Ubuntu
shadow package

Merge lp:ubuntu/utopic/shadow into lp:ubuntu/trusty/shadow

  1. Utopic (14.10)
  2. utopic
  3. Merge into trusty
Proposed by Jeffrey Flaker
Status: Needs review
Proposed branch: lp:ubuntu/utopic/shadow
Merge into: lp:ubuntu/trusty/shadow
Diff against target: 324 lines (+239/-15)
5 files modified
debian/changelog (+52/-0)
debian/control (+3/-2)
debian/patches/1010_extrausers.patch (+176/-0)
debian/patches/series (+1/-0)
debian/rules (+7/-13)
To merge this branch: bzr merge lp:ubuntu/utopic/shadow
Reviewer Review Type Date Requested Status
Daniel Holbach (community) Needs Information
Review via email: mp+232807@code.launchpad.net

Description of the change

Fixed spelling error in bug 1348873

To post a comment you must log in.
Revision history for this message
Daniel Holbach (dholbach) wrote :

To get into a stable release, this will need to follow: https://wiki.ubuntu.com/StableReleaseUpdates

The changes below are also more than just a spelling fix.

review: Needs Information
Reply

Unmerged revisions

66. By Michael Terry

* debian/patches/1010_extrausers.patch:
  - Add support to passwd for libnss-extrausers by falling back to the
    /var/lib/extrausers/ locations if it exists when updating
    passwd or shadow.

65. By Stéphane Graber

* Merge from Debian unstable. Remaining changes:
   - debian/passwd.upstart: Add an upstrat job to clear locks on
     [shadow-]passwd/group. (LP: #523896).
   - Allow LXC devices (lxc/console, lxc/tty[1234]) that we'll start using
     in LXC with Precise.
   - debian/login.defs:
     + Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
       handling does not only apply to "former (pre-PAM) uses".
     + Update documentation of UMASK: Explain that USERGROUPS_ENAB
       will modify this default for UPGs. (Closes: #583971)
   - debian/{source_shadow.py,rules}: Add apport hook
   - debian/patches/495_stdout-encrypted-password: chpasswd can report
     password hashes on stdout (Debian bug 505640).
   - Install upstart job by-hand, instead of using dh_installinit to avoid
     dependency on upstart-job.
   - Pass noupdate to pam_motd call for /run/motd.dynamic, to avoid running
     /etc/update-motd.d/* scripts twice (LP: #1169558).
   - debian/patches/496_su_kill_process_group: Kill the child process group,
     rather than just the immediate child; this is needed now that su no
     longer starts a controlling terminal when not running an interactive
     shell (closes: #713979).
   - Add uidmap package based on upstream patches that introduce
     newuidmap/newgidmap as well as /etc/subuid and /etc/subgid. Additional
     updates on those to widen the default allocation to 65536 uids and gids
     and only assign ranges to non-system users.

