message of the day */ @@ -64,7 +66,7 @@ Note: It could be removed if pam_tally could report the number of failures if ( getdef_bool ("FAILLOG_ENAB") && (0 != faillog.fail_cnt)) { failprint (&faillog); -@@ -1303,6 +1319,7 @@ +@@ -1297,6 +1313,7 @@ username, (int) faillog.fail_cnt)); } } @@ -72,8 +74,10 @@ Note: It could be removed if pam_tally could report the number of failures if ( getdef_bool ("LASTLOG_ENAB") && (ll.ll_time != 0)) { time_t ll_time = ll.ll_time; ---- a/lib/getdef.c -+++ b/lib/getdef.c +Index: git/lib/getdef.c +=================================================================== +--- git.orig/lib/getdef.c ++++ git/lib/getdef.c @@ -61,6 +61,7 @@ {"ENV_SUPATH", NULL}, {"ERASECHAR", NULL}, @@ -82,7 +86,7 @@ Note: It could be removed if pam_tally could report the number of failures {"FAKE_SHELL", NULL}, {"FTMP_FILE", NULL}, {"GID_MAX", NULL}, -@@ -103,7 +104,6 @@ +@@ -109,7 +110,6 @@ {"ENV_HZ", NULL}, {"ENVIRON_FILE", NULL}, {"ENV_TZ", NULL}, diff --git a/debian/patches/463_login_delay_obeys_to_PAM b/debian/patches/463_login_delay_obeys_to_PAM index 26285ea1..67c36cc0 100644 --- a/debian/patches/463_login_delay_obeys_to_PAM +++ b/debian/patches/463_login_delay_obeys_to_PAM @@ -7,9 +7,11 @@ Status wrt upstream: Forwarded but not applied yet Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs ---- a/src/login.c -+++ b/src/login.c -@@ -529,7 +529,6 @@ +Index: git/src/login.c +=================================================================== +--- git.orig/src/login.c ++++ git/src/login.c +@@ -525,7 +525,6 @@ #if defined(HAVE_STRFTIME) && !defined(USE_PAM) char ptime[80]; #endif @@ -17,7 +19,7 @@ Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs unsigned int retries; bool subroot = false; #ifndef USE_PAM -@@ -549,6 +548,7 @@ +@@ -545,6 +544,7 @@ pid_t child; char *pam_user = NULL; #else @@ -25,7 +27,7 @@ Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs struct spwd *spwd = NULL; #endif /* -@@ -709,7 +709,6 @@ +@@ -705,7 +705,6 @@ } environ = newenvp; /* make new environment active */ @@ -33,7 +35,7 @@ Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs retries = getdef_unum ("LOGIN_RETRIES", RETRIES); #ifdef USE_PAM -@@ -725,8 +724,7 @@ +@@ -721,8 +720,7 @@ /* * hostname & tty are either set to NULL or their correct values, @@ -43,7 +45,7 @@ Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs * * PAM_RHOST and PAM_TTY are used for authentication, only use * information coming from login or from the caller (e.g. no utmp) -@@ -735,10 +733,6 @@ +@@ -731,10 +729,6 @@ PAM_FAIL_CHECK; retcode = pam_set_item (pamh, PAM_TTY, tty); PAM_FAIL_CHECK; @@ -54,7 +56,7 @@ Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs /* if fflg, then the user has already been authenticated */ if (!fflg) { unsigned int failcount = 0; -@@ -779,12 +773,6 @@ +@@ -775,12 +769,6 @@ bool failed = false; failcount++; @@ -67,7 +69,7 @@ Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs retcode = pam_authenticate (pamh, 0); -@@ -1107,14 +1095,17 @@ +@@ -1103,14 +1091,17 @@ free (username); username = NULL; @@ -85,8 +87,10 @@ Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs (void) puts (_("Login incorrect")); ---- a/lib/getdef.c -+++ b/lib/getdef.c +Index: git/lib/getdef.c +=================================================================== +--- git.orig/lib/getdef.c ++++ git/lib/getdef.c @@ -60,7 +60,6 @@ {"ENV_PATH", NULL}, {"ENV_SUPATH", NULL}, @@ -95,7 +99,7 @@ Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs {"FAILLOG_ENAB", NULL}, {"FAKE_SHELL", NULL}, {"FTMP_FILE", NULL}, -@@ -104,6 +103,7 @@ +@@ -110,6 +109,7 @@ {"ENV_HZ", NULL}, {"ENVIRON_FILE", NULL}, {"ENV_TZ", NULL}, diff --git a/debian/patches/501_commonio_group_shadow b/debian/patches/501_commonio_group_shadow index 436d48f8..d8bc29b4 100644 --- a/debian/patches/501_commonio_group_shadow +++ b/debian/patches/501_commonio_group_shadow @@ -2,8 +2,10 @@ Goal: save the [g]shadow files with the 'shadow' group and mode 0440 Fixes: #166793 ---- a/lib/commonio.c -+++ b/lib/commonio.c +Index: git/lib/commonio.c +=================================================================== +--- git.orig/lib/commonio.c ++++ git/lib/commonio.c @@ -44,6 +44,7 @@ #include #include diff --git a/debian/patches/503_shadowconfig.8 b/debian/patches/503_shadowconfig.8 index 9d78adf4..0f0d3395 100644 --- a/debian/patches/503_shadowconfig.8 +++ b/debian/patches/503_shadowconfig.8 @@ -3,8 +3,10 @@ Goal: Document the shadowconfig utility Status wrt upstream: The shadowconfig utility is debian specific. Its man page also (but it used to be distributed) +Index: git/man/shadowconfig.8 +=================================================================== --- /dev/null -+++ b/man/shadowconfig.8 ++++ git/man/shadowconfig.8 @@ -0,0 +1,41 @@ +.