[Pkg-shadow-devel] Ubuntu shadow 1:4.1.5.1-1ubuntu9

Ubuntu Merge-o-Matic mom at ubuntu.com
Mon Feb 17 06:09:06 UTC 2014 

This e-mail has been sent due to an upload to Ubuntu that contains Ubuntu
changes.  It contains the difference between the new version and the
previous version of the same source package in Ubuntu.
-------------- next part --------------
Format: 1.8
Date: Sun, 16 Feb 2014 19:33:48 -0500
Source: shadow
Binary: passwd login uidmap
Architecture: source
Version: 1:4.1.5.1-1ubuntu9
Distribution: trusty
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Stéphane Graber <stgraber at ubuntu.com>
Description: 
 login      - system login tools
 passwd     - change and administer password and group data
 uidmap     - programs to help use subuids
Changes: 
 shadow (1:4.1.5.1-1ubuntu9) trusty; urgency=medium
 .
   * Set our subuid and subgid range to 65536 uids by default.
   * Patch newusers to not add subuids and subgids to system users.
   * Patch useradd to not add subuids and subgids to system users and to
     regular users who don't fit between uid_min and uid_max.
     (This is needed due to adduser not passing --system...)
Checksums-Sha1: 
 2972bbe8ae7c0359c065002e4b741e6738508a7f 2352 shadow_4.1.5.1-1ubuntu9.dsc
 1d222098ec1e520325d759dc8c0cacc280ead5eb 112086 shadow_4.1.5.1-1ubuntu9.diff.gz
Checksums-Sha256: 
 89ea8174c00f96cbcfa8515e8cf85d00d45155288b889ac7e7d29ae520b596e5 2352 shadow_4.1.5.1-1ubuntu9.dsc
 8155ee3fdd11f4c5a184e5c2a82d778c66aa8b767e7ed207ca0397572eabaded 112086 shadow_4.1.5.1-1ubuntu9.diff.gz
Files: 
 1d006d39741f9f20937d744789267ad3 2352 admin required shadow_4.1.5.1-1ubuntu9.dsc
 5348ff0112fc41ef06126225e82ba912 112086 admin required shadow_4.1.5.1-1ubuntu9.diff.gz
Original-Maintainer: Shadow package maintainers <pkg-shadow-devel at lists.alioth.debian.org>
-------------- next part --------------
diff -pruN 1:4.1.5.1-1ubuntu8/debian/changelog 1:4.1.5.1-1ubuntu9/debian/changelog
--- 1:4.1.5.1-1ubuntu8/debian/changelog	2014-02-17 06:06:43.000000000 +0000
+++ 1:4.1.5.1-1ubuntu9/debian/changelog	2014-02-17 06:06:43.000000000 +0000
@@ -1,3 +1,13 @@
+shadow (1:4.1.5.1-1ubuntu9) trusty; urgency=medium
+
+  * Set our subuid and subgid range to 65536 uids by default.
+  * Patch newusers to not add subuids and subgids to system users.
+  * Patch useradd to not add subuids and subgids to system users and to
+    regular users who don't fit between uid_min and uid_max.
+    (This is needed due to adduser not passing --system...)
+
+ -- Stéphane Graber <stgraber at ubuntu.com>  Sun, 16 Feb 2014 19:33:48 -0500
+
 shadow (1:4.1.5.1-1ubuntu8) trusty; urgency=medium
 
   * Fix postinst to create subuid and subgid when missing as those won't
diff -pruN 1:4.1.5.1-1ubuntu8/debian/patches/1000_configure_userns 1:4.1.5.1-1ubuntu9/debian/patches/1000_configure_userns
--- 1:4.1.5.1-1ubuntu8/debian/patches/1000_configure_userns	1970-01-01 00:00:00.000000000 +0000
+++ 1:4.1.5.1-1ubuntu9/debian/patches/1000_configure_userns	2014-02-17 06:06:43.000000000 +0000
@@ -0,0 +1,105 @@
+=== modified file 'etc/login.defs'
+Index: shadow/etc/login.defs
+===================================================================
+--- shadow.orig/etc/login.defs	2014-02-16 19:31:38.934898148 -0500
++++ shadow/etc/login.defs	2014-02-16 19:31:38.926898149 -0500
+@@ -229,7 +229,7 @@
+ # Extra per user uids
+ SUB_UID_MIN		   100000
+ SUB_UID_MAX		600100000
+-SUB_UID_COUNT		    10000
++SUB_UID_COUNT		    65536
+ 
+ #
+ # Min/max values for automatic gid selection in groupadd
+@@ -242,7 +242,7 @@
+ # Extra per user group ids
+ SUB_GID_MIN		   100000
+ SUB_GID_MAX		600100000
+-SUB_GID_COUNT		    10000
++SUB_GID_COUNT		    65536
+ 
+ #
+ # Max number of login retries if password is bad
+Index: shadow/src/newusers.c
+===================================================================
+--- shadow.orig/src/newusers.c	2014-02-16 19:31:38.934898148 -0500
++++ shadow/src/newusers.c	2014-02-16 19:31:38.926898149 -0500
+@@ -946,8 +946,8 @@
+ #ifdef SHADOWGRP
+ 	is_shadow_grp = sgr_file_present ();
+ #endif
+-	is_sub_uid = sub_uid_file_present ();
+-	is_sub_gid = sub_gid_file_present ();
++	is_sub_uid = sub_uid_file_present () && !rflg;
++	is_sub_gid = sub_gid_file_present () && !rflg;
+ 
+ 	open_files ();
+ 
+Index: shadow/src/useradd.c
+===================================================================
+--- shadow.orig/src/useradd.c	2014-02-16 19:31:38.934898148 -0500
++++ shadow/src/useradd.c	2014-02-16 19:31:38.926898149 -0500
+@@ -1978,6 +1978,10 @@
+ #endif				/* USE_PAM */
+ #endif				/* ACCT_TOOLS_SETUID */
+ 
++	/* Needed for userns check */
++	uid_t uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
++	uid_t uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
++
+ 	/*
+ 	 * Get my name so that I can use it to report errors.
+ 	 */
+@@ -2001,18 +2005,20 @@
+ 	 */
+ 	user_groups[0] = (char *) 0;
+ 
+-
+ 	is_shadow_pwd = spw_file_present ();
+ #ifdef SHADOWGRP
+ 	is_shadow_grp = sgr_file_present ();
+ #endif
+-	is_sub_uid = sub_uid_file_present ();
+-	is_sub_gid = sub_gid_file_present ();
+-
+-	get_defaults ();
+ 
+ 	process_flags (argc, argv);
+ 
++	is_sub_uid = sub_uid_file_present () && !rflg &&
++	    (!user_id || (user_id <= uid_max && user_id >= uid_min));
++	is_sub_gid = sub_gid_file_present () && !rflg &&
++	    (!user_id || (user_id <= uid_max && user_id >= uid_min));
++
++	get_defaults ();
++
+ #ifdef ACCT_TOOLS_SETUID
+ #ifdef USE_PAM
+ 	{
+Index: shadow/libmisc/find_new_sub_uids.c
+===================================================================
+--- shadow.orig/libmisc/find_new_sub_uids.c	2014-02-16 19:31:38.934898148 -0500
++++ shadow/libmisc/find_new_sub_uids.c	2014-02-16 19:31:38.926898149 -0500
+@@ -56,7 +56,7 @@
+ 
+ 	min = getdef_ulong ("SUB_UID_MIN", 100000UL);
+ 	max = getdef_ulong ("SUB_UID_MAX", 600100000UL);
+-	count = getdef_ulong ("SUB_UID_COUNT", 10000);
++	count = getdef_ulong ("SUB_UID_COUNT", 65536);
+ 
+ 	if (min >= max || count >= max || (min + count) >= max) {
+ 		(void) fprintf (stderr,
+Index: shadow/libmisc/find_new_sub_gids.c
+===================================================================
+--- shadow.orig/libmisc/find_new_sub_gids.c	2014-02-16 19:32:21.298896382 -0500
++++ shadow/libmisc/find_new_sub_gids.c	2014-02-16 19:32:34.462895834 -0500
+@@ -56,7 +56,7 @@
+ 
+ 	min = getdef_ulong ("SUB_GID_MIN", 100000UL);
+ 	max = getdef_ulong ("SUB_GID_MAX", 600100000UL);
+-	count = getdef_ulong ("SUB_GID_COUNT", 10000);
++	count = getdef_ulong ("SUB_GID_COUNT", 65536);
+ 
+ 	if (min >= max || count >= max || (min + count) >= max) {
+ 		(void) fprintf (stderr,
diff -pruN 1:4.1.5.1-1ubuntu8/debian/patches/series 1:4.1.5.1-1ubuntu9/debian/patches/series
--- 1:4.1.5.1-1ubuntu8/debian/patches/series	2014-02-17 06:06:43.000000000 +0000
+++ 1:4.1.5.1-1ubuntu9/debian/patches/series	2014-02-17 06:06:43.000000000 +0000
@@ -34,3 +34,4 @@ userns/14_fix_getopt
 userns/manpagetypo
 userns/16_add-argument-sanity-checking.patch
 496_su_kill_process_group
+1000_configure_userns

More information about the Pkg-shadow-devel mailing list