64. By Stéphane Graber

releasing version 1:4.1.5.1-1.1ubuntu1

63. By Stéphane Graber

Merge from Debian unstable

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/changelog'
2--- debian/changelog 2014-02-17 00:33:53 +0000
3+++ debian/changelog 2014-08-31 02:23:26 +0000
4@@ -1,3 +1,55 @@
5+shadow (1:4.1.5.1-1.1ubuntu2) utopic; urgency=medium
6+
7+ * debian/patches/1010_extrausers.patch:
8+ - Add support to passwd for libnss-extrausers by falling back to the
9+ /var/lib/extrausers/ locations if it exists when updating
10+ passwd or shadow.
11+
12+ -- Michael Terry <mterry@ubuntu.com> Fri, 18 Jul 2014 10:00:44 -0400
13+
14+shadow (1:4.1.5.1-1.1ubuntu1) utopic; urgency=medium
15+
16+ * Merge from Debian unstable. Remaining changes:
17+ - debian/passwd.upstart: Add an upstrat job to clear locks on
18+ [shadow-]passwd/group. (LP: #523896).
19+ - Allow LXC devices (lxc/console, lxc/tty[1234]) that we'll start using
20+ in LXC with Precise.
21+ - debian/login.defs:
22+ + Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
23+ handling does not only apply to "former (pre-PAM) uses".
24+ + Update documentation of UMASK: Explain that USERGROUPS_ENAB
25+ will modify this default for UPGs. (Closes: #583971)
26+ - debian/{source_shadow.py,rules}: Add apport hook
27+ - debian/patches/495_stdout-encrypted-password: chpasswd can report
28+ password hashes on stdout (Debian bug 505640).
29+ - Install upstart job by-hand, instead of using dh_installinit to avoid
30+ dependency on upstart-job.
31+ - Pass noupdate to pam_motd call for /run/motd.dynamic, to avoid running
32+ /etc/update-motd.d/* scripts twice (LP: #1169558).
33+ - debian/patches/496_su_kill_process_group: Kill the child process group,
34+ rather than just the immediate child; this is needed now that su no
35+ longer starts a controlling terminal when not running an interactive
36+ shell (closes: #713979).
37+ - Add uidmap package based on upstream patches that introduce
38+ newuidmap/newgidmap as well as /etc/subuid and /etc/subgid. Additional
39+ updates on those to widen the default allocation to 65536 uids and gids
40+ and only assign ranges to non-system users.
41+
42+ -- Stéphane Graber <stgraber@ubuntu.com> Fri, 02 May 2014 15:17:15 -0400
43+
44+shadow (1:4.1.5.1-1.1) unstable; urgency=medium
45+
46+ * Non-maintainer upload.
47+
48+ [ Eric Dorland ]
49+ * Switch to automake1.11. (Closes: #724434)
50+
51+ [ Samuel Thibault ]
52+ * Enable the login package on hurd-any, but without /bin/login, still provided
53+ by the hurd package. Closes: #737805.
54+
55+ -- Samuel Thibault <sthibault@debian.org> Sun, 16 Mar 2014 20:58:24 +0100
56+
57 shadow (1:4.1.5.1-1ubuntu9) trusty; urgency=medium
58
59 * Set our subuid and subgid range to 65536 uids by default.
60
61=== modified file 'debian/control'
62--- debian/control 2013-06-28 11:31:51 +0000
63+++ debian/control 2014-08-31 02:23:26 +0000
64@@ -5,7 +5,7 @@
65 XSBC-Original-Maintainer: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
66 Standards-Version: 3.9.3
67 Uploaders: Christian Perrier <bubulle@debian.org>, Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net>
68-Build-Depends: autoconf, automake1.9, libtool, gettext, libpam0g-dev, debhelper (>= 6.0.7~), quilt, dpkg-dev (>= 1.13.5), xsltproc, docbook-xsl, docbook-xml, libxml2-utils, cdbs, libselinux1-dev [linux-any], libsemanage1-dev [linux-any], gnome-doc-utils (>= 0.4.3)
69+Build-Depends: autoconf, automake1.11, libtool, gettext, libpam0g-dev, debhelper (>= 6.0.7~), quilt, dpkg-dev (>= 1.13.5), xsltproc, docbook-xsl, docbook-xml, libxml2-utils, cdbs, libselinux1-dev [linux-any], libsemanage1-dev [linux-any], gnome-doc-utils (>= 0.4.3)
70 Vcs-Svn: svn://svn.debian.org/svn/pkg-shadow/debian/trunk
71 Vcs-Browser: http://svn.debian.org/viewsvn/pkg-shadow/debian/trunk
72 Homepage: http://pkg-shadow.alioth.debian.org/
73@@ -25,7 +25,8 @@
74 Architecture: any
75 Pre-Depends: ${shlibs:Depends}, ${misc:Depends}, libpam-runtime, libpam-modules
76 Conflicts: gnunet (<< 0.7.0c-2), amavisd-new (<<2.3.3-8), python-4suite (<< 0.99cvs20060405-1), backupninja (<< 0.9.3-5), echolot (<< 2.1.8-4)
