[Pkg-shadow-commits] r512 - branches/experimental/debian/patches
Nicolas FRANCOIS
nekral-guest at costa.debian.org
Thu Sep 1 12:32:50 UTC 2005
Author: nekral-guest
Date: 2005-09-01 12:32:49 +0000 (Thu, 01 Sep 2005)
New Revision: 512
Removed:
branches/experimental/debian/patches/356_su-stop_cont-proxy
branches/experimental/debian/patches/360_newgrp_preserve_env
branches/experimental/debian/patches/363_su_ignore_SIGINT
branches/experimental/debian/patches/402_usermod.8-system-users-range-286258
branches/experimental/debian/patches/436_libmisc_chowntty_ro_root_fs
Modified:
branches/experimental/debian/patches/series
Log:
Remove some other applied upstream patches.
Deleted: branches/experimental/debian/patches/356_su-stop_cont-proxy
===================================================================
--- branches/experimental/debian/patches/356_su-stop_cont-proxy 2005-09-01 12:00:05 UTC (rev 511)
+++ branches/experimental/debian/patches/356_su-stop_cont-proxy 2005-09-01 12:32:49 UTC (rev 512)
@@ -1,95 +0,0 @@
-Goal: When su process sits between parent and child shells, it should
- propagate STOPs from child to parent and CONTs from parent to child,
- otherwise e.g. bash's "suspend" command won't work.
-
-Status wrt upstream: Fixed in upstream the same way, with slightly different
- code inside run_shell() and signal handlig, since 4.0.5
-
-Notes: Affects only operation with CLOSE_SESSIONS=yes. When it's set to "no",
- newgrp doesn't fork and create child process, it just calls exec(),
- so there won't be "newgrp" process between parent and child shells.
-
- SIGCHLD is handled implicitly by waitpid() when WUNTRACED flag is
- specified.
-
- SIGCONT is handled implicitly too, because it just resumes execution
- right after the point the code has been stopped -- in our case it's
- the next command after "raise(SIGSTOP)", which has been processed
- _synchronously_.
-
- Thus there's no need to set signal handlers for either SIGCHLD or
- SIGCONT, and code is much cleaner with this.
-
- Because waitpid() is now placed inside a loop, here are some comments
- about when the loop is broken:
- 1. (wpid != pid && errno != EINTR) -- when waitpid() returns any error
- except "interrupted by signal", i.e. wrong pid, wrong options etc.
- 2. WIFEXITED
- 3. WIFSIGNALED
- 4. WCOREDUMP
- This _differs_ with Tomasz's in EINTR handling -- Tomasz's su will
- _exit_ on EINTR. This code won't. I suspect that it's not possible
- to be inerrupted _that way_ with e.g. SIGCHLD, but who knows...
-
- Closes: 314727
- (suspend command from su shell fails to return to parent shell)
-
- Upstream blocks all signals except INTR and ALRM, our code doesn't.
- This led to problem with zsh as child shell. Zsh does not create
- separate pgrp for itself and when suspends, it sends TSTP to parent
- "su" process too. su had TSTP unblocked and default handler set
- for it. I changed su.c to block TSTP (also TTIN, TTOU, QUIT and HUP,
- -- the same as in newgrp.c)
-
- Closes: 317747
- (su -m / suspend / fg broken with zsh)
-
-Index: shadow-4.0.3/src/su.c
-===================================================================
---- shadow-4.0.3.orig/src/su.c 2005-07-11 16:12:38.000000000 +0300
-+++ shadow-4.0.3/src/su.c 2005-07-11 16:18:01.000000000 +0300
-@@ -739,9 +739,14 @@
- around to close sessions */
- if (getdef_bool("CLOSE_SESSIONS")) {
- pid_t pid;
-- int status;
-+ int status, wpid;
-
-- signal(SIGINT, SIG_IGN);
-+ signal (SIGINT, SIG_IGN);
-+ signal (SIGQUIT, SIG_IGN);
-+ signal (SIGHUP, SIG_IGN);
-+ signal (SIGTSTP, SIG_IGN);
-+ signal (SIGTTIN, SIG_IGN);
-+ signal (SIGTTOU, SIG_IGN);
- pid = fork();
-
- switch(pid) {
-@@ -753,10 +758,25 @@
- pam_end(pamh, PAM_ABORT);
- exit(1);
- case 0: /* child */
-- signal(SIGINT, SIG_DFL);
-+ signal (SIGINT, SIG_DFL);
-+ signal (SIGQUIT, SIG_DFL);
-+ signal (SIGHUP, SIG_DFL);
-+ signal (SIGTSTP, SIG_DFL);
-+ signal (SIGTTIN, SIG_DFL);
-+ signal (SIGTTOU, SIG_DFL);
- break;
- default: /* parent */
-- waitpid(pid, &status, 0);
-+ do {
-+ errno = 0;
-+ wpid = waitpid(pid, &status, WUNTRACED);
-+ if (wpid == pid && WIFSTOPPED(status)) {
-+ /* stop when child stops */
-+ raise(SIGSTOP);
-+ /* wake child when resumed */
-+ kill(pid, SIGCONT);
-+ }
-+ } while (wpid == pid && WIFSTOPPED(status)
-+ || wpid != pid && errno == EINTR);
- /* now we are done using PAM */
- pam_setcred(pamh, PAM_DELETE_CRED);
- ret = pam_close_session(pamh, 0);
Deleted: branches/experimental/debian/patches/360_newgrp_preserve_env
===================================================================
--- branches/experimental/debian/patches/360_newgrp_preserve_env 2005-09-01 12:00:05 UTC (rev 511)
+++ branches/experimental/debian/patches/360_newgrp_preserve_env 2005-09-01 12:32:49 UTC (rev 512)
@@ -1,21 +0,0 @@
-Goal: src/newgrp.c: don't call sanitize_env()
-Fixes: #22244
-
-Status wrt upstream: Upstream do not call sanitize_env.