\"Generated by db2man.xsl. Don't modify this, modify the source. +.de Sh \" Subsection @@ -47,8 +49,10 @@ Status wrt upstream: The shadowconfig utility is debian specific. +.PP +Note that turning shadow passwords off and on again will lose all password aging information\&. + +Index: git/man/shadowconfig.8.xml +=================================================================== --- /dev/null -+++ b/man/shadowconfig.8.xml ++++ git/man/shadowconfig.8.xml @@ -0,0 +1,52 @@ + + + + +Index: git/man/fr/shadowconfig.8 +=================================================================== --- /dev/null -+++ b/man/fr/shadowconfig.8 ++++ git/man/fr/shadowconfig.8 @@ -0,0 +1,26 @@ +.\" This file was generated with po4a. Translate the source file. +.\" @@ -131,8 +137,10 @@ Status wrt upstream: The shadowconfig utility is debian specific. +.SH TRADUCTION +Nicolas FRANÇOIS, 2004. +Veuillez signaler toute erreur à <\fIdebian\-l10\-french@lists.debian.org\fR>. +Index: git/man/ja/shadowconfig.8 +=================================================================== --- /dev/null -+++ b/man/ja/shadowconfig.8 ++++ git/man/ja/shadowconfig.8 @@ -0,0 +1,25 @@ +.\" all right reserved, +.\" Translated Tue Oct 30 11:59:11 JST 2001 @@ -159,8 +167,10 @@ Status wrt upstream: The shadowconfig utility is debian specific. + +.I /usr/share/doc/passwd/README.debian.gz +には shadow パスワードとそれに関する特徴の簡単な紹介が書かれている。 +Index: git/man/pl/shadowconfig.8 +=================================================================== --- /dev/null -+++ b/man/pl/shadowconfig.8 ++++ git/man/pl/shadowconfig.8 @@ -0,0 +1,27 @@ +.\" $Id: shadowconfig.8,v 1.3 2001/08/23 23:10:51 kloczek Exp $ +.\" {PTM/WK/1999-09-14} diff --git a/debian/patches/505_useradd_recommend_adduser b/debian/patches/505_useradd_recommend_adduser index c5c35874..6861b22c 100644 --- a/debian/patches/505_useradd_recommend_adduser +++ b/debian/patches/505_useradd_recommend_adduser @@ -4,9 +4,11 @@ Fixes: #406046 Status wrt upstream: Debian specific patch. ---- a/man/useradd.8.xml -+++ b/man/useradd.8.xml -@@ -84,6 +84,12 @@ +Index: git/man/useradd.8.xml +=================================================================== +--- git.orig/man/useradd.8.xml ++++ git/man/useradd.8.xml +@@ -105,6 +105,12 @@ DESCRIPTION @@ -19,9 +21,11 @@ Status wrt upstream: Debian specific patch. When invoked without the option, the useradd command creates a new user account using the values specified on the command line plus the default values from ---- a/man/userdel.8.xml -+++ b/man/userdel.8.xml -@@ -64,6 +64,12 @@ +Index: git/man/userdel.8.xml +=================================================================== +--- git.orig/man/userdel.8.xml ++++ git/man/userdel.8.xml +@@ -83,6 +83,12 @@ DESCRIPTION diff --git a/debian/patches/506_relaxed_usernames b/debian/patches/506_relaxed_usernames old mode 100755 new mode 100644 index bdf39615..495d3638 --- a/debian/patches/506_relaxed_usernames +++ b/debian/patches/506_relaxed_usernames @@ -15,8 +15,10 @@ Details: than '-' as the leading character). Thus, the maintenance tools don't anymore. closes: #79682, #166798, #171179 ---- a/libmisc/chkname.c -+++ b/libmisc/chkname.c +Index: git/libmisc/chkname.c +=================================================================== +--- git.orig/libmisc/chkname.c ++++ git/libmisc/chkname.c @@ -48,6 +48,7 @@ static bool is_valid_name (const char *name) @@ -52,9 +54,11 @@ Details: return true; } ---- a/man/useradd.8.xml -+++ b/man/useradd.8.xml -@@ -635,12 +635,20 @@ +Index: git/man/useradd.8.xml +=================================================================== +--- git.orig/man/useradd.8.xml ++++ git/man/useradd.8.xml +@@ -633,12 +633,20 @@ @@ -76,9 +80,11 @@ Details: Usernames may only be up to 32 characters long. ---- a/man/groupadd.8.xml -+++ b/man/groupadd.8.xml -@@ -240,12 +240,18 @@ +Index: git/man/groupadd.8.xml +=================================================================== +--- git.orig/man/groupadd.8.xml ++++ git/man/groupadd.8.xml +@@ -256,12 +256,18 @@ CAVEATS diff --git a/debian/patches/508_nologin_in_usr_sbin b/debian/patches/508_nologin_in_usr_sbin index 3939e0bd..01154e74 100644 --- a/debian/patches/508_nologin_in_usr_sbin +++ b/debian/patches/508_nologin_in_usr_sbin @@ -1,5 +1,7 @@ ---- a/src/Makefile.am -+++ b/src/Makefile.am +Index: git/src/Makefile.am +=================================================================== +--- git.orig/src/Makefile.am ++++ git/src/Makefile.am @@ -23,7 +23,6 @@ # $prefix/bin and $prefix/sbin, no install-data hacks...) @@ -8,7 +10,7 @@ ubin_PROGRAMS = faillog lastlog chage chfn chsh expiry gpasswd newgrp passwd if ENABLE_SUBIDS ubin_PROGRAMS += newgidmap newuidmap -@@ -38,6 +37,7 @@ +@@ -41,6 +40,7 @@ grpunconv \ logoutd \ newusers \ diff --git a/debian/patches/523_su_arguments_are_concatenated b/debian/patches/523_su_arguments_are_concatenated index 0abc4c5f..6d994e23 100644 --- a/debian/patches/523_su_arguments_are_concatenated +++ b/debian/patches/523_su_arguments_are_concatenated @@ -8,9 +8,11 @@ Status wrt upstream: This is a Debian specific patch. Note: the fix of the man page is still missing. (to be taken from the trunk) ---- a/src/su.c -+++ b/src/su.c -@@ -1150,6 +1150,35 @@ +Index: git/src/su.c +=================================================================== +--- git.orig/src/su.c ++++ git/src/su.c +@@ -1152,6 +1152,35 @@ argv[0] = "-c"; argv[1] = command; } diff --git a/debian/patches/523_su_arguments_are_no_more_concatenated_by_default b/debian/patches/523_su_arguments_are_no_more_concatenated_by_default index d4213451..e148d8d9 100644 --- a/debian/patches/523_su_arguments_are_no_more_concatenated_by_default +++ b/debian/patches/523_su_arguments_are_no_more_concatenated_by_default @@ -8,8 +8,10 @@ Etch. Status wrt upstream: This patch is Debian specific. ---- a/src/su.c -+++ b/src/su.c +Index: git/src/su.c +=================================================================== +--- git.orig/src/su.c ++++ git/src/su.c @@ -104,6 +104,19 @@ /* If nonzero, change some environment vars to indicate the user su'd to. */ static bool change_environment = true; @@ -30,7 +32,7 @@ Status wrt upstream: This patch is Debian specific. #ifdef USE_PAM static pam_handle_t *pamh = NULL; static int caught = 0; -@@ -950,6 +963,8 @@ +@@ -949,6 +962,8 @@ int ret; #endif /* USE_PAM */ @@ -39,7 +41,7 @@ Status wrt upstream: This patch is Debian specific. (void) setlocale (LC_ALL, ""); (void) bindtextdomain (PACKAGE, LOCALEDIR); (void) textdomain (PACKAGE); -@@ -1154,7 +1169,7 @@ +@@ -1156,7 +1171,7 @@ * resulting string is always given to the shell with its * -c option. */ diff --git a/debian/patches/542_useradd-O_option b/debian/patches/542_useradd-O_option index 506352f1..d5607f6f 100644 --- a/debian/patches/542_useradd-O_option +++ b/debian/patches/542_useradd-O_option @@ -5,9 +5,11 @@ Note: useradd.8 needs to be regenerated. Status wrt upstream: not included as this is just specific backward compatibility for Debian ---- a/man/useradd.8.xml -+++ b/man/useradd.8.xml -@@ -321,6 +321,11 @@ +Index: git/man/useradd.8.xml +=================================================================== +--- git.orig/man/useradd.8.xml ++++ git/man/useradd.8.xml +@@ -329,6 +329,11 @@ databases are resetted to avoid reusing the entry from a previously deleted user. @@ -19,9 +21,11 @@ Status wrt upstream: not included as this is just specific ---- a/src/useradd.c -+++ b/src/useradd.c -@@ -1011,9 +1011,9 @@ +Index: git/src/useradd.c +=================================================================== +--- git.orig/src/useradd.c ++++ git/src/useradd.c +@@ -1056,9 +1056,9 @@ }; while ((c = getopt_long (argc, argv, #ifdef WITH_SELINUX @@ -33,7 +37,7 @@ Status wrt upstream: not included as this is just specific #endif /* !WITH_SELINUX */ long_options, NULL)) != -1) { switch (c) { -@@ -1136,6 +1136,7 @@ +@@ -1181,6 +1181,7 @@ kflg = true; break; case 'K': -- cgit v1.2.1