77-Replaces: manpages-de (<< 0.5-3), manpages-tr (<<1.0.5), manpages-zh (<<1.5.1-1)
78+Breaks: coreutils (<< 8.21-1.1~) [hurd-any], passwd (<< 1:4.1.5.1-1.1~) [hurd-any], hurd (<< 1:0.5.git20140206~) [hurd-any]
79+Replaces: manpages-de (<< 0.5-3), manpages-tr (<<1.0.5), manpages-zh (<<1.5.1-1), coreutils (<< 8.21-1.1~) [hurd-any], passwd (<< 1:4.1.5.1-1.1~) [hurd-any], hurd (<< 1:0.5.git20140206~) [hurd-any]
80 Essential: yes
81 Description: system login tools
82 These tools are required to be able to login and use your system. The
83
84=== added file 'debian/patches/1010_extrausers.patch'
85--- debian/patches/1010_extrausers.patch 1970-01-01 00:00:00 +0000
86+++ debian/patches/1010_extrausers.patch 2014-08-31 02:23:26 +0000
87@@ -0,0 +1,176 @@
88+Description: Add support to passwd for updating libnss-extrausers locations
89+Author: Michael Terry <michael.terry@canonical.com>
90+
91+Index: shadow-4.1.5.1/lib/defines.h
92+===================================================================
93+--- shadow-4.1.5.1.orig/lib/defines.h
94++++ shadow-4.1.5.1/lib/defines.h
95+@@ -316,6 +316,14 @@ char *strchr (), *strrchr (), *strtok ()
96+ #endif
97+ #endif
98+
99++#ifndef EXTRAUSERS_PASSWD_FILE
100++#define EXTRAUSERS_PASSWD_FILE "/var/lib/extrausers/passwd"
101++#endif
102++
103++#ifndef EXTRAUSERS_SHADOW_FILE
104++#define EXTRAUSERS_SHADOW_FILE "/var/lib/extrausers/shadow"
105++#endif
106++
107+ #ifndef NULL
108+ #define NULL ((void *) 0)
109+ #endif
110+Index: shadow-4.1.5.1/src/passwd.c
111+===================================================================
112+--- shadow-4.1.5.1.orig/src/passwd.c
113++++ shadow-4.1.5.1/src/passwd.c
114+@@ -544,8 +544,15 @@ static void update_noshadow (void)
115+ {
116+ const struct passwd *pw;
117+ struct passwd *npw;
118++ bool try_extrausers = strcmp (pw_dbname (), EXTRAUSERS_PASSWD_FILE) != 0 &&
119++ access (EXTRAUSERS_PASSWD_FILE, F_OK) == 0;
120+
121+ if (pw_lock () == 0) {
122++ if (try_extrausers) {
123++ pw_setdbname (EXTRAUSERS_PASSWD_FILE);
124++ update_noshadow ();
125++ return;
126++ }
127+ (void) fprintf (stderr,
128+ _("%s: cannot lock %s; try again later.\n"),
129+ Prog, pw_dbname ());
130+@@ -553,6 +560,20 @@ static void update_noshadow (void)
131+ }
132+ pw_locked = true;
133+ if (pw_open (O_RDWR) == 0) {
134++ if (try_extrausers) {
135++ if (pw_unlock () == 0) {
136++ (void) fprintf (stderr,
137++ _("%s: failed to unlock %s\n"),
138++ Prog, pw_dbname ());
139++ SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
140++ /* continue */
141++ }
142++ pw_locked = false;
143++
144++ pw_setdbname (EXTRAUSERS_PASSWD_FILE);
145++ update_noshadow ();
146++ return;
147++ }
148+ (void) fprintf (stderr,
149+ _("%s: cannot open %s\n"),
150+ Prog, pw_dbname ());
151+@@ -561,6 +582,21 @@ static void update_noshadow (void)
152+ }
153+ pw = pw_locate (name);
154+ if (NULL == pw) {
155++ if (try_extrausers) {
156++ (void) pw_close ();
157++ if (pw_unlock () == 0) {
158++ (void) fprintf (stderr,
159++ _("%s: failed to unlock %s\n"),
160++ Prog, pw_dbname ());
161++ SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
162++ /* continue */
163++ }
164++ pw_locked = false;
165++
166++ pw_setdbname (EXTRAUSERS_PASSWD_FILE);
167++ update_noshadow ();
168++ return;
169++ }
170+ (void) fprintf (stderr,
171+ _("%s: user '%s' does not exist in %s\n"),
172+ Prog, name, pw_dbname ());
173+@@ -598,8 +634,15 @@ static void update_shadow (void)
174+ {
175+ const struct spwd *sp;
176+ struct spwd *nsp;
177++ bool try_extrausers = strcmp (spw_dbname (), EXTRAUSERS_SHADOW_FILE) != 0 &&
178++ access (EXTRAUSERS_SHADOW_FILE, F_OK) == 0;
179+
180+ if (spw_lock () == 0) {
181++ if (try_extrausers) {
182++ spw_setdbname (EXTRAUSERS_SHADOW_FILE);
183++ update_shadow ();
184++ return;
185++ }
186+ (void) fprintf (stderr,
187+ _("%s: cannot lock %s; try again later.\n"),
188+ Prog, spw_dbname ());
189+@@ -607,6 +650,20 @@ static void update_shadow (void)
190+ }
191+ spw_locked = true;
192+ if (spw_open (O_RDWR) == 0) {
193++ if (try_extrausers) {
194++ if (spw_unlock () == 0) {
195++ (void) fprintf (stderr,