- As newgrp code is quite different in upstream, it could be
- nice if Tomasz could check http//bugs.debian.org/22244
- (IMO, upstream is correct)
-
-Index: shadow-4.0.3/src/newgrp.c
-===================================================================
---- shadow-4.0.3.orig/src/newgrp.c 2005-05-22 23:13:45.907167000 +0200
-+++ shadow-4.0.3/src/newgrp.c 2005-05-22 23:16:36.157167000 +0200
-@@ -91,7 +91,7 @@
-
- #if ENABLE_NLS
- /* XXX - remove when gettext is safe to use in setuid programs */
-- sanitize_env ();
-+ /* sanitize_env ();*/
- #endif
-
- setlocale (LC_ALL, "");
Deleted: branches/experimental/debian/patches/363_su_ignore_SIGINT
===================================================================
--- branches/experimental/debian/patches/363_su_ignore_SIGINT 2005-09-01 12:00:05 UTC (rev 511)
+++ branches/experimental/debian/patches/363_su_ignore_SIGINT 2005-09-01 12:32:49 UTC (rev 512)
@@ -1,24 +0,0 @@
-Goal: Ignore SIGINT while authenticating. A ^C could defeat the waiting
- period and permit brute-force attacks.
- Also ignore SIGQUIT.
-
-Fixes: #52372 (SIGINT), #288827 (SIGQUIT)
-
-Status wrt upstream: Applied upstream (will be in 4.0.12)
-
-Note: Even with a waiting period, a brute-force attack can be performed
- by parralelizing attacks (or sending a KILL signal).
- The gain in security is minor.
-
-Index: shadow-4.0.3/src/su.c
-===================================================================
---- shadow-4.0.3.orig/src/su.c 2005-06-21 23:26:13.808723000 +0200
-+++ shadow-4.0.3/src/su.c 2005-06-21 23:27:58.518723000 +0200
-@@ -629,6 +631,7 @@
- #endif /* !USE_PAM */
-
- signal (SIGINT, SIG_DFL);
-+ signal (SIGQUIT, SIG_DFL);
- #ifndef USE_PAM
- cp = getdef_str ((pwent.pw_uid == 0) ? "ENV_SUPATH" : "ENV_PATH");
-
Deleted: branches/experimental/debian/patches/402_usermod.8-system-users-range-286258
===================================================================
--- branches/experimental/debian/patches/402_usermod.8-system-users-range-286258 2005-09-01 12:00:05 UTC (rev 511)
+++ branches/experimental/debian/patches/402_usermod.8-system-users-range-286258 2005-09-01 12:32:49 UTC (rev 512)
@@ -1,30 +0,0 @@
-Goal: Give the correct range for system users : 0-999 instead of 0-99
-
-Status wrt upstream: Not applied because too Debian-specific
-
-Index: shadow-4.0.10/man/usermod.8
-===================================================================
---- shadow-4.0.10.orig/man/usermod.8 2005-06-16 18:08:37.000000000 +0200
-+++ shadow-4.0.10/man/usermod.8 2005-07-07 03:18:59.000000000 +0200
-@@ -84,7 +84,7 @@
-
- .TP
- \fB\-u\fR \fIuid\fR
--The numerical value of the user's ID\&. This value must be unique, unless the \fB\-o\fR option is used\&. The value must be non\-negative\&. Values between 0 and 99 are typically reserved for system accounts\&. Any files which the user owns and which are located in the directory tree rooted at the user's home directory will have the file user ID changed automatically\&. Files outside of the user's home directory must be altered manually\&.
