From 0b381dd66f9bdaf037466ef813f307c003697be5 Mon Sep 17 00:00:00 2001
From: James Meyer <james.meyer@operamail.com>
Date: Tue, 7 Aug 2012 13:56:35 -0500
Subject: shadow 4.1.51

---
 abs/core/shadow/LICENSE                            |  31 +++++
 abs/core/shadow/PKGBUILD                           | 154 +++++++++++++--------
 abs/core/shadow/chage                              |   6 -
 abs/core/shadow/chpasswd                           |   2 +-
 abs/core/shadow/chsh                               |   6 -
 abs/core/shadow/login                              |  21 ---
 abs/core/shadow/login.defs                         |  21 ---
 abs/core/shadow/newusers                           |   2 +-
 abs/core/shadow/passwd                             |   4 +-
 abs/core/shadow/shadow                             |   6 -
 .../shadow/shadow-4.1.4.2-groupmod-pam-check.patch |  21 ---
 abs/core/shadow/shadow-strncpy-usage.patch         |  25 ++++
 abs/core/shadow/shadow.install                     |   7 +-
 13 files changed, 158 insertions(+), 148 deletions(-)
 create mode 100644 abs/core/shadow/LICENSE
 delete mode 100644 abs/core/shadow/chage
 delete mode 100644 abs/core/shadow/chsh
 delete mode 100644 abs/core/shadow/login
 delete mode 100644 abs/core/shadow/shadow
 delete mode 100644 abs/core/shadow/shadow-4.1.4.2-groupmod-pam-check.patch
 create mode 100644 abs/core/shadow/shadow-strncpy-usage.patch

diff --git a/abs/core/shadow/LICENSE b/abs/core/shadow/LICENSE
new file mode 100644
index 0000000..c5ab15a
--- /dev/null
+++ b/abs/core/shadow/LICENSE
@@ -0,0 +1,31 @@
+/*
+ * Copyright (c) 1990 - 1994, Julianne Frances Haugh
+ * Copyright (c) 1996 - 2000, Marek Michałkiewicz
+ * Copyright (c) 2001 - 2006, Tomasz Kłoczko
+ * Copyright (c) 2007 - 2009, Nicolas François
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the copyright holders or contributors may not be used to
+ *    endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
diff --git a/abs/core/shadow/PKGBUILD b/abs/core/shadow/PKGBUILD
index f8afc52..971b59a 100644
--- a/abs/core/shadow/PKGBUILD
+++ b/abs/core/shadow/PKGBUILD
@@ -1,97 +1,131 @@
-# $Id: PKGBUILD 81313 2010-05-28 01:29:23Z ibiru $
+# $Id: PKGBUILD 162993 2012-07-04 21:45:24Z dreisner $
+# Maintainer: Dave Reisner <dreisner@archlinux.org>
 # Maintainer: Aaron Griffin <aaron@archlinux.org>
 