196++ _("%s: failed to unlock %s\n"),
197++ Prog, spw_dbname ());
198++ SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ()));
199++ /* continue */
200++ }
201++ spw_locked = false;
202++
203++ spw_setdbname (EXTRAUSERS_SHADOW_FILE);
204++ update_shadow ();
205++ return;
206++ }
207+ (void) fprintf (stderr,
208+ _("%s: cannot open %s\n"),
209+ Prog, spw_dbname ());
210+@@ -617,7 +674,9 @@ static void update_shadow (void)
211+ if (NULL == sp) {
212+ /* Try to update the password in /etc/passwd instead. */
213+ (void) spw_close ();
214+- update_noshadow ();
215++ if (!try_extrausers) {
216++ update_noshadow ();
217++ }
218+ if (spw_unlock () == 0) {
219+ (void) fprintf (stderr,
220+ _("%s: failed to unlock %s\n"),
221+@@ -626,6 +685,10 @@ static void update_shadow (void)
222+ /* continue */
223+ }
224+ spw_locked = false;
225++ if (try_extrausers) {
226++ spw_setdbname (EXTRAUSERS_SHADOW_FILE);
227++ update_shadow ();
228++ }
229+ return;
230+ }
231+ nsp = __spw_dup (sp);
232+Index: shadow-4.1.5.1/lib/commonio.c
233+===================================================================
234+--- shadow-4.1.5.1.orig/lib/commonio.c
235++++ shadow-4.1.5.1/lib/commonio.c
236+@@ -401,6 +401,7 @@ int commonio_lock_nowait (struct commoni
237+ int commonio_lock (struct commonio_db *db)
238+ {
239+ #ifdef HAVE_LCKPWDF
240++ if (strncmp(db->filename, "/etc/", 5) == 0) {
241+ /*
242+ * only if the system libc has a real lckpwdf() - the one from
243+ * lockpw.c calls us and would cause infinite recursion!
244+@@ -428,7 +429,9 @@ int commonio_lock (struct commonio_db *d
245+
246+ ulckpwdf ();
247+ return 0; /* failure */
248+-#else /* !HAVE_LCKPWDF */
249++ } else /* strncmp(db->filename, "/etc/", 5) == 0 */
250++#endif /* HAVE_LCKPWDF */
251++ {
252+ int i;
253+
254+ /*
255+@@ -456,7 +459,7 @@ int commonio_lock (struct commonio_db *d
256+ }
257+ }
258+ return 0; /* failure */
259+-#endif /* !HAVE_LCKPWDF */
260++ }
261+ }
262+
263+ static void dec_lock_count (void)
264
265=== modified file 'debian/patches/series'
266--- debian/patches/series 2014-02-17 00:33:42 +0000
267+++ debian/patches/series 2014-08-31 02:23:26 +0000
268@@ -35,3 +35,4 @@
269 userns/16_add-argument-sanity-checking.patch
270 496_su_kill_process_group
271 1000_configure_userns
272+1010_extrausers.patch
273
274=== modified file 'debian/rules'
275--- debian/rules 2014-01-12 17:28:26 +0000
276+++ debian/rules 2014-08-31 02:23:26 +0000
277@@ -3,11 +3,6 @@
278
279 DEB_HOST_ARCH_OS := $(shell dpkg-architecture -qDEB_HOST_ARCH_OS)
280
281-ifeq ($(DEB_HOST_ARCH_OS),hurd)
282-# Do not build login on The Hurd
283-override DEB_ARCH_PACKAGES=passwd
284-endif
285-
286 # Enable PIE, BINDNOW, and possible future flags.
287 export DEB_BUILD_MAINT_OPTIONS = hardening=+all
288
289@@ -21,9 +16,9 @@
290
291 include /usr/share/cdbs/1/class/autotools.mk
292 # Automatically update autoconf, etc.
293-DEB_AUTO_UPDATE_ACLOCAL = 1.9
294-DEB_AUTO_UPDATE_AUTOCONF = 1.9
295-DEB_AUTO_UPDATE_AUTOMAKE = 1.9
296+DEB_AUTO_UPDATE_ACLOCAL = 1.11
297+DEB_AUTO_UPDATE_AUTOCONF = 1.11
298+DEB_AUTO_UPDATE_AUTOMAKE = 1.11
299 DEB_AUTO_UPDATE_LIBTOOL = pre
300
301 # Adds extra options when calling the configure script:
302@@ -37,6 +32,10 @@
303
304 # Add extras to the install process:
305 binary-install/login::
306+ifeq ($(DEB_HOST_ARCH_OS),hurd)
307+ # /bin/login is provided by the hurd package.
308+ rm -f debian/login/bin/login
309+endif
310 dh_installpam -p login
311 dh_installpam -p login --name=su
312 install -c -m 444 debian/login.defs debian/login/etc/login.defs
313@@ -57,11 +56,6 @@
314 dh_installpam -p passwd --name=chsh
315 dh_installpam -p passwd --name=chpasswd
316 dh_installpam -p passwd --name=newusers
317-ifeq ($(DEB_HOST_ARCH_OS),hurd)
318-# login is not built on The Hurd, but some utilities of passwd depends on
319-# /etc/login.defs.
320- install -c -m 444 debian/login.defs debian/passwd/etc/login.defs
321-endif
322 install -c -m 644 debian/useradd.default debian/passwd/etc/default/useradd
323
324 ## Ubuntu

Subscribers

People subscribed via source and target branches

to all changes: