From 21f3deaaa33c04b3bc0d7fc0c682ee105a251dfb Mon Sep 17 00:00:00 2001
From: Michael Hanson <hansonorders@verizon.net>
Date: Tue, 30 Nov 2010 01:52:12 +0000
Subject: shadow: upgrade

---
 abs/core/shadow/PKGBUILD                           | 71 +++++++++++++---------
 abs/core/shadow/chgpasswd                          |  4 ++
 abs/core/shadow/chpasswd                           |  6 ++
 abs/core/shadow/login                              |  3 +
 abs/core/shadow/login.defs                         |  8 ++-
 abs/core/shadow/newusers                           |  6 ++
 .../shadow/shadow-4.1.4.2-groupmod-pam-check.patch | 21 +++++++
 abs/core/shadow/shadow.install                     | 13 ++--
 8 files changed, 93 insertions(+), 39 deletions(-)
 create mode 100644 abs/core/shadow/chgpasswd
 create mode 100644 abs/core/shadow/chpasswd
 create mode 100644 abs/core/shadow/newusers
 create mode 100644 abs/core/shadow/shadow-4.1.4.2-groupmod-pam-check.patch

diff --git a/abs/core/shadow/PKGBUILD b/abs/core/shadow/PKGBUILD
index 89fba13..f8afc52 100644
--- a/abs/core/shadow/PKGBUILD
+++ b/abs/core/shadow/PKGBUILD
@@ -1,14 +1,15 @@
-# $Id: PKGBUILD 10738 2008-08-31 05:33:35Z aaron $
+# $Id: PKGBUILD 81313 2010-05-28 01:29:23Z ibiru $
 # Maintainer: Aaron Griffin <aaron@archlinux.org>
 
 pkgname=shadow
-pkgver=4.1.2.1
-pkgrel=2
+pkgver=4.1.4.2
+pkgrel=3
 pkgdesc="Shadow password file utilities"
-arch=(i686 x86_64)
+arch=('i686' 'x86_64')
 url='http://pkg-shadow.alioth.debian.org/'
 license=('custom')
 groups=('base')
+depends=('bash')
 backup=(etc/login.defs
         etc/pam.d/{chage,login,passwd,shadow,useradd,usermod,userdel}
         etc/pam.d/{chpasswd,newusers,groupadd,groupdel,groupmod}
@@ -16,22 +17,26 @@ backup=(etc/login.defs
         etc/default/useradd)
 depends=('pam')
 source=(ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-$pkgver.tar.bz2
-        useradd.defaults login passwd defaults.pam login.defs adduser shadow.cron.daily
-        xstrdup.patch)
+        useradd.defaults login passwd chgpasswd chpasswd newusers defaults.pam
+	login.defs adduser shadow.cron.daily xstrdup.patch shadow-4.1.4.2-groupmod-pam-check.patch)
 options=(!libtool)
-install='shadow.install'
-md5sums=('c178e49c45495e296dabbe4ae01a0fbe'
+install=shadow.install
+md5sums=('d593a9cab93c48ee0a6ba056db8c1997'
          'beb64d09256ea46a4d96a783f096447f'
-         '0aa429de6773ebcdf89db80165379cc6'
+         'a7597cb2f60d7544d8d0ba6e49f6d937'
          'b84204ab731bd02dca49d0637d44ebec'
+         '65e9ebce249a5b9ed021e2790452b9e1'
+         '453a98456b297d2a69ca7e9b5f40d10b'
+         '453a98456b297d2a69ca7e9b5f40d10b'
          'a31374fef2cba0ca34dfc7078e2969e4'
-         '3699bed31154051c0508a890d6d95027'
+         'fad9a7116366f7775b1099290be840da'
          '6ce67e423ee19c87ae64f661310b2408'
          '1d64b4113e1d402746d9dd65f28a2c6f'
-         '0eebe9d13065bec4b5d7ccf3bf46c509')
+         '0eebe9d13065bec4b5d7ccf3bf46c509'
+         '7b747f7dca38b0b6e8ee56434378baae')
 
 build() {
-  cd $startdir/src/$pkgname-$pkgver
+  cd $srcdir/$pkgname-$pkgver
 
   #Ugh, force this to build shared libraries, for god's sake
   sed -i "s/noinst_LTLIBRARIES/lib_LTLIBRARIES/g" lib/Makefile.am
@@ -39,48 +44,54 @@ build() {
   autoreconf
   export LDFLAGS="$LDFLAGS -lcrypt"
 