-+The numerical value of the user's ID\&. This value must be unique, unless the \fB\-o\fR option is used\&. The value must be non\-negative\&. Values between 0 and 999 are typically reserved for system accounts\&. Any files which the user owns and which are located in the directory tree rooted at the user's home directory will have the file user ID changed automatically\&. Files outside of the user's home directory must be altered manually\&.
-
- .TP
- \fB\-U\fR
-Index: shadow-4.0.10/man/usermod.8.xml
-===================================================================
---- shadow-4.0.10.orig/man/usermod.8.xml 2005-06-16 18:01:21.000000000 +0200
-+++ shadow-4.0.10/man/usermod.8.xml 2005-07-07 03:19:07.000000000 +0200
-@@ -204,7 +204,7 @@
- <listitem>
- <para>The numerical value of the user's ID. This value must be
- unique, unless the <option>-o</option> option is used. The value
-- must be non-negative. Values between 0 and 99 are typically
-+ must be non-negative. Values between 0 and 999 are typically
- reserved for system accounts. Any files which the user owns and
- which are located in the directory tree rooted at the user's
- home directory will have the file user ID changed automatically.
Deleted: branches/experimental/debian/patches/436_libmisc_chowntty_ro_root_fs
===================================================================
--- branches/experimental/debian/patches/436_libmisc_chowntty_ro_root_fs 2005-09-01 12:00:05 UTC (rev 511)
+++ branches/experimental/debian/patches/436_libmisc_chowntty_ro_root_fs 2005-09-01 12:32:49 UTC (rev 512)
@@ -1,19 +0,0 @@
-Goal: allow regular user to login on read-only root file system (not only for root).
-Fixes: #52069
- (in fact, the patch proposed in the bug report has evolved a lot)
-
-Status wrt upstream: applied upstream (4.0.12).
-
-Index: shadow-4.0.10/libmisc/chowntty.c
-===================================================================
---- shadow-4.0.10.orig/libmisc/chowntty.c 2005-06-14 22:27:35.000000000 +0200
-+++ shadow-4.0.10/libmisc/chowntty.c 2005-07-07 02:29:41.000000000 +0200
-@@ -110,7 +110,7 @@
- info->pw_name));
- closelog ();
-
-- if (!(err == EROFS && info->pw_uid == 0))
-+ if (err != EROFS)
- exit (1);
- }
- #ifdef __linux__
Modified: branches/experimental/debian/patches/series
===================================================================
--- branches/experimental/debian/patches/series 2005-09-01 12:00:05 UTC (rev 511)
+++ branches/experimental/debian/patches/series 2005-09-01 12:32:49 UTC (rev 512)
@@ -1,13 +1,10 @@
004_configure.in.dpatch
005_manpages.dpatch
-# 336 has been applied in 4.0.12
# 336_chfn.1
# 338_lastlog.8 # applied -- the authors should be separated. Submitted
441_manpages-shadow.5
440_manpages-login.1
345_shadowconfig.8
-# 436 has been applied in 4.0.12
-# 436_libmisc_chowntty_ro_root_fs
435_su_addenv_HOME_and_SHELL
431_su_uid_0_not_root
437_su_add_GNU_options_1
@@ -17,8 +14,6 @@
437_su_add_GNU_options_5
437_su_add_GNU_options_6
437_su_add_GNU_options_7
-# 363 has been applied in 4.0.12
-# 363_su_ignore_SIGINT
008_su_no_sanitize_env
008_su_get_PAM_username
439_su_PAM_session
@@ -29,8 +24,6 @@
008_login_log_failure_in_FTMP
429_login_FAILLOG_ENAB
432_login_cancel_timout_after_authentication
-#
-# 360_newgrp_preserve_env # not needed
438_su_GNU_origin
# 100_LINGUAS.dpatch # Is it needed?
# 100_shadow.pot # Is it needed?
@@ -85,8 +78,6 @@
# 319_time_structures.dpatch # must be checked another time
333_shadow.5-typo_312430
401_cppw_src.dpatch
-# 402 has been applied upstream (surprising because Tomasz once said he wouldn't)
-# 402_usermod.8-system-users-range-286258
403_sg_symlink_162339_163652.dpatch
404_undef_USE_PAM.dpatch
405_subsystem_remove_*_in_shell.dpatch
@@ -94,7 +85,6 @@
407_32char_grnames.dpatch
421_login.1_pishing
010_more-i18ned-messages
-# 356_su-stop_cont-proxy # no more needed?
# NOTE: you must use only one of these 423
# See bug #317264, #276419
# 423_su_pass_args_without_concatenation # upstream don't suffer from this
More information about the Pkg-shadow-commits
mailing list