 pkgname=shadow
-pkgver=4.1.4.2
-pkgrel=3
-pkgdesc="Shadow password file utilities"
+pkgver=4.1.5.1
+pkgrel=1
+pkgdesc="Password and account management tool suite with support for shadow files and PAM"
 arch=('i686' 'x86_64')
 url='http://pkg-shadow.alioth.debian.org/'
-license=('custom')
+license=('BSD')
 groups=('base')
-depends=('bash')
+depends=('bash' 'pam' 'acl')
 backup=(etc/login.defs
-        etc/pam.d/{chage,login,passwd,shadow,useradd,usermod,userdel}
+        etc/pam.d/{chage,passwd,shadow,useradd,usermod,userdel}
         etc/pam.d/{chpasswd,newusers,groupadd,groupdel,groupmod}
-        etc/pam.d/{chfn,chgpasswd,groupmems,chsh}
+        etc/pam.d/{chgpasswd,groupmems}
         etc/default/useradd)
-depends=('pam')
-source=(ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-$pkgver.tar.bz2
-        useradd.defaults login passwd chgpasswd chpasswd newusers defaults.pam
-	login.defs adduser shadow.cron.daily xstrdup.patch shadow-4.1.4.2-groupmod-pam-check.patch)
-options=(!libtool)
-install=shadow.install
-md5sums=('d593a9cab93c48ee0a6ba056db8c1997'
-         'beb64d09256ea46a4d96a783f096447f'
-         'a7597cb2f60d7544d8d0ba6e49f6d937'
-         'b84204ab731bd02dca49d0637d44ebec'
-         '65e9ebce249a5b9ed021e2790452b9e1'
-         '453a98456b297d2a69ca7e9b5f40d10b'
-         '453a98456b297d2a69ca7e9b5f40d10b'
-         'a31374fef2cba0ca34dfc7078e2969e4'
-         'fad9a7116366f7775b1099290be840da'
-         '6ce67e423ee19c87ae64f661310b2408'
-         '1d64b4113e1d402746d9dd65f28a2c6f'
-         '0eebe9d13065bec4b5d7ccf3bf46c509'
-         '7b747f7dca38b0b6e8ee56434378baae')
+options=('!libtool')
+install='shadow.install'
+source=("http://pkg-shadow.alioth.debian.org/releases/$pkgname-$pkgver.tar.bz2"{,.sig}
+        LICENSE
+        adduser
+        chgpasswd
+        chpasswd
+        defaults.pam
+        login.defs
+        newusers
+        passwd
+        shadow.cron.daily
+        useradd.defaults
+        xstrdup.patch
+        shadow-strncpy-usage.patch)
+sha1sums=('81f38720b953ef9c2c100c43d02dfe19cafd6c30'
+          '126570e2939bf3b57f28df5197ab9309747a6b5c'
+          '33a6cf1e44a1410e5c9726c89e5de68b78f5f922'
+          '78ec184a499f9708adcfcf0b7a3b22a60bf39f91'
+          '4ad0e059406a305c8640ed30d93c2a1f62c2f4ad'
+          '12427b1ca92a9b85ca8202239f0d9f50198b818f'
+          '0e56fed7fc93572c6bf0d8f3b099166558bb46f1'
+          'e5cab2118ecb1e61874cde842d7d04d1003f35cb'
+          '12427b1ca92a9b85ca8202239f0d9f50198b818f'
+          '611be25d91c3f8f307c7fe2485d5f781e5dee75f'
+          '5d83ba7e11c765c951867cbe00b0ae7ff57148fa'
+          '9ae93de5987dd0ae428f0cc1a5a5a5cd53583f19'
+          '6010fffeed1fc6673ad9875492e1193b1a847b53'
+          '21e12966a6befb25ec123b403cd9b5c492fe5b16')
 
 build() {
-  cd $srcdir/$pkgname-$pkgver
+  cd "$pkgname-$pkgver"
 
-  #Ugh, force this to build shared libraries, for god's sake
-  sed -i "s/noinst_LTLIBRARIES/lib_LTLIBRARIES/g" lib/Makefile.am
-  libtoolize
-  autoreconf
-  export LDFLAGS="$LDFLAGS -lcrypt"
+  # avoid transitive linking issues with binutils 2.22
+  sed -i '/^user\(mod\|add\)_LDADD/s|$| -lattr|' src/Makefile.am
 
-  patch -Np1 -i $srcdir/xstrdup.patch || return 1
-  patch -Np1 -i $srcdir/shadow-4.1.4.2-groupmod-pam-check.patch || return 1
+  # link to glibc's crypt(3)
+  LDFLAGS+=" -lcrypt"
+
+  # need to offer these upstream
+  patch -Np1 <"$srcdir/xstrdup.patch"
+  patch -Np1 <"$srcdir/shadow-strncpy-usage.patch"
 
   # supress etc/pam.d/*, we provide our own
   sed -i '/^SUBDIRS/s/pam.d//' etc/Makefile.in
 
   ./configure \
-    --prefix=/usr --libdir=/lib \
-    --mandir=/usr/share/man --sysconfdir=/etc \
-    --enable-shared --disable-static \
-    --with-libpam --without-selinux
-  make || return 1
+    --prefix=/usr \
+    --libdir=/lib \
+    --mandir=/usr/share/man \
+    --sysconfdir=/etc \
+    --with-libpam \
+    --without-selinux
+
+  make
 }
+
 package() {
-  cd $srcdir/$pkgname-$pkgver
-  make DESTDIR=$pkgdir install
+  cd "$pkgname-$pkgver"
+
+  make DESTDIR="$pkgdir" install
 
   # license
-  install -Dm644 COPYING $pkgdir/usr/share/licenses/shadow/COPYING
+  install -Dm644 "$srcdir/LICENSE" "$pkgdir/usr/share/licenses/shadow/LICENSE"
 
   # interactive useradd
-  install -Dm755 $srcdir/adduser $pkgdir/usr/sbin/adduser
+  install -Dm755 "$srcdir/adduser" "$pkgdir/usr/sbin/adduser"
 
   # useradd defaults
-  install -Dm644 $srcdir/useradd.defaults $pkgdir/etc/default/useradd
+  install -Dm644 "$srcdir/useradd.defaults" "$pkgdir/etc/default/useradd"
 
   # cron job
-  install -Dm744 $srcdir/shadow.cron.daily $pkgdir/etc/cron.daily/shadow
+  install -Dm744 "$srcdir/shadow.cron.daily" "$pkgdir/etc/cron.daily/shadow"
 
   # login.defs
-  install -Dm644 $srcdir/login.defs $pkgdir/etc/login.defs
-
-  # PAM config - cutsom
-  install -Dm644 $srcdir/login $pkgdir/etc/pam.d/login
-  install -Dm644 $srcdir/passwd $pkgdir/etc/pam.d/passwd
-  install -Dm644 $srcdir/chgpasswd $pkgdir/etc/pam.d/chgpasswd
-  install -Dm644 $srcdir/chpasswd $pkgdir/etc/pam.d/chpasswd
-  install -Dm644 $srcdir/newusers $pkgdir/etc/pam.d/newusers
+  install -Dm644 "$srcdir/login.defs" "$pkgdir/etc/login.defs"
+
+  # PAM config - custom
+  install -dm755 "$pkgdir/etc/pam.d"
+  install -t "$pkgdir/etc/pam.d" -m644 "$srcdir"/{passwd,chgpasswd,chpasswd,newusers}
+
   # PAM config - from tarball
-  install -Dm644 etc/pam.d/groupmems $pkgdir/etc/pam.d/groupmems
+  install -Dm644 etc/pam.d/groupmems "$pkgdir/etc/pam.d/groupmems"
 
   # we use the 'useradd' PAM file for other similar utilities
-  for file in chage chfn chsh groupadd groupdel groupmod shadow \
+  for file in chage groupadd groupdel groupmod shadow \
       useradd usermod userdel; do
-    install -Dm644 $srcdir/defaults.pam $pkgdir/etc/pam.d/$file
+    install -Dm644 "$srcdir/defaults.pam" "$pkgdir/etc/pam.d/$file"
   done
 