-  patch -Np1 -i $startdir/src/xstrdup.patch || return 1
+  patch -Np1 -i $srcdir/xstrdup.patch || return 1
+  patch -Np1 -i $srcdir/shadow-4.1.4.2-groupmod-pam-check.patch || return 1
 
   # supress etc/pam.d/*, we provide our own
   sed -i '/^SUBDIRS/s/pam.d//' etc/Makefile.in
 
   ./configure \
-  	--prefix=/usr --libdir=/lib \
-	--mandir=/usr/share/man --sysconfdir=/etc \
+    --prefix=/usr --libdir=/lib \
+    --mandir=/usr/share/man --sysconfdir=/etc \
     --enable-shared --disable-static \
     --with-libpam --without-selinux
   make || return 1
-  make DESTDIR=$startdir/pkg install
+}
+package() {
+  cd $srcdir/$pkgname-$pkgver
+  make DESTDIR=$pkgdir install
 
   # license
-  install -D -m644 COPYING $startdir/pkg/usr/share/licenses/shadow/COPYING
+  install -Dm644 COPYING $pkgdir/usr/share/licenses/shadow/COPYING
 
   # interactive useradd
-  install -D -m755 $startdir/src/adduser $startdir/pkg/usr/sbin/adduser
+  install -Dm755 $srcdir/adduser $pkgdir/usr/sbin/adduser
 
   # useradd defaults
-  install -D -m644 $startdir/src/useradd.defaults $startdir/pkg/etc/default/useradd
+  install -Dm644 $srcdir/useradd.defaults $pkgdir/etc/default/useradd
 
   # cron job
-  install -D -m744 $startdir/src/shadow.cron.daily $startdir/pkg/etc/cron.daily/shadow
+  install -Dm744 $srcdir/shadow.cron.daily $pkgdir/etc/cron.daily/shadow
 
   # login.defs
-  install -D -m644 $startdir/src/login.defs $startdir/pkg/etc/login.defs
+  install -Dm644 $srcdir/login.defs $pkgdir/etc/login.defs
 
   # PAM config - cutsom
-  install -D -m644 $startdir/src/login $startdir/pkg/etc/pam.d/login
-  install -D -m644 $startdir/src/passwd $startdir/pkg/etc/pam.d/passwd
+  install -Dm644 $srcdir/login $pkgdir/etc/pam.d/login
+  install -Dm644 $srcdir/passwd $pkgdir/etc/pam.d/passwd
+  install -Dm644 $srcdir/chgpasswd $pkgdir/etc/pam.d/chgpasswd
+  install -Dm644 $srcdir/chpasswd $pkgdir/etc/pam.d/chpasswd
+  install -Dm644 $srcdir/newusers $pkgdir/etc/pam.d/newusers
   # PAM config - from tarball
-  install -D -m644 etc/pam.d/chgpasswd $startdir/pkg/etc/pam.d/chgpasswd
-  install -D -m644 etc/pam.d/groupmems $startdir/pkg/etc/pam.d/groupmems
+  install -Dm644 etc/pam.d/groupmems $pkgdir/etc/pam.d/groupmems
 
   # we use the 'useradd' PAM file for other similar utilities
-  for file in chage chpasswd chfn chsh groupadd groupdel groupmod \
-      newusers shadow useradd usermod userdel; do
-    install -D -m644 $startdir/src/defaults.pam $startdir/pkg/etc/pam.d/$file
+  for file in chage chfn chsh groupadd groupdel groupmod shadow \
+      useradd usermod userdel; do
+    install -Dm644 $srcdir/defaults.pam $pkgdir/etc/pam.d/$file
   done
 
   # Remove su - using su from coreutils instead
-  rm -v $startdir/pkg/bin/su
-  find $startdir/pkg/usr/share/man -name 'su.1' -exec rm -v {} \;
+  rm -v $pkgdir/bin/su
+  find $pkgdir/usr/share/man -name 'su.1' -exec rm -v {} \;
 }
diff --git a/abs/core/shadow/chgpasswd b/abs/core/shadow/chgpasswd
new file mode 100644
index 0000000..8f49f5c
--- /dev/null
+++ b/abs/core/shadow/chgpasswd
@@ -0,0 +1,4 @@
+#%PAM-1.0
+auth		sufficient	pam_rootok.so
+account		required	pam_permit.so
+password	include		system-auth
diff --git a/abs/core/shadow/chpasswd b/abs/core/shadow/chpasswd
new file mode 100644
index 0000000..bc14857
--- /dev/null
+++ b/abs/core/shadow/chpasswd
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth		sufficient	pam_rootok.so
+auth		required	pam_unix.so
+account		required	pam_unix.so
+session		required	pam_unix.so
+password 	required 	pam_unix.so md5 shadow
diff --git a/abs/core/shadow/login b/abs/core/shadow/login
index 5d4ceeb..2230dd0 100644
--- a/abs/core/shadow/login
+++ b/abs/core/shadow/login
@@ -16,3 +16,6 @@ session		required	pam_motd.so
 session		required	pam_limits.so
 session		optional	pam_mail.so dir=/var/spool/mail standard
 session		optional	pam_lastlog.so
+# install consolekit and uncomment the line below
+#   to have ACL handle non-standard udev permissions
+#session		optional	pam_ck_connector.so
diff --git a/abs/core/shadow/login.defs b/abs/core/shadow/login.defs
index 9b1fab0..653e14e 100644
--- a/abs/core/shadow/login.defs
+++ b/abs/core/shadow/login.defs
@@ -131,12 +131,18 @@ PASS_WARN_AGE	7
 #
 UID_MIN			 1000
 UID_MAX			60000
+# System accounts
+SYS_UID_MIN		  500
+SYS_UID_MAX		  999
 
 #
 # Min/max values for automatic gid selection in groupadd
 #
-GID_MIN			  100
+GID_MIN			 1000
 GID_MAX			60000
+# System accounts
+SYS_GID_MIN		  500
+SYS_GID_MAX		  999
 
 #
 # Max number of login retries if password is bad
diff --git a/abs/core/shadow/newusers b/abs/core/shadow/newusers
new file mode 100644
index 0000000..bc14857
--- /dev/null
+++ b/abs/core/shadow/newusers
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth		sufficient	pam_rootok.so
+auth		required	pam_unix.so
+account		required	pam_unix.so
+session		required	pam_unix.so
+password 	required 	pam_unix.so md5 shadow
diff --git a/abs/core/shadow/shadow-4.1.4.2-groupmod-pam-check.patch b/abs/core/shadow/shadow-4.1.4.2-groupmod-pam-check.patch
new file mode 100644
index 0000000..f25c4e1
--- /dev/null
+++ b/abs/core/shadow/shadow-4.1.4.2-groupmod-pam-check.patch
@@ -0,0 +1,21 @@
+http://bugs.gentoo.org/300790
+http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/2009-November/007850.html
+
+2009-11-05  Nicolas François  <nicolas.francois@centraliens.net>
+
+	* NEWS, src/groupmod.c: Fixed groupmod when configured with
+	--enable-account-tools-setuid.
+
+diff --git a/src/groupmod.c b/src/groupmod.c
+index 4205df2..da6d77f 100644
+--- a/src/groupmod.c
++++ b/src/groupmod.c
+@@ -724,7 +724,7 @@ int main (int argc, char **argv)
+ 	{
+ 		struct passwd *pampw;
+ 		pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
+-		if (NULL == pamh) {
++		if (NULL == pampw) {
+ 			fprintf (stderr,
+ 			         _("%s: Cannot determine your user name.\n"),
+ 			         Prog);
diff --git a/abs/core/shadow/shadow.install b/abs/core/shadow/shadow.install
index 881a67b..c1bd106 100644
--- a/abs/core/shadow/shadow.install
+++ b/abs/core/shadow/shadow.install
@@ -1,11 +1,8 @@
 post_upgrade() {
-  # fix gshadow
-  if [ "$(grpck -r)" ]; then
-     echo "Fixing gshadow file ..."
-     while :; do echo "y"; done | grpck
+  grpck -r &>/dev/null
+  if [ $? -eq 2 ]; then
+    echo "Fixing gshadow file ..."
+    while :; do echo "y"; done | grpck &>/dev/null
   fi
+  return 0
 }
-
-op=$1
-shift
-$op $*
-- 
cgit v0.12