-  # Remove su - using su from coreutils instead
-  rm -v $pkgdir/bin/su
-  find $pkgdir/usr/share/man -name 'su.1' -exec rm -v {} \;
+  # Remove utilities provided by util-linux
+  rm \
+      "$pkgdir"/usr/bin/{chsh,chfn,sg} \
+      "$pkgdir"/bin/{login,su} \
+      "$pkgdir"/usr/sbin/{vipw,vigr}
+
+  # but we keep newgrp, as sg is really an alias to it
+  mv "$pkgdir"/usr/bin/{newgrp,sg}
+
+  # ...and their many man pages
+  find "$pkgdir"/usr/share/man \
+      '(' -name 'chsh.1'  -o \
+          -name 'chfn.1'  -o \
+          -name 'su.1'    -o \
+          -name 'login.1' -o \
+          -name 'vipw.8'  -o \
+          -name 'vigr.8'  -o \
+          -name 'newgrp.1' ')' \
+      -delete
+  rmdir \
+      "$pkgdir"/usr/share/man/{fi,id,zh_TW}/man1 \
+      "$pkgdir"/usr/share/man/{fi,ko/man8}
 }
diff --git a/abs/core/shadow/chage b/abs/core/shadow/chage
deleted file mode 100644
index a7bf8a4..0000000
--- a/abs/core/shadow/chage
+++ /dev/null
@@ -1,6 +0,0 @@
-#%PAM-1.0
-auth		sufficient	pam_rootok.so
-auth		required	pam_unix.so
-account		required	pam_unix.so
-session		required	pam_unix.so
-password	required	pam_permit.so
diff --git a/abs/core/shadow/chpasswd b/abs/core/shadow/chpasswd
index bc14857..5d44798 100644
--- a/abs/core/shadow/chpasswd
+++ b/abs/core/shadow/chpasswd
@@ -3,4 +3,4 @@ auth		sufficient	pam_rootok.so
 auth		required	pam_unix.so
 account		required	pam_unix.so
 session		required	pam_unix.so
-password 	required 	pam_unix.so md5 shadow
+password 	required 	pam_unix.so sha512 shadow
diff --git a/abs/core/shadow/chsh b/abs/core/shadow/chsh
deleted file mode 100644
index a7bf8a4..0000000
--- a/abs/core/shadow/chsh
+++ /dev/null
@@ -1,6 +0,0 @@
-#%PAM-1.0
-auth		sufficient	pam_rootok.so
-auth		required	pam_unix.so
-account		required	pam_unix.so
-session		required	pam_unix.so
-password	required	pam_permit.so
diff --git a/abs/core/shadow/login b/abs/core/shadow/login
deleted file mode 100644
index 2230dd0..0000000
--- a/abs/core/shadow/login
+++ /dev/null
@@ -1,21 +0,0 @@
-#%PAM-1.0
-auth		required	pam_securetty.so
-auth		requisite	pam_nologin.so
-auth		required	pam_unix.so nullok
-auth		required	pam_tally.so onerr=succeed file=/var/log/faillog
-# use this to lockout accounts for 10 minutes after 3 failed attempts
-#auth		required	pam_tally.so deny=2 unlock_time=600 onerr=succeed file=/var/log/faillog
-account		required	pam_access.so
-account		required	pam_time.so
-account		required	pam_unix.so
-#password	required	pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
-#password	required	pam_unix.so md5 shadow use_authtok
-session		required	pam_unix.so
-session		required	pam_env.so
-session		required	pam_motd.so
-session		required	pam_limits.so
-session		optional	pam_mail.so dir=/var/spool/mail standard
-session		optional	pam_lastlog.so
-# install consolekit and uncomment the line below
-#   to have ACL handle non-standard udev permissions
-#session		optional	pam_ck_connector.so
diff --git a/abs/core/shadow/login.defs b/abs/core/shadow/login.defs
index 653e14e..2500ee4 100644
--- a/abs/core/shadow/login.defs
+++ b/abs/core/shadow/login.defs
@@ -187,27 +187,6 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# When prompting for password without echo, getpass() can optionally
-# display a random number (in the range 1 to GETPASS_ASTERISKS) of '*'
-# characters for each character typed.  This feature is designed to
-# confuse people looking over your shoulder when you enter a password :-).
-# Also, the new getpass() accepts both Backspace (8) and Delete (127)
-# keys to delete previous character (to cope with different terminal
-# types), Control-U to delete all characters, and beeps when there are
-# no more characters to delete, or too many characters entered.
-#
-# Setting GETPASS_ASTERISKS to 1 results in more traditional behaviour -
-# exactly one '*' displayed for each character typed.
-#
-# Setting GETPASS_ASTERISKS to 0 disables the '*' characters (Backspace,
-# Delete, Control-U and beep continue to work as described above).
-#
-# Setting GETPASS_ASTERISKS to -1 reverts to the traditional getpass()
-# without any new features.  This is the default.
-#
-#GETPASS_ASTERISKS 1
-
-#
 # Enable setting of the umask group bits to be the same as owner bits
 # (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is
 # the same as gid, and username is the same as the primary group name.
diff --git a/abs/core/shadow/newusers b/abs/core/shadow/newusers
index bc14857..5d44798 100644
--- a/abs/core/shadow/newusers
+++ b/abs/core/shadow/newusers
@@ -3,4 +3,4 @@ auth		sufficient	pam_rootok.so
 auth		required	pam_unix.so
 account		required	pam_unix.so
 session		required	pam_unix.so
-password 	required 	pam_unix.so md5 shadow
+password 	required 	pam_unix.so sha512 shadow
diff --git a/abs/core/shadow/passwd b/abs/core/shadow/passwd
index 1ffd1bd..ab56da4 100644
--- a/abs/core/shadow/passwd
+++ b/abs/core/shadow/passwd
@@ -1,4 +1,4 @@
 #%PAM-1.0
 #password	required	pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
-#password	required	pam_unix.so md5 shadow use_authtok
-password	required	pam_unix.so md5 shadow nullok
+#password	required	pam_unix.so sha512 shadow use_authtok
+password	required	pam_unix.so sha512 shadow nullok
diff --git a/abs/core/shadow/shadow b/abs/core/shadow/shadow
deleted file mode 100644
index a7bf8a4..0000000
--- a/abs/core/shadow/shadow
+++ /dev/null
@@ -1,6 +0,0 @@
-#%PAM-1.0
-auth		sufficient	pam_rootok.so
-auth		required	pam_unix.so
-account		required	pam_unix.so
-session		required	pam_unix.so
-password	required	pam_permit.so
diff --git a/abs/core/shadow/shadow-4.1.4.2-groupmod-pam-check.patch b/abs/core/shadow/shadow-4.1.4.2-groupmod-pam-check.patch
deleted file mode 100644
index f25c4e1..0000000
--- a/abs/core/shadow/shadow-4.1.4.2-groupmod-pam-check.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-http://bugs.gentoo.org/300790
-http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/2009-November/007850.html
-
-2009-11-05  Nicolas François  <nicolas.francois@centraliens.net>
-
-	* NEWS, src/groupmod.c: Fixed groupmod when configured with
-	--enable-account-tools-setuid.
-
-diff --git a/src/groupmod.c b/src/groupmod.c
-index 4205df2..da6d77f 100644
---- a/src/groupmod.c
-+++ b/src/groupmod.c
-@@ -724,7 +724,7 @@ int main (int argc, char **argv)
- 	{
- 		struct passwd *pampw;
- 		pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
--		if (NULL == pamh) {
-+		if (NULL == pampw) {
- 			fprintf (stderr,
- 			         _("%s: Cannot determine your user name.\n"),
- 			         Prog);
diff --git a/abs/core/shadow/shadow-strncpy-usage.patch b/abs/core/shadow/shadow-strncpy-usage.patch
new file mode 100644
index 0000000..5aba8fa
--- /dev/null
+++ b/abs/core/shadow/shadow-strncpy-usage.patch
@@ -0,0 +1,25 @@
+diff -u shadow-4.1.5/src/usermod.c.orig shadow-4.1.5/src/usermod.c
+--- shadow-4.1.5/src/usermod.c.orig	2012-02-13 08:19:43.792146449 -0500
++++ shadow-4.1.5/src/usermod.c	2012-02-13 08:21:19.375114500 -0500
+@@ -182,7 +182,7 @@
+ 	struct tm *tp;
+ 
+ 	if (date < 0) {
+-		strncpy (buf, "never", maxsize);
++		strncpy (buf, "never", maxsize - 1);
+ 	} else {
+ 		time_t t = (time_t) date;
+ 		tp = gmtime (&t);
+diff -u shadow-4.1.5/src/login.c.orig shadow-4.1.5/src/login.c
+--- shadow-4.1.5/src/login.c.orig	2012-02-13 08:19:50.951994454 -0500
++++ shadow-4.1.5/src/login.c	2012-02-13 08:21:04.490430937 -0500
+@@ -752,7 +752,8 @@
+ 			          _("%s login: "), hostn);
+ 		} else {
+ 			strncpy (loginprompt, _("login: "),
+-			         sizeof (loginprompt));
++			         sizeof (loginprompt) - 1);
++			loginprompt[sizeof (loginprompt) - 1] = '\0';
+ 		}
+ 
+ 		retcode = pam_set_item (pamh, PAM_USER_PROMPT, loginprompt);
diff --git a/abs/core/shadow/shadow.install b/abs/core/shadow/shadow.install
index c1bd106..14384c3 100644
--- a/abs/core/shadow/shadow.install
+++ b/abs/core/shadow/shadow.install
@@ -1,8 +1,9 @@
 post_upgrade() {
-  grpck -r &>/dev/null
+  grpck -r >/dev/null 2>&1
   if [ $? -eq 2 ]; then
-    echo "Fixing gshadow file ..."
-    while :; do echo "y"; done | grpck &>/dev/null
+    printf '%s\n' \
+      "==> Warning: /etc/group or /etc/gshadow are inconsistent." \
+      "    Run 'grpck' to correct this."
   fi
   return 0
 }
-- 
cgit